WindowsNTAuthenticatorMBean


Overview  |   Related MBeans  |   Attributes  |   Operations

Overview

This MBean contains configuration information for the Windows NT Authetication Provider

   
Fully Qualified Interface NameIf you use the getMBeanInfo operation in MBeanTypeServiceMBean, supply the following value as this MBean's fully qualified interface name:
weblogic.security.providers.authentication.WindowsNTAuthenticatorMBean
Factory Methods No factory methods. Instances of this MBean are created automatically.


Related MBeans

This section describes attributes that provide access to other MBeans.


    Realm

    Returns the realm that contains this security provider. Returns null if this security provider is not contained by a realm.

           
    Privileges Read only
    TypeRealmMBean
    Relationship type: Reference.


    Attributes

    This section describes the following attributes:


    BadDomainControllerRetry

    Determines how the provider reacts when a bad domain controller name is found.

    Possible settings:

           
    Privileges Read/Write
    Typejava.lang.String
    Default ValueDelay
    Legal Values
    • Delay
    • Never
    • Always

    BadDomainControllerRetryInterval

    This time to wait when a bad domain controller name is found before trying to use the domain controller again. Use if the BadDomainControllerRetry is set to Delay. This setting helps reduce performance hits when a domain controller in the list of controllers is temporarily unavailable.

           
    Privileges Read/Write
    Typejava.lang.Integer
    Default Value60000

    ControlFlag

    Returns how the login sequence uses the Authentication provider.

    A REQUIRED value specifies this LoginModule must succeed. Even if it fails, authentication proceeds down the list of LoginModules for the configured Authentication providers. This setting is the default.

    A REQUISITE value specifies this LoginModule must succeed. If other Authentication providers are configured and this LoginModule succeeds, authentication proceeds down the list of LoginModules. Otherwise, control is return to the application.

    A SUFFICIENT value specifies this LoginModule need not succeed. If it does succeed, return control to the application. If it fails and other Authentication providers are configured, authentication proceeds down the LoginModule list.

    An OPTIONAL value specifies this LoginModule need not succeed. Whether it succeeds or fails, authentication proceeds down the LoginModule list.

           
    Privileges Read/Write
    Typejava.lang.String
    Default ValueREQUIRED
    Legal Values
    • REQUIRED
    • REQUISITE
    • SUFFICIENT
    • OPTIONAL

    Description

    The Windows NT Authentication provider enables Windows NT users and groups to be used for authentication purposes.

           
    Privileges Read only
    Typejava.lang.String
    Default ValueProvider that performs Windows NT Authentication
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    DomainControllerList

    A list of the domain controllers used for locating unscoped usernames during authentication, listing users/groups, and handling unscoped names. Use if the Domain Controllers is set to List.

    The specified list should contain the domain controller names in trusted domains. Placeholders are supported and will expand if specified. Supported placeholders are [Local],[LocalAndDomain], [Domain].

           
    Privileges Read/Write
    Typeclass java.lang.String[]
    Default Value [LocalAndDomain]

    DomainControllers

    The domain controllers used for locating unscoped usernames during authentication, listing users/groups, and handling unscoped names.

    Possible settings:

           
    Privileges Read/Write
    Typejava.lang.String
    Default ValueLocalAndDomain
    Legal Values
    • Local
    • LocalAndDomain
    • Domain
    • List

    LogonType

    Specifies whether the logon process should use Network or Interactive logon.

           
    Privileges Read/Write
    Typejava.lang.String
    Default ValueInteractive
    Legal Values
    • Interactive
    • Network

    MapNTDomainName

    Specifies whether the Windows NT domain information should be placed into principal names during authentication.

    Possible settings:

           
    Privileges Read/Write
    Typejava.lang.String
    Default ValueNever
    Legal Values
    • OldUPN
    • UPN
    • Never

    MapUPNNames

    Indicates how the Windows NT Authentication provider should map UPN-style names for authentication (meaning will username@domain be used).

    Possible settings:

    This setting should only be used when there are no usernames with @. domain\username is not ambiguous and is always allowed.

           
    Privileges Read/Write
    Typejava.lang.String
    Default ValueFirst
    Legal Values
    • First
    • Last
    • Always
    • Never

    Name

           
    Privileges Read only
    Typejava.lang.String
    Default ValueWindowsNTAuthenticator
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    ProviderClassName

    The name of the Java class used to load the Windows NT Authentication provider.

