BEA 7 Server User Manual


 
1 Upgrading WebLogic Server 6.x to Version 7.0
1-30 BEA WebLogic Server 7.0 Upgrade Guide
MBean API Change
Previous versions of this document and various other sample documents erroneously
described using
weblogic.management.Admin.getInstance().getAdminMBeanHome() as a way
to look up the
MBeanHome interface on the Administration Server.
However, the
weblogic.management.Admin class is not public. Instead of using this
non-public class, use JNDI to retrieve
MBeanHome. See Determining the Active
Domain and Servers in Programming WebLogic Server JMX Services.
Security
Guest and <Anonymous> Users
In WebLogic Server 6.x, any unauthenticated user (anonymous user) was identified as
a user called
guest. WebLogic Server allowed the guest user access to WebLogic
resources. However, this functionality presented a potential security risk so the
functionality was modified.
In this version of WebLogic Server, the
guest user is no longer supplied by default.
WebLogic Server now distinguishes between the
guest user and an anonymous user,
by assigning an anonymous user the name
<anonymous>.
If you want to use the
guest user as you did in WebLogic Server 6.x, do one of the
following:
Use Compatibility security. (For more information, see “Using Compatibility
Security” in Managing WebLogic Security.)
Define the guest user as a user in the WebLogic Authentication provider. (The
WebLogic Authentication provider is already configured in the default security
realm.) You do this by setting the following argument when starting a WebLogic
Server instance:
-Dweblogic.security.anonymousUserName=guest
Caution: This argument was added to assist existing WebLogic Server customers to
upgrade their security functionality. You should take great caution when
using the
guest user in a production environment. For more information