SecurityConfigurationMBean
Overview | Related MBeans | Attributes | Operations
Overview
Provides domain-wide security configuration information.
Since 7.0.0.0 Fully Qualified Interface Name If you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.management.configuration.SecurityConfigurationMBean
Factory Methods No factory methods. Instances of this MBean are created automatically.
Related MBeans
This section describes attributes that provide access to other MBeans. For more information about the MBean hierarchy, refer to WebLogic Server MBean Data Model.
DefaultRealm
Returns the default security realm or null if no realm has been selected as the default security realm.
Lookup Operation lookupRealm(String name)Returns a
javax.management.ObjectName for the instance ofRealmMBean namedname.Privileges Read/Write Type RealmMBean Relationship type: Reference. Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.
Realms
Returns all the realms in the domain.
Factory Methods createRealm (java.lang.String name)
destroyRealm (RealmMBean )Factory methods do not return objects.
Lookup Operation lookupRealm(String name)Returns a
javax.management.ObjectName for the instance ofRealmMBean namedname.Privileges Read only Type RealmMBean[] Relationship type: Containment.
Attributes
This section describes the following attributes:
AnonymousAdminLookupEnabled
Returns true if anonymous JNDI access for Admin MBean home is permitted. This is overridden by the Java property
-Dweblogic.management.anonymousAdminLookupEnabled.
Privileges Read/Write Type boolean
CachingDisabled
Private property that disables caching in proxies.
Privileges Read only Type boolean Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.
CompatibilityConnectionFiltersEnabled
Whether this WebLogic Server domain enables compatiblity with previous connection filters.
This attribute changes the protocols names used when filtering needs to be performed.
Available Since Release 9.0.0.0 Privileges Read/Write Type boolean
ConnectionFilter
The name of the Java class that implements a connection filter (that is, the weblogic.security.net.ConnectionFilter interface). If no class name is specified, no connection filter will be used.
This attribute replaces the deprecated ConnectionFilter attribute on the SecurityMBean.
Available Since Release 9.0.0.0 Privileges Read/Write Type java.lang.String
ConnectionFilterRules
The rules used by any connection filter that implements the ConnectionFilterRulesListener interface. When using the default implementation and when no rules are specified, all connections are accepted. The default implementation rules are in the format: target localAddress localPort action protocols.
This attribute replaces the deprecated ConnectionFilterRules attribute on the SecurityMBean.
Available Since Release 9.0.0.0 Privileges Read/Write Type class java.lang.String[]
ConnectionLoggerEnabled
Whether this WebLogic Server domain should log accepted connections.
This attribute can be used by a system administrator to dynamically check the incoming connections in the log file to determine if filtering needs to be performed.
This attribute replaces the deprecated ConnectionLoggerEnabled attribute on the SecurityMBean.
Available Since Release 9.0.0.0 Privileges Read/Write Type boolean
ConsoleFullDelegationEnabled
Indicates whether the console is enabled for fully delegate authorization.
Available Since Release 9.2.0.0 Privileges Read/Write Type boolean
Credential
The password for the domain. In WebLogic Server version 6.0, this attribute was the password of the system user. In WebLogic Server version 7.0, this attribute can be any string. For the two domains to interoperate, the string must be the same for both domains.
When you set the value of this attribute, WebLogic Server does the following:
Encrypts the value.
Sets the value of the
UserPasswordEncrypted attribute to the encrypted value.For more information, see:
Privileges Read/Write Type java.lang.String Encrypted true
CredentialEncrypted
The encrypted password for the domain. In WebLogic Server version 6.0, this attribute was the password of the system user. In WebLogic Server version 7.0, this attribute can be any string. For the two domains to interoperate, the string must be the same for both domains.
To set this attribute, pass an unencrypted string to the MBean server's
setAttribute method. WebLogic Server encrypts the value and sets the attribute to the encrypted value.For more information, see:
Privileges Read/Write Type byte[] Encrypted true
CrossDomainSecurityEnabled
Indicates whether or not cross-domain security is enabled
Privileges Read/Write Type boolean
DowngradeUntrustedPrincipals
Whether or not to downgrade to anonymous principals that cannot be verified. This is useful for server-server communication between untrusted domains.
Available Since Release 9.0.0.0 Privileges Read/Write Type boolean
EnforceStrictURLPattern
Whether or not the system should enforce strict URL pattern or not.
Available Since Release 9.0.0.0 Privileges Read/Write Type boolean Default Value true
EnforceValidBasicAuthCredentials
Whether or not the system should allow requests with invalid Basic Authentication credentials to access unsecure resources.
Available Since Release 9.2 Privileges Read/Write Type boolean Default Value true
ExcludedDomainNames
Specifies a list of remote domains for which cross-domain check should not be applied.
Available Since Release 10.0 Privileges Read/Write Type class java.lang.String[]
MBeanInfo
Returns the MBean info for this MBean.
Deprecated.
Privileges Read only Type javax.management.MBeanInfo Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.
Name of
The user-specified name of this MBean instance.
This name is included as one of the key properties in the MBean's
javax.management.ObjectName:
Name of=user-specified-name
Privileges Read/Write Type java.lang.String
NodeManagerPassword
The password that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.
When you get the value of this attribute, WebLogic Server does the following:
Retrieves the value of the
NodeManagerPasswordEncrypted attribute.Decrypts the value and returns the unencrypted password as a String.
When you set the value of this attribute, WebLogic Server does the following:
Encrypts the value.
Sets the value of the
NodeManagerPasswordEncrypted attribute to the encrypted value.Using this attribute (
NodeManagerPassword) is a potential security risk because the String object (which contains the unencrypted password) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.Instead of using this attribute, you should use
NodeManagerPasswordEncrypted.For more information, see:
Available Since Release 9.0.0.0 Privileges Read/Write Type java.lang.String Encrypted true
NodeManagerPasswordEncrypted
The password that the Administration Server passes to a Node Manager when it instructs the Node Manager to start, stop, or restart Managed Servers.