           
    Privileges Read only
    Typejava.lang.String
    Default Valueweblogic.security.providers.authentication.NTAuthenticatorProviderImpl
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.

    Version

    The version number of the Windows NT Authentication provider.

           
    Privileges Read only
    Typejava.lang.String
    Default Value1.0
    Redeploy or Restart required Changes take effect after you redeploy the module or restart the server.


    Operations

    This section describes the following operations:


    advance

    Advances the list to the next element in the list.

       
    Operation Name"advance"
    ParametersObject [] {  cursor }

    where:

    • cursor is an object of type java.lang.String that specifies:

      - The cursor returned from a previous list method.

    SignatureString [] { "java.lang.String" }
    Returns void
    Exceptions
    • weblogic.management.utils.InvalidCursorException

    close

    Indicates that the caller is finished using the list, and that the resources held on behalf of the list may be released. If the caller traverses through all the elements in the list, the caller need not call this method. In other words, it is used to let the caller close the list without reading each element that is returned.

       
    Operation Name"close"
    ParametersObject [] {  cursor }

    where:

    • cursor is an object of type java.lang.String that specifies:

      - The cursor returned from a previous list method.

    SignatureString [] { "java.lang.String" }
    Returns void
    Exceptions
    • weblogic.management.utils.InvalidCursorException

    getCurrentName

    The name of the current item in the list. Returns null if there is no current item.

       
    Operation Name"getCurrentName"
    ParametersObject [] {  cursor }

    where:

    • cursor is an object of type java.lang.String that specifies:

      - The cursor returned from a previous list method.

    SignatureString [] { "java.lang.String" }
    ReturnsString
    Exceptions
    • weblogic.management.utils.InvalidCursorException

    getGroupDescription

    Gets a group's description.

       
    Operation Name"getGroupDescription"
    ParametersObject [] {  groupName }

    where:

    • groupName is an object of type java.lang.String that specifies:

      - The name of an existing group.

    SignatureString [] { "java.lang.String" }
    ReturnsString
    Exceptions
    • weblogic.management.utils.NotFoundException
    • weblogic.management.utils.InvalidParameterException

    getUserDescription

    Gets a user's description.

       
    Operation Name"getUserDescription"
    ParametersObject [] {  userName }

    where:

    • userName is an object of type java.lang.String that specifies:

      - The name of an existing user.

    SignatureString [] { "java.lang.String" }
    ReturnsString
    Exceptions
    • weblogic.management.utils.NotFoundException
    • weblogic.management.utils.InvalidParameterException

    groupExists

    Indicates whether the specified group exists.

       
    Operation Name"groupExists"
    ParametersObject [] {  groupName }

    where:

    • groupName is an object of type java.lang.String that specifies:

      - The name that this method evaluates.

    SignatureString [] { "java.lang.String" }
    Returns boolean
    Exceptions
    • weblogic.management.utils.InvalidParameterException

    haveCurrent

    Returns true if there are more objects in the list, and false otherwise.

       
    Operation Name"haveCurrent"
    ParametersObject [] {  cursor }

    where:

    • cursor is an object of type java.lang.String that specifies:

      - The cursor returned from a previous list method.

    SignatureString [] { "java.lang.String" }
    Returns boolean
    Exceptions
    • weblogic.management.utils.InvalidCursorException

    isMember

    Indicates whether a user or group is a member of the group that you specify. A recursive search returns true if the member belongs to the group that you specify or to any of the groups contained within that group."

       
    Operation Name"isMember"
    ParametersObject [] {  parentGroupNamememberUserOrGroupNamerecursive }

    where:

    • parentGroupName is an object of type java.lang.String that specifies:

      - The existing group within which this method searches for membership.

    • memberUserOrGroupName is an object of type java.lang.String that specifies:

      - The user or group name for which this method searches.

    • recursive is an object of type java.lang.Boolean that specifies:

      - If set to true, the criteria for membership extends to any groups within the group that is specified by parentGroupName.

      If this argument is set to false, then this method checks only for direct membership within the parentGroupName.

