The MBean that represents configuration attributes for the security realm.
A security realm contains a set of security configuration settings, including the list of security providers to use (for example, for authentication and authorization).
Code using security can either use the default security realm for the domain or refer to a particular security realm by name (by using the JMX display name of the security realm).
One security realm in the WebLogic domain must have the 
DefaultRealm attribute set to true. The security realm 
with the DefaultRealm attribute set to true is used as 
the default security realm for the WebLogic domain. Note that other 
available security realms must have the DefaultRealm 
attribute set to false.
When WebLogic Server boots, it locates and uses the default security realm. The security realm is considered active since it is used when WebLogic Server runs. Any security realm that is not used when WebLogic Server runs is considered inactive. All active security realms must be configured before WebLogic Server is boots.
Since security providers are scoped by realm, the 
Realm attribute on a security provider must be set to 
the realm that uses the provider.
| Fully Qualified Interface Name | If you use the getMBeanInfooperation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:weblogic.management.security.RealmMBean | 
| Factory Methods | No factory methods. Instances of this MBean are created automatically. | 
This section describes attributes that provide access to other MBeans. For more information about the MBean hierarchy, refer to WebLogic Server MBean Data Model.
Returns the Adjudication provider for this security realm.
| Factory Methods | createAdjudicator
											(java.lang.String type)
										
 Factory methods do not return objects. | 
| Privileges | Read only | 
| Type | AdjudicatorMBean | 
| Relationship type: | Containment. | 
Returns the Auditing providers for this security realm (in invocation order).
| Factory Methods | createAuditor
											(java.lang.String name)
										
 Factory methods do not return objects. | 
| Lookup Operation | lookupAuditor(String name) Returns a  | 
| Privileges | Read/Write | 
| Type | AuditorMBean[] | 
| Relationship type: | Containment. | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the Authentication providers for this security realm (in invocation order).
| Factory Methods | createAuthenticationProvider
											(java.lang.String type)
										
 Factory methods do not return objects. | 
| Lookup Operation | lookupAuthenticationProvider(String name) Returns a  | 
| Privileges | Read/Write | 
| Type | AuthenticationProviderMBean[] | 
| Relationship type: | Containment. | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the Authorization providers for this security realm (in invocation order).
| Factory Methods | createAuthorizer
											(java.lang.String name)
										
 Factory methods do not return objects. | 
| Lookup Operation | lookupAuthorizer(String name) Returns a  | 
| Privileges | Read/Write | 
| Type | AuthorizerMBean[] | 
| Relationship type: | Containment. | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the CertPath Builder provider in this security realm 
that will be used by the security system to build certification 
paths. Returns null if none has been selected. The provider will be 
one of this security realm's CertPathProviders.
| Privileges | Read/Write | 
| Type | CertPathBuilderMBean | 
| Relationship type: | Reference. | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the Certification Path providers for this security realm (in invocation order).
| Factory Methods | createCertPathProvider
											(java.lang.String name)
										
 Factory methods do not return objects. | 
| Lookup Operation | lookupCertPathProvider(String name) Returns a  | 
| Privileges | Read/Write | 
| Type | CertPathProviderMBean[] | 
| Relationship type: | Containment. | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the Credential Mapping providers for this security realm (in invocation order).
| Factory Methods | createCredentialMapper
											(java.lang.String name)
										
 Factory methods do not return objects. | 
| Lookup Operation | lookupCredentialMapper(String name) Returns a  | 
| Privileges | Read/Write | 
| Type | CredentialMapperMBean[] | 
| Relationship type: | Containment. | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the KeyStore providers for this security realm (in invocation order).
 Deprecated.
| Factory Methods | createKeyStore
											(java.lang.String type)
										
 Factory methods do not return objects. | 
| Lookup Operation | lookupKeyStore(String name) Returns a  | 
| Privileges | Read/Write | 
| Type | KeyStoreMBean[] | 
| Relationship type: | Containment. | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the Password Validator providers for this security realm (in invocation order).
| Factory Methods | createPasswordValidator
											(java.lang.Class subClass)
										
