1. RESTful Domain Configuration Management Interface for Oracle WebLogic Server
  2. Tasks
  3. Security Configuration

View This Security Configuration

get

/management/weblogic/{version}/domainConfig/securityConfiguration

View this security configuration.

Request

Path Parameters
Query Parameters
  • The 'excludeFields' query parameter is used to restrict which fields are returned in the response. It is a comma separated list of field names. If present, only fields whose name is not on the list will be returned. If not present, all fields are returned (unless the 'fields' query parameter is specified). Note: 'fields' must not be specified if 'excludeFields' is specified.
  • The 'excludeLinks' query parameter is used to restrict which links are returned in the response. It is a comma separated list of link relationship names. If present, only links whose relationship name is not on the list will be returned. If not present, all links are returned (unless the 'links' query parameter is specified). Note: 'links' must not be specified if 'excludeLinks' is specified.
  • The 'fields' query parameter is used to restrict which fields are returned in the response. It is a comma separated list of field names. If present, only fields with matching names are returned. If not present, all fields are returned (unless the 'excludeFields' query parameter is specified). Note: 'excludeFields' must not be specified if 'fields' is specified.
  • The 'links' query parameter is used to restrict which links are returned in the response. It is a comma separated list of link relationship names. If present, only links with matching relationship names are returned. If not present, all links are returned (unless the 'excludeLinks' query parameter is specified). Note: 'excludeLinks' must not be specified if 'links' is specified.
Security
Back to Top

Response

Supported Media Types

200 Response

Returns this security configuration.

This method can return the following links:

  • rel=JASPIC uri=/management/weblogic/{version}/domainConfig/securityConfiguration/JASPIC

    This resource's JASPIC singleton resource.

  • rel=certRevoc uri=/management/weblogic/{version}/domainConfig/securityConfiguration/certRevoc

    This resource's certRevoc singleton resource.

  • rel=defaultRealm

    This resource's defaultRealm reference to a realm resource.

  • rel=realms uri=/management/weblogic/{version}/domainConfig/securityConfiguration/realms

    This resource's realms collection resource.

  • rel=secureMode uri=/management/weblogic/{version}/domainConfig/securityConfiguration/secureMode

    This resource's secureMode singleton resource.

Body ()
Root Schema : Security Configuration
Type: object
Show Source

  • Domain's administrative identity domain.

  • Default Value: 60000

    The maximum length of time, in milliseconds, the boot process will wait before retrying the authentication after a login server not available exception. The boot process will use a backoff algorithm starting at 100 milliseconds increasing on each failure until the delay time reaches the MaxRetryDelay value.

  • Minimum Value: 0

    The maximum number of times the boot process will try to authenticate the boot user with the authentication providers. The authentication will be retried only if a failure occurs that indicates the login server is not available.

  • Minimum Value: 1
    Default Value: 30

    Returns the number of days before certificate expiration that warnings should be issued.

  • Minimum Value: 1
    Default Value: 1

    Returns the interval between checks for certificate expiration.

  • Default Value: true

    Returns true if identity certificates should be checked periodically for expiration.

  • Default Value: false

    Returns true if trust certificates should be checked periodically for expiration.

  • Default Value: false

    Returns true if allow access to credential in clear text. This can be overridden by the system property -Dweblogic.management.clearTextCredentialAccessEnabled

  • Default Value: false

    Specifies whether this WebLogic Server domain enables compatiblity with previous connection filters.

    This attribute changes the protocols names used when filtering needs to be performed.

  • Default Value: oracle.doceng.json.BetterJsonNull@2259d54f

    The name of the Java class that implements a connection filter (that is, the weblogic.security.net.ConnectionFilter interface). If no class name is specified, no connection filter will be used.

    This attribute replaces the deprecated ConnectionFilter attribute on the SecurityMBean.

  • Default Value: false

    Specifies whether the WebLogic Server should ignore filter rule errors during server startup.

  • Items
    Title: Items

    The rules used by any connection filter that implements the ConnectionFilterRulesListener interface. When using the default implementation and when no rules are specified, all connections are accepted. The default implementation rules are in the format: target localAddress localPort action protocols

    This attribute replaces the deprecated ConnectionFilterRules attribute on the SecurityMBean.