    SignatureString [] { "java.lang.String", "java.lang.String", "java.lang.Boolean" }
    Returns boolean
    Exceptions
    • weblogic.management.utils.NotFoundException
    • weblogic.management.utils.InvalidParameterException

    isSet

    Returns true if the specified attribute has been set explicitly in this MBean instance.

       
    Operation Name"isSet"
    ParametersObject [] {  propertyName }

    where:

    • propertyName is an object of type java.lang.String that specifies:

      property to check

    SignatureString [] { "java.lang.String" }
    Returns boolean
    Exceptions
    • java.lang.IllegalArgumentException

    listGroups

    Searches for a user name that matches a pattern.

    This method returns a cursor that you can pass to the methods from weblogic.management.utils.NameListerMBean (which this MBean extends) to iterate through the returned list.

    This method does not sort the results.

       
    Operation Name"listGroups"
    ParametersObject [] {  groupNameWildcardmaximumToReturn }

    where:

    • groupNameWildcard is an object of type java.lang.String that specifies:

      -

      The pattern for which this method searches. The pattern can end with an * (asterisk) as a wildcard, which matches any string of characters.

      For example, a pattern of abc matches exactly one group name that contains only abc, a pattern of ab* matches all group names that start with ab, and a pattern of * matches all group names.

    • maximumToReturn is an object of type java.lang.Integer that specifies:

      - The maximum number of group names that this method returns. If there are more matches than this maximum, then the returned results are arbitrary because this method does not sort results. If the parameter is set to 0 there is no maximum and all results are returned.

    SignatureString [] { "java.lang.String", "java.lang.Integer" }
    ReturnsString
    Exceptions
    • weblogic.management.utils.InvalidParameterException

    listMemberGroups

    Lists the groups that directly contain a user or a group. Returns a cursor (string).You can use methods from weblogic.management.utils.NameLister (which this MBean extends) to iterate through the returned list.

       
    Operation Name"listMemberGroups"
    ParametersObject [] {  memberUserOrGroupName }

    where:

    • memberUserOrGroupName is an object of type java.lang.String that specifies:

      - The name of an existing user or group.

    SignatureString [] { "java.lang.String" }
    ReturnsString
    Exceptions
    • weblogic.management.utils.NotFoundException
    • weblogic.management.utils.InvalidParameterException

    listUsers

    Searches for a user name that matches a pattern.

    This method returns a cursor that you can pass to the methods from weblogic.management.utils.NameListerMBean (which this MBean extends) to iterate through the returned list.

    This method does not sort the results.

       
    Operation Name"listUsers"
    ParametersObject [] {  userNameWildcardmaximumToReturn }

    where:

    • userNameWildcard is an object of type java.lang.String that specifies:

      - The pattern for which this method searches. The pattern can end with an * (asterisk) as a wildcard, which matches any string of characters.

      For example, a pattern of abc matches exactly one user name that contains only abc, a pattern of ab* matches all user names that start with ab, and a pattern of * matches all user names.

    • maximumToReturn is an object of type java.lang.Integer that specifies:

      - The maximum number of user names that this method returns. If there are more matches than this maximum, then the returned results are arbitrary because this method does not sort results. If the parameter is set to 0 there is no maximum and all results are returned.

    SignatureString [] { "java.lang.String", "java.lang.Integer" }
    ReturnsString
    Exceptions
    • weblogic.management.utils.InvalidParameterException

    unSet

    Restore the given property to its default value.

       
    Operation Name"unSet"
    ParametersObject [] {  propertyName }

    where:

    • propertyName is an object of type java.lang.String that specifies:

      property to restore

    SignatureString [] { "java.lang.String" }
    Returns void
    Exceptions
    • java.lang.IllegalArgumentException
      UnsupportedOperationException if called on a runtime implementation.

    userExists

    Indicates whether the specified user exists.

       
    Operation Name"userExists"
    ParametersObject [] {  userName }

    where:

    • userName is an object of type java.lang.String that specifies:

      - The name that this method evaluates.

    SignatureString [] { "java.lang.String" }
    Returns boolean
    Exceptions
    • weblogic.management.utils.InvalidParameterException

    wls_getDisplayName

    Returns the display name of an MBean.

    Deprecated 9.0.0.0

       
    Operation Name"wls_getDisplayName"
    Parametersnull
    Signaturenull
    ReturnsString