To set this attribute, use
weblogic.management.EncryptionHelper.encrypt() to encrypt the value. Then set this attribute to the output of the encrypt() method.To compare a password that a user enters with the encrypted value of this attribute, go to the same WebLogic Server instance that you used to set and encrypt this attribute and use
weblogic.management.EncryptionHelper.encrypt() to encrypt the user-supplied password. Then compare the encrypted values.For more information, see:
Available Since Release 9.0.0.0 Privileges Read/Write Type byte[] Default Value Encrypted true
NodeManagerUsername
The user name that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.
Available Since Release 9.0.0.0 Privileges Read/Write Type java.lang.String Default Value
Notes
Optional information that you can include to describe this configuration.
WebLogic Sever saves this note in the domain's configuration file (
config.xml) as XML PCDATA. All left angle brackets (<) are converted to the XML entity<. Carriage returns/line feeds are preserved.
- Note:
If you create or edit a note from the Administration Console, the Administration Console does not preserve carriage returns/line feeds.
Privileges Read/Write Type java.lang.String
ObjectName
Returns the ObjectName under which this MBean is registered in the MBean server.
Deprecated.
Privileges Read only Type weblogic.management.WebLogicObjectName Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.
Parent
Return the immediate parent for this MBean
Privileges Read/Write Type
Registered
Returns false if the the MBean represented by this object has been unregistered.
Deprecated.
Privileges Read only Type boolean Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.
Type
Returns the type of the MBean.
Privileges Read only Type java.lang.String Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.
WebAppFilesCaseInsensitive
This property defines the case sensitive URL-pattern matching behavior for security constraints, servlets, filters, virtual-hosts, etc. in the WebApp container and external security policies. When the value is set to "os", the pattern matching will be case- sensitive on all platforms except the Windows file system. Note that on non-Windows file systems, WebLogic doesn't enforce case sensitivity and relies on the file system for optimization. Therefore, if you have a Windows Samba mount from UNIX or Mac OS that has been installed in case-insensitive mode, there is a chance of security risk. In that case, please specify case-insensitive lookups by setting this attribute to
true. Note that this property is used to preserve backward compatibility on Windows file systems. In prior releases, WebLogic was case- insensitive on Windows. Starting with 9.0 release the URL-pattern matching will be strictly enforced. During the upgrade of older domains the value of this parameter is explicitly set to "os" by the upgrade plug-in, in order to preserve backward compatibility.
Privileges Read/Write Type java.lang.String Default Value false Legal Values
- os
- true
- false
Operations
This section describes the following operations:
findDefaultRealm
Finds the default security realm. Returns null if a default security realm is not defined.
Deprecated.
9.0.0.0 Replaced by DefaultRealm
Operation Name "findDefaultRealm"Parameters nullSignature nullReturns RealmMBean
findRealm
Finds a realm by name (that is, by the display name of the realm). Returns null no realm with that name has been defined. Throws a configuration error if there are multiple matches.
Deprecated.
9.0.0.0 Replaced by lookupRealm
Operation Name "findRealm"Parameters Object [] { realmDisplayName }where:
realmDisplayName is an object of typejava.lang.String that specifies:
A String containing the realm's display name.
Signature String [] { "java.lang.String" }Returns RealmMBean
findRealms
Returns all the realms in the domain.
Deprecated.
9.0.0.0 Replaced by Realms
Operation Name "findRealms"Parameters nullSignature nullReturns class
freezeCurrentValue
If the specified attribute has not been set explicitly, and if the attribute has a default value, this operation forces the MBean to persist the default value.
Unless you use this operation, the default value is not saved and is subject to change if you update to a newer release of WebLogic Server. Invoking this operation isolates this MBean from the effects of such changes.
- Note:
To insure that you are freezing the default value, invoke the
restoreDefaultValue operation before you invoke this.This operation has no effect if you invoke it on an attribute that does not provide a default value or on an attribute for which some other value has been set.
Deprecated.
9.0.0.0
Operation Name "freezeCurrentValue"Parameters Object [] { attributeName }where:
attributeName is an object of typejava.lang.String that specifies:
attributeName
Signature String [] { "java.lang.String" }Returns voidExceptions
javax.management.AttributeNotFoundException
javax.management.MBeanException
generateCredential
Generates a new encrypted byte array which can be use when calling #setCredentialEncrypted
Operation Name "generateCredential"Parameters nullSignature nullReturns class
isSet
Returns true if the specified attribute has been set explicitly in this MBean instance.
Operation Name "isSet"Parameters Object [] { propertyName }where:
propertyName is an object of typejava.lang.String that specifies:
property to check
Signature String [] { "java.lang.String" }Returns boolean
restoreDefaultValue
If the specified attribute has a default value, this operation removes any value that has been set explicitly and causes the attribute to use the default value.
Default values are subject to change if you update to a newer release of WebLogic Server. To prevent the value from changing if you update to a newer release, invoke the
freezeCurrentValue operation.This operation has no effect if you invoke it on an attribute that does not provide a default value or on an attribute that is already using the default.
Deprecated.
9.0.0.0
Operation Name "restoreDefaultValue"Parameters Object [] { attributeName }where:
attributeName is an object of typejava.lang.String that specifies:
attributeName
Signature String [] { "java.lang.String" }Returns voidExceptions
javax.management.AttributeNotFoundException
unSet
Restore the given property to its default value.
Operation Name "unSet"Parameters Object [] { propertyName }where:
propertyName is an object of typejava.lang.String that specifies:
property to restore
Signature String [] { "java.lang.String" }Returns void