2-8 Securing Oracle WebLogic Server Non-dynamic Changes have been Made . Setting this attribute to true permits users to perform security management operations without restarting the server. Note that this attribute is reset to false when a new MBean edit session begins. For example, the value of the MinimumPasswordLength attribute in DefaultAuthenticatorMBean is stored in the domains configuration document. Because all modifications to this document are controlled by WebLogic Server, to change the value of this attribute you must use the Edit MBean Server and acquire a lock on the domains configuration. The createUser operation in DefaultAuthenticatorMBean adds data to an LDAP server, which is not controlled by WebLogic Server. To prevent incompatible changes between the DefaultAuthenticatorMBeans configuration and the data that it uses in the LDAP server, you cannot invoke the createUser operation if you or other users are in the process of modifying the MinimumPasswordLength attribute. In addition, because changing this attribute requires you to restart WebLogic Server, you cannot invoke the createUser operation until you have restarted the server. 2.7 What Is Compatibility Security? Compatibility security refers to the capability to run security configurations developed under WebLogic Server 6.x in this release of WebLogic Server. In Compatibility security, you manage 6.x security realms, users, groups, and ACLs, protect user accounts, and configure the Realm Adapter Auditing provider and optionally the Identity Assertion provider in the Realm Adapter Authentication provider. The only security realm available in Compatibility security is the CompatibilityRealm. The Realm Adapter providers Auditing, Adjudication, Authorization, and Authentication in the Compatibility realm allow backward compatibility with the authentication, authorization, and auditing services in 6.x security realms. For more information, see Chapter 14, Using Compatibility Security.

2.7.1 Management Tasks Available in Compatibility Security

Because Compatibility security allows you to access only authentication, authorization, and custom auditing implementations supported in WebLogic Server 6.x, not all 6.x security tasks are allowed in Compatibility security. Use Compatibility security to: ■ Configure the Realm Adapter Auditing provider. For more information, see Section 14.6, Configuring a Realm Adapter Auditing Provider. ■ Configure the Identity Assertion provider in the Realm Adapter Authentication provider so that implementations of the weblogic.security.acl.CertAuthenticator class can be used. For more information, see Section 14.5, Configuring the Identity Assertion Provider in the Realm Adapter Authentication Provider. Note: Compatibility security is deprecated and will not be supported in future major releases. Oracle strongly recommends upgrading your WebLogic Server deployment to the security features in this release of WebLogic Server. You should only use Compatibility security pending such an upgrade. Overview of Security Management 2-9 ■ Change the password of the system user to protect your WebLogic Server deployment. ■ Manage the security realm in the CompatibilityRealm. ■ Define additional users for the security realm in the CompatibilityRealm. Organize users further by implementing groups in the security realm. ■ Manage ACLs and permissions for the resources in your WebLogic Server deployment. ■ Create security roles and security policies for WebLogic resources you add to the CompatibilityRealm. For more information, see Securing Resources Using Roles and Policies for Oracle WebLogic Server. You can still configure identity and trust, use SSL, configure connection filters, and enable interoperability between domains; however, you use the security features available in this release of WebLogic Server to perform these tasks. See: ■ Chapter 11, Configuring Identity and Trust ■ Chapter 12, Configuring SSL ■ Chapter 13, Configuring Security for a WebLogic Domain Note: The Realm Adapter Adjudication and Authorization providers are configured by default in the CompatibilityRealm using information in an 6.x existing config.xml file. These providers can only be used in the CompatibilityRealm. The Realm Adapter Authentication provider is also automatically configured in the CompatibilityRealm. However, this provider can also be configured in other realms to provide access to users and groups stored in 6.x security realms. For more information, see Section 5.5, Configuring RDBMS Authentication Providers. 2-10 Securing Oracle WebLogic Server 3 Customizing the Default Security Configuration 3-1 3 Customizing the Default Security Configuration The following sections provide information about customizing the default security configuration by creating a new security realm: ■ Section 3.1, Why Customize the Default Security Configuration?