 Factory methods do not return objects. | 
| Lookup Operation | lookupPasswordValidator(String name) Returns a  | 
| Privileges | Read only | 
| Type | PasswordValidatorMBean[] | 
| Relationship type: | Containment. | 
Returns RDBMSSecurityStoreMBean for this realm, which is a singleton MBean describing RDBMS security store configuration.
For more information, see:
| Factory Methods | createRDBMSSecurityStore
											(java.lang.String name)
										
 Factory methods do not return objects. | 
| Privileges | Read only | 
| Type | RDBMSSecurityStoreMBean | 
| Relationship type: | Containment. | 
Returns the Role Mapping providers for this security realm (in invocation order).
| Factory Methods | createRoleMapper
											(java.lang.String name)
										
 Factory methods do not return objects. | 
| Lookup Operation | lookupRoleMapper(String name) Returns a  | 
| Privileges | Read/Write | 
| Type | RoleMapperMBean[] | 
| Relationship type: | Containment. | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the User Lockout Manager for this security realm.
| Factory Methods | No explicit creator method. The child shares the lifecycle of its parent. | 
| Privileges | Read only | 
| Type | UserLockoutManagerMBean | 
| Relationship type: | Containment. | 
This section describes the following attributes:
Returns the types of Adjudication providers that may be created 
in this security realm, for example, 
weblogic.security.providers.authorization.DefaultAdjudicator. 
Use this method to find the available types to pass to 
createAdjudicator
| Privileges | Read only | 
| Type | class java.lang.String[] | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the types of Auditing providers that may be created in 
this security realm, for example, 
weblogic.security.providers.audit.DefaultAuditor. Use 
this method to find the available types to pass to 
createAuditor
| Privileges | Read only | 
| Type | class java.lang.String[] | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the types of Authentication providers that may be 
created in this security realm, for example, 
weblogic.security.providers.authentication.DefaultAuthenticator. 
Use this method to find the available types to pass to 
createAuthenticationProvider
| Privileges | Read only | 
| Type | class java.lang.String[] | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns a comma separated string of authentication methods that should be used when the Web application specifies "REALM" as its auth-method. The authentication methods will be applied in order in which they appear in the list.
| Available Since | Release 9.2.0.0 | 
| Privileges | Read/Write | 
| Type | java.lang.String | 
Returns the types of Authorization providers that may be created 
in this security realm, for example, 
weblogic.security.providers.authorization.DefaultAuthorizer. 
Use this method to find the available types to pass to 
createAuthorizer
| Privileges | Read only | 
| Type | class java.lang.String[] | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the types of Certification Path providers that may be 
created in this security realm, for example, 
weblogic.security.providers.pk.WebLogicCertPathProvider. 
Use this method to find the available types to pass to 
createCertPathProvider
| Privileges | Read only | 
| Type | class java.lang.String[] | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Determines how the role mappings in the Enterprise Application, Web application, and EJB containers interact. This setting is valid only for Web applications and EJBs that use the Advanced security model and that initialize roles from deployment descriptors.
When enabled:
Application role mappings are combined with EJB and Web 
application mappings so that all principal mappings are included. 
The Security Service combines the role mappings with a logical 
OR operator.
If one or more policies in the web.xml file 
specifies a role for which no mapping exists in the 
weblogic.xml file, the Web application container 
creates an empty map for the undefined role (that is, the role is 
explicitly defined as containing no principal). Therefore, no one 
can access URL patterns that are secured by such policies.
If one or more policies in the ejb-jar.xml file 
specifies a role for which no mapping exists in the 
weblogic-ejb-jar.xml file, the EJB container creates 
an empty map for the undefined role (that is, the role is 
explicitly defined as containing no principal). Therefore, no one 
can access methods that are secured by such policies.
When disabled:
Role mappings for each container are exclusive to other 
containers unless defined by the 
<externally-defined> descriptor element.
If one or more policies in the web.xml file 
specifies a role for which no role mapping exists in the 
weblogic.xml file, the Web application container 
assumes that the undefined role is the name of a principal. It 
therefore maps the assumed principal to the role name. For example, 
if the web.xml file contains the following stanza in 
one of its policies:
 
<auth-constraint> 
<role-name>PrivilegedUser</role-name> 
</auth-constraint>
 
but the weblogic.xml file has no role mapping for 
PrivilegedUser, then the Web application container 
creates an in-memory mapping that is equivalent to the following 
stanza:
 