  • Default Value: false

    Specifies whether this WebLogic Server domain should log accepted connections.

    This attribute can be used by a system administrator to dynamically check the incoming connections in the log file to determine if filtering needs to be performed.

    This attribute replaces the deprecated ConnectionLoggerEnabled attribute on the SecurityMBean.

  • The password for the domain. In WebLogic Server version 6.0, this attribute was the password of the system user. In WebLogic Server version 7.0, this attribute can be any string. For the two domains to interoperate, the string must be the same for both domains.

    When you set the value of this attribute, WebLogic Server does the following:

    1. Encrypts the value.

    2. Sets the value of the UserPasswordEncrypted attribute to the encrypted value.

  • Default Value: false

    Returns whether the Cross Domain Security subject cache is enabled.

  • Minimum Value: 0
    Default Value: 300

    Returns the time-to-live (TTL), in seconds, of the Cross Domain Security subject cache. This value is used only if CrossDomainSecurityCacheEnabled is set to true

  • Default Value: false

    Indicates whether or not cross-domain security is enabled.

  • Realm Reference
    Title: Realm Reference
    Contains the realm reference.

    Returns the default security realm or null if no realm has been selected as the default security realm.

    Constraints

    • restart required
  • Default Value: false

    Whether or not to downgrade to anonymous principals that cannot be verified. This is useful for server-server communication between untrusted domains.

  • Read Only: true
    Default Value: false

    Return whether the MBean was created dynamically or is persisted to config.xml

  • Default Value: true

    Whether or not the system should enforce strict URL pattern or not.

  • Default Value: true

    Whether or not the system should allow requests with invalid Basic Authentication credentials to access unsecure resources.

  • Items
    Title: Items

    Specifies a list of remote domains for which cross-domain check should not be applied.

  • Read Only: true

    Return the unique id of this MBean instance

  • Default Value: false

    Returns true if all role mapping, authorization, credential mapping, and audit providers configured in the domain must support the IdentityDomainAwareProviderMBean interface's administrative identity domain.

  • Read Only: true

    The user-specified name of this MBean instance.

    This name is included as one of the key properties in the MBean's javax.management.ObjectName

    Name=user-specified-name

    Constraints

    • legal null

  • The password that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.

    When you get the value of this attribute, WebLogic Server does the following:

    1. Retrieves the value of the NodeManagerPasswordEncrypted attribute.

    2. Decrypts the value and returns the unencrypted password as a String.

    When you set the value of this attribute, WebLogic Server does the following:

    1. Encrypts the value.

    2. Sets the value of the NodeManagerPasswordEncrypted attribute to the encrypted value.

    Using this attribute (NodeManagerPassword) is a potential security risk because the String object (which contains the unencrypted password) remains in the JVM's memory until garbage collection removes it and the memory is reallocated. Depending on how memory is allocated in the JVM, a significant amount of time could pass before this unencrypted data is removed from memory.

    Instead of using this attribute, you should use NodeManagerPasswordEncrypted

  • Default Value:

    The user name that the Administration Server uses to communicate with Node Manager when starting, stopping, or restarting Managed Servers.

  • Minimum Value: 15
    Default Value: 120

    Returns the value of the nonce timeout in seconds.

  • Optional information that you can include to describe this configuration.

    WebLogic Server saves this note in the domain's configuration file (config.xml) as XML PCDATA. All left angle brackets (<) are converted to the xml entity <. Carriage returns/line feeds are preserved.

    Note: If you create or edit a note from the Administration Console, the Administration Console does not preserve carriage returns/line feeds.

  • Default Value: *

    Returns a comma-separated list of hosts from which WebLogic Server may retrieve an object specified by a URL. This can prevent SSRF attacks that send a URL or IOR and expect WebLogic Server to try to resolve it. Defaults to '*", meaning no restrictions.

  • Default Value: false

    Specifies whether the WebLogic Server principal name is compared using a case insensitive match when the equals method for the principal object is performed.

