System and method for dynamic security configuration in a multitenant application server environment

What is claimed is: 1. A system for supporting dynamic security configuration in a multitenant application server environment, comprising: one or more computers, including an application server environment executing thereon, and a domain for execution of software applications; wherein the application server environment provides a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of the domain, that can be associated with a tenant, and wherein the application server environment provides a plurality of realms associated with the plurality of partitions, including that each particular partition is associated with a particular security realm that is used with the particular partition and associated with one or more attributes; and wherein the system enables configuration changes to be made for partition level security, by associating one or more listeners with the attributes of the security realm, that detect changes to the attributes, wherein each listener listens for changes to a specific attribute, and whereupon changes to the attributes being detected for the particular partition, a determination is made whether to restart one or both of the security realm associated with the particular partition, or a server hosting the particular partition, including: upon determining that the changes to the attributes are all dynamic changes, then applying the changes to the security realm for the particular partition, without restarting either the security realm associated with the particular partition or the server hosting the particular partition; and upon a particular listener determining an associated attribute change is non-dynamic, then directing the system whether to restart one or both of: (a) the security realm associated with the particular partition, or (b) the server hosting the particular partition, to apply the attribute change, and cause the particular partition to be restarted with the changed attributes. 2. The system of claim 1 , wherein the configuration changes include at least one of: adding a new security realm for a partition; deleting an existing security realm; changing configuration on an existing security realm; adding or removing a security provider to a security realm; or changing configuration of a security provider. 3. The system of claim 1 , wherein the system includes a dynamic security configuration adjudicator that operates with the one or more listeners to apply new values of an attribute to impacted objects or to replace security configuration instances. 4. The system of claim 3 , wherein upon a particular listener detecting an associated attribute change, the dynamic security configuration adjudicator determines whether to restart the partition security realm to apply the attribute change. 5. The system of claim 1 , wherein each partition can include one or more resource groups. 6. The system of claim 1 , further comprising at least one of a console or other interface that enables specification of partition security settings for the one or more partitions. 7. The system of claim 1 , whereupon a particular attribute being changed and an associated listener determining it cannot handle the attribute change dynamically, the security realm is restarted by bringing up a new realm and shutting down the old realm. 8. The system of claim 1 , wherein if any changes within the security realm are determined to be non-dynamic, then the dynamic security configuration adjudicator directs the system to automatically restart the security realm for the partition, to apply those changes. 9. The system of claim 1 , wherein each partition security realm is associated with a configuration component that enables attributes of the security realm to be annotated as being dynamic attributes or non-dynamic attributes, and wherein the configuration component and its annotations are used to determine whether changes to particular security realm attributes are dynamic changes or non-dynamic changes. 10. A method for supporting dynamic security configuration in a multitenant application server environment, comprising: providing, at one or more computers, including an application server environment executing thereon, a domain for execution of software applications; and a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of the domain, that can be associated with a tenant, and wherein the application server environment provides a plurality of realms associated with the plurality of partitions, including that each particular partition is associated with a particular security realm that is used with the particular partition and associated with one or more attributes; and wherein configuration changes for partition level security are made, by associating one or more listeners with the attributes of the security realm, that detect changes to the attributes, wherein each listener listens for changes to a specific attribute, and whereupon changes to the attributes being detected for the particular partition, a determination is made whether to restart one or both of the security realm associated with the particular partition, or a server hosting the particular partition, including: upon determining that the changes to the attributes are all dynamic changes, then applying the changes to the security realm for the particular partition, without restarting either the security realm associated with the particular partition or the server hosting the particular partition; and upon a particular listener determining an associated attribute change is non-dynamic, then directing whether one or both of: (a) the security realm associated with the particular partition, or (b) the server hosting the particular partition, is to be restarted, to apply the attribute change, and cause the particular partition to be restarted with the changed attributes. 11. The method of claim 10 , wherein the configuration changes include at least one of: adding a new security realm for a partition; deleting an existing security realm; changing configuration on an existing security realm; adding or removing a security provider to a security realm; or changing configuration of a security provider. 12. The method of claim 10 , further comprising providing a dynamic security configuration adjudicator that operates with the one or more listeners to apply new values of an attribute to impacted objects or to replace security configuration instances. 13. The method of claim 12 , wherein upon a particular listener detecting an associated attribute change, the dynamic security configuration adjudicator determines whether to restart the partition security realm to apply the attribute change. 14. The method of claim 10 , wherein each partition can include one or more resource groups. 15. The method of claim 10 , further comprising providing at least one of a console or other interface that enables specification of partition security settings for the one or more partitions. 16. The method of claim 10 , wherein each partition security realm is associated with a configuration component that enables attributes of the security realm to be annotated as being dynamic attributes or non-dynamic attributes, and wherein the configuration component and its annotations are used to determine whether changes to particular security realm attributes are dynamic changes or non-dynamic changes. 17. A non-transitory computer readable storage medium, including instructions stored thereon which when read and executed by