<security-role-assignment> 
<role-name>PrivilegedUser</role-name> 
<principal-name>PrivilegedUser</principal-name> 
</security-role-assignment>
Role mappings for EJB methods must be defined in the 
weblogic-ejb-jar.xml file. Role mappings defined in 
the other containers are not used unless defined by the 
<externally-defined> descriptor element.
For all applications previously deployed in version 8.1 and upgraded to version 9.x, the combining role mapping is disabled by default.
| Available Since | Release 9.0.0.0 | 
| Privileges | Read/Write | 
| Type | boolean | 
| Default Value | true | 
Returns the types of Credential Mapping providers that may be 
created in this security realm, for example, 
weblogic.security.providers.credentials.DefaultCredentialMapper. 
Use this method to find the available types to pass to 
createCredentialMapper
| Privileges | Read only | 
| Type | class java.lang.String[] | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns whether this security realm is the Default realm for the 
WebLogic domain. Deprecated in this release of WebLogic Server and 
replaced by 
weblogic.management.configuration.SecurityConfigurationMBean.getDefaultRealm.
 Deprecated.
| Privileges | Read/Write | 
| Type | boolean | 
Configures the WebLogic Server MBean servers to use the security realm's Authorization providers to determine whether a JMX client has permission to access an MBean attribute or invoke an MBean operation.
You can continue to use WebLogic Server's default security settings or modify the defaults to suit your needs.
If you do not delegate authorization to the realm's Authorization providers, the WebLogic MBean servers allow access only to the four default security roles (Admin, Deployer, Operator, and Monitor) and only as specified by WebLogic Server's default security settings.
For more information, see:
| Available Since | Release 9.1.0.0 | 
| Privileges | Read/Write | 
| Type | boolean | 
Returns whether credential mapping deployment calls on the security system are ignored or passed to the configured Credential Mapping providers.
 Deprecated.
| Privileges | Read/Write | 
| Type | boolean | 
Returns whether policy deployment calls on the security system are ignored or passed to the configured Authorization providers.
 Deprecated.
| Privileges | Read/Write | 
| Type | boolean | 
Returns whether role deployment calls on the security system are ignored or passed to the configured Role Mapping providers.
 Deprecated.
| Privileges | Read/Write | 
| Type | boolean | 
Returns whether the WebLogic Principal Validator caching is enabled.
The Principal Validator is used by BEA supplied authentication providers and may be used by custom authentication providers. If enabled, the default principal validator will cache WebLogic Principal signatures.
| Privileges | Read/Write | 
| Type | boolean | 
| Default Value | true | 
Returns whether the Web and EJB containers should call the security framework on every access.
If false the containers are free to only call the security framework when security is set in the deployment descriptors.
 Deprecated.
| Privileges | Read/Write | 
| Type | boolean | 
Returns the types of KeyStore providers that may be created in 
this security realm, for example, 
weblogic.security.providers.pk.DefaultKeyStore. Use 
this method to find the available types to pass to 
createKeyStore
 Deprecated.
| Privileges | Read only | 
| Type | class java.lang.String[] | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the maximum size of the LRU cache for holding WebLogic 
Principal signatures. This value is only used if 
EnableWebLogicPrincipalValidatorCache is set to 
true
| Privileges | Read/Write | 
| Type | java.lang.Integer | 
| Default Value | 500 | 
The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.
| Privileges | Read only | 
| Type | java.lang.String | 
| Default Value | Realm | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the types of Password Validator providers that may be 
created in this security realm, for example, 
com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator. 
Use this method to find the available types to pass to 
createPasswordValidator
| Available Since | Release 10.0 | 
| Privileges | Read only | 
| Type | class java.lang.String[] | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Returns the types of Role Mapping providers that may be created 
in this security realm, for example, 
weblogic.security.providers.authorization.DefaultRoleMapper. 
Use this method to find the available types to pass to 
createRoleMapper
| Privileges | Read only | 
| Type | class java.lang.String[] | 
| Redeploy or Restart required | Changes take effect after you redeploy the module or restart the server. | 
Specifies the default security model for Web applications or EJBs that are secured by this security realm. You can override this default during deployment.
If you deploy a module by modifying the domain's 
config.xml file and restarting the server, and if you 
do not specify a security model value for the module in 
config.xml, the module is secured with the default 
value of the AppDeploymentMBean SecurityDDModelattribute (see AppDeploymentMBean SecurityDDModel ).
Choose one of these security models:
Deployment Descriptors Only (DDOnly)  
 