    If this attribute is enabled, matches are case insensitive.

    Note: Note that principal comparison is not used by the WebLogic Security Service to determine access to protected resources. This attribute is intended for use with JAAS authorization, which may require case insensitive principal matching behavior.

  • Default Value: false

    Specifies whether the GUID and DN data in a WebLogic Server principal object are used when the equals method of that object is invoked.

    If enabled, the GUID and DN data (if included among the attributes in a WebLogic Server principal object) and the principal name are compared when this method is invoked.

  • Default Value: true

    Returns true if remote anonymous JNDI access is permitted for list and modify operations.

    Constraints

    • secure default : false

  • Returns true if remote anonymous RMI access via IIOP is permitted. If remote anonymous RMI access is not allowed, then client requests that do not specify a username / password may fail.

    Constraints

    • secure default : false

  • Returns true if remote anonymous RMI access via T3 is permitted. If remote anonymous RMI access is not allowed, then client requests that do not specify a username / password may fail.

    Constraints

    • secure default : false
  • Items
    Title: Items

    Return all tags on this Configuration MBean

  • Default Value: false

    Specifies whether the WebLogic Server domain should require 2 way TLS for admin clients.

  • Read Only: true

    Returns the type of the MBean.

    Constraints

    • unharvestable
  • Default Value: false

    Determines whether the Demo Identity and Demo Trust key stores should be obtained from the Oracle Key Store Service (KSS).

    If enabled, Weblogic Server will request the Demo Identity and Domain Trust key stores from KSS. Subsequent to installation however, the KSS Demo key stores may have been manipulated such that appropriate Demo certificates or keys are not available.

    Please verify the following KSS Demo Identity keystore has an X.509 private key and corresponding public identity certificate signed by the Demo Certificate Authority (CA):

    KSS Stripe

    system

    KSS Key Store

    demoidentity

    KSS Private Key Alias

    DemoIdentity

    Please verify the following KSS Domain Trust keystore has a trusted Demo Certificate Authority X.509 certificate:

    KSS Stripe

    system

    KSS Key Store

    trust

  • Default Value: false
    Allowed Values: [ "os", "true", "false" ]

    This property defines the case sensitive URL-pattern matching behavior for security constraints, servlets, filters, virtual-hosts, and so on, in the Web application container and external security policies. Note: This is a Windows-only flag that is provided for backward compatibility when upgrading from pre-9.0 versions of WebLogic Server. On Unix platforms, setting this value to true causes undesired behavior and is not supported. When the value is set to os, the pattern matching will be case- sensitive on all platforms except the Windows file system. Note that on non-Windows file systems, WebLogic Server does not enforce case sensitivity and relies on the file system for optimization. As a result, if you have a Windows Samba mount from Unix or Mac OS that has been installed in case-insensitive mode, there is a chance of a security risk. If so, specify case-insensitive lookups by setting this attribute to true. Note also that this property is used to preserve backward compatibility on Windows file systems only. In prior releases, WebLogic Server was case- insensitive on Windows. As of WebLogic Server 9.0, URL-pattern matching is strictly enforced. During the upgrade of older domains, the value of this parameter is explicitly set to os by the upgrade plug-in to preserve backward compatibility.

Nested Schema : Items
Type: array
Title: Items

The rules used by any connection filter that implements the ConnectionFilterRulesListener interface. When using the default implementation and when no rules are specified, all connections are accepted. The default implementation rules are in the format: target localAddress localPort action protocols

This attribute replaces the deprecated ConnectionFilterRules attribute on the SecurityMBean.

Default Value: oracle.doceng.json.BetterJsonNull@32121140
Show Source
Nested Schema : Realm Reference
Type: array
Title: Realm Reference
Contains the realm reference.

Returns the default security realm or null if no realm has been selected as the default security realm.

Constraints

  • restart required
Show Source
Nested Schema : Items
Type: array
Title: Items

Specifies a list of remote domains for which cross-domain check should not be applied.

Show Source
Nested Schema : Items
Type: array
Title: Items

Return all tags on this Configuration MBean

Show Source
Back to Top