WebLogic Password
Validation
For security reasons, companies can define password
policies like minimum length or maximum number of alphabetic, numeric,
or non-alphanumeric characters required.
WebLogic must be able to enforce the company policies. In a
security realm, this is the job of a Password Validation provider. This
is always invoked when a password is created or updated. The Password
Validation provider then checks if the new passwords meet the
implemented or configured policies. If this is not the case, the
password will be rejected. By default, the Default Authentication
provider requires a minimum password length of 8 characters. This can be
customized.
Example: Create a password validator:
edit()
startEdit()
cd('/SecurityConfiguration/' + domainName +
'/Realms/myrealm')
cmo.createPasswordValidator('SystemPasswordValidator',
'com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator')
save()
activate(block="true")
After creation, the validator can be configured. The
default system validator offers a wide range of configuration options
including password length, min/max of character types, if password can
contain username (yes/no), and more.
The default setting requires a password length of at
least 8 characters with at least one numeric or special character.
Therefore the default password is "Welcome1".
Default settings:
wls:/MartinTest_Domain/edit/SecurityConfiguration/MartinTest_Domain/Realms/myrealm/PasswordValidators/SystemPasswordValidator>
ls()
dr--
Realm
-r--
Description
Password composition checks
-rw-
MaxConsecutiveCharacters
0
-rw-
MaxInstancesOfAnyCharacter
0
-rw-
MaxPasswordLength
0
-rw-
MinAlphabeticCharacters
0
-rw-
MinLowercaseCharacters
0
See the book code download for full
script
-rw-
MinNonAlphanumericCharacters
0
-rw-
MinNumericCharacters
0
-rw-
MinNumericOrSpecialCharacters
1
-rw-
MinPasswordLength
8
-rw-
MinUppercaseCharacters
0
-r--
Name
SystemPasswordValidator
-r--
ProviderClassName
com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidatorProviderImpl
-rw-
RejectEqualOrContainReverseUsername
false
-rw-
RejectEqualOrContainUsername
false
-r--
Version
1.0
Example: Set a password policy where each password
must have at least 5 alphabetical characters, minimum number of upper
case and lower case characters to 2, and in addition restrict the usage
of EACH character to 3:
# start edit
edit()
startEdit()
# change to default password validator
cd('/SecurityConfiguration/' + domainName +
'/Realms/myrealm/PasswordValidators/SystemPasswordValidator')
cmo.setMaxConsecutiveCharacters(0)
# set the max instance of each character to 3
cmo.setMaxInstancesOfAnyCharacter(3)
# set the minimal number of alphabetic chars to 5
cmo.setMinAlphabeticCharacters(5)
# set the min. of upper case characters to 2
cmo.setMinUppercaseCharacters(2)
# set the min. of lower case characters to 2
cmo.setMinLowercaseCharacters(2)
save()
activate(block="true")
After executing this script, the configuration of the
system password validator should look like the following:
wls:/MartinTest_Domain/serverConfig/SecurityConfiguration/MartinTest_Domain/Realms/myrealm/PasswordValidators/SystemPasswordValidator>
ls()
dr--
Realm
-r--
Description
Password composition checks
-r--
MaxConsecutiveCharacters
0
-r--
MaxInstancesOfAnyCharacter
3
-r--
MaxPasswordLength
0
-r--
MinAlphabeticCharacters
5
-r--
MinLowercaseCharacters
2
-r--
MinNonAlphanumericCharacters
0
-r--
MinNumericCharacters
0
-r--
MinNumericOrSpecialCharacters
1
-r--
MinPasswordLength
8
-r--
MinUppercaseCharacters
2
-r--
Name
SystemPasswordValidator
-r--
ProviderClassName
com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidatorProviderImpl
-r--
RejectEqualOrContainReverseUsername
false
-r--
RejectEqualOrContainUsername
false
-r--
Version
1.0
Example: Define a password policy which requires a
password of exactly 10 charcters with at least 2 numeric characters:
# start edit
edit()
startEdit()
# change to default password validator
cd('/SecurityConfiguration/' + domainName +
'/Realms/myrealm/PasswordValidators/SystemPasswordValidator')
# set min. password to 10
cmo.setMinPasswordLength(10)
# set max. password to 10
See the book code download for full
script
cmo.setMaxPasswordLength(10)
# set min of numeric characters to 2
cmo.setMinNumericCharacters(2)
save()
activate(block="true")
The next example configures the default password
validator to reject passwords which contains the username or even
contains the username in reverse order:
# start edit
edit()
startEdit()
# change to default password validator
cd('/SecurityConfiguration/' + domainName +
'/Realms/myrealm/PasswordValidators/SystemPasswordValidator')
# reject password which contains the username in
reverse order
cmo.setRejectEqualOrContainReverseUsername(true)
# reject password which contains the username
cmo.setRejectEqualOrContainUsername(true)
save()
activate(block="true")
|
|
 |
|
Advanced WebLogic Server
Automation Book
The above is an excerpt from the
book
"Advanced
WebLogic Server Automation: Administration and Monitoring with WLST and
JMX". This book covers everything
administrators need to know for WebLogic scripting and
automation, and includes a comprehensive code download of
powerful WLST and JMX scripts.
|
|
|
| |
|
Burleson is the American Team
Note:
This Oracle
documentation was created as a support and Oracle training reference for use by our
DBA performance tuning consulting professionals.
Feel free to ask questions on our
Oracle forum.
Verify
experience!
Anyone
considering using the services of an Oracle support expert should
independently investigate their credentials and experience, and not rely on
advertisements and self-proclaimed expertise. All legitimate Oracle experts
publish
their Oracle
qualifications.
Errata?
Oracle technology is changing and we
strive to update our BC Oracle support information. If you find an error
or have a suggestion for improving our content, we would appreciate your
feedback. Just
e-mail:
 and include the URL for the page.
Copyright © 1996 - 2020
All rights reserved by
Burleson
Oracle ®
is the registered trademark of Oracle Corporation.
|
|