For EJBs and URL patterns, this model uses only the roles and policies in the J2EE deployment descriptors (DD); the Administration Console allows only read access for this data. With this model, EJBs and URL patterns are not protected by roles and policies of a broader scope (such as a policy scoped to an entire Web application). If an EJB or URL pattern is not protected by a role or policy in the DD, then it is unprotected: anyone can access it.
For application-scoped roles in an EAR, this model uses only the roles defined in the WebLogic Server DD; the Administration Console allows only read access for this data. If the WebLogic Server DD does not define roles, then there will be no such scoped roles defined for this EAR.
For all other types of resources, you can use the Administration Console to create roles or policies. For example, with this model, you can use the Administration Console to create application-scoped policies for an EAR.
Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.
Customize Roles Only (CustomRoles)  
 
For EJBs and URL patterns, this model uses only the policies in the J2EE deployment descriptors (DD). EJBs and URL patterns are not protected by policies of a broader scope (such as a policy scoped to an entire Web application). This model ignores any roles defined in the DDs; an administrator completes the role mappings using the Administration Console.
For all other types of resources, you can use the Administration Console to create roles or policies. For example, with this model, you can use the Administration Console to create application-scoped policies or roles for an EAR.
Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.
Customize Roles and Policies 
(CustomRolesAndPolicies)  
 
Ignores any roles and policies defined in deployment descriptors. An administrator uses the Administration Console to secure the resources.
Performs security checks for all URLs or EJB methods in the module.
Applies for the life of the deployment. If you want to use a different model, you must delete the deployment and reinstall it.
Advanced (Advanced)  
 
You configure how this model behaves by setting values for the following options:
When Deploying Web Applications or EJBs  
 
When using the WebLogic Scripting Tool or JMX APIs, there is no 
single MBean attribute for this setting. Instead, you must set the 
values for the DeployPolicyIgnored and 
DeployRoleIgnored attributes of 
RealmMBean.
Check Roles and Policies 
(FullyDelegateAuthorization)
Combined Role Mapping Enabled 
(CombinedRoleMappingEnabled)
You can change the configuration of this model. Any changes immediately apply to all modules that use the Advanced model. For example, you can specify that all modules using this model will copy roles and policies from their deployment descriptors into the appropriate provider databases upon deployment. After you deploy all of your modules, you can change this behavior to ignore roles and policies in deployment descriptors so that when you redeploy modules they will not re-copy roles and policies.
Prior to WebLogic Server version 9.0 the Advanced model was the only security model available. Use this model if you want to continue to secure EJBs and Web Applications as in releases prior to 9.0.
For more information, see:
| Privileges | Read/Write | 
| Type | java.lang.String | 
| Default Value | DDOnly | 
| Legal Values | 
 | 
This attribute is not used in the current BEA release.
| Privileges | Read/Write | 
| Type | boolean | 
This section describes the following operations:
Returns true if the specified attribute has been set explicitly in this MBean instance.
| Operation Name | "isSet" | 
| Parameters | Object [] {  propertyName } where: 
 | 
| Signature | String [] {  
									"java.lang.String" } | 
| Returns | 
    boolean
     | 
| Exceptions | 
 | 
Restore the given property to its default value.
| Operation Name | "unSet" | 
| Parameters | Object [] {  propertyName } where: 
 | 
| Signature | String [] {  
									"java.lang.String" } | 
| Returns | 
    void
     | 
| Exceptions | 
 | 
Checks that the realm is valid.
 Deprecated.
| Operation Name | "validate" | 
| Parameters | null | 
| Signature | null | 
| Returns | 
    void
     | 
| Exceptions | 
 | 
| Operation Name | "wls_getDisplayName" | 
| Parameters | null | 
| Signature | null | 
| Returns | String
     |