user manual

1 Upgrading WebLogic Server 6.x to Version 7.0

1-30 BEA WebLogic Server 7.0 Upgrade Guide

MBean API Change

Previous versions of this document and various other sample documents erroneously

described using

weblogic.management.Admin.getInstance().getAdminMBeanHome() as a way

to look up the

MBeanHome interface on the Administration Server.

However, the

weblogic.management.Admin class is not public. Instead of using this

non-public class, use JNDI to retrieve

MBeanHome. See Determining the Active

Domain and Servers in Programming WebLogic Server JMX Services.

Security

Guest and <Anonymous> Users

In WebLogic Server 6.x, any unauthenticated user (anonymous user) was identified as

a user called

guest. WebLogic Server allowed the guest user access to WebLogic

resources. However, this functionality presented a potential security risk so the

functionality was modified.

In this version of WebLogic Server, the

guest user is no longer supplied by default.

WebLogic Server now distinguishes between the

guest user and an anonymous user,

by assigning an anonymous user the name

<anonymous>.

If you want to use the

guest user as you did in WebLogic Server 6.x, do one of the

following:

 Use Compatibility security. (For more information, see “Using Compatibility

Security” in Managing WebLogic Security.)

 Define the guest user as a user in the WebLogic Authentication provider. (The

WebLogic Authentication provider is already configured in the default security

realm.) You do this by setting the following argument when starting a WebLogic

Server instance:

-Dweblogic.security.anonymousUserName=guest

Caution: This argument was added to assist existing WebLogic Server customers to

upgrade their security functionality. You should take great caution when

using the

guest user in a production environment. For more information