The BEA AquaLogic Service Registry ACL Demos demonstrate the BEA AquaLogic Service Registry ACL application programming interface's capabilities and how to use this API.
The Systinet ACL extension is used to grant or revoke rights to selected users or groups. You will learn how to create, save, delete, get and find ACLs.
The BEA AquaLogic Service Registry Security ACL demo set contains the following demos to assist you in learning the BEA AquaLogic Service Registry client API:
Create Demonstrates how to use Create ACL to give one user rights to create a service in the business entity of another user.
Save Demonstrates how to use Save ACL to give one user rights to update the business entity of another user.
Delete Demonstrates how to use Delete ACL to give one user rights to delete a business entity of another user.
Get Demonstrates how to use Get ACL to revoke from a selected user the right to get the business detail of a business entity.
Find Demonstrates how to use Find ACL to hide the business entity in a find_business operation from a selected user.
We expect that you have already installed the BEA AquaLogic Service Registry and set the REGISTRY_HOME environment variable to the registry's installation location.
To run the BEA AquaLogic Service Registry's demos, your BEA AquaLogic Service Registry must be running. To start the registry, execute the serverstart script:
Windows: | %REGISTRY_HOME%\bin\serverstart.bat |
UNIX: | $REGISTRY_HOME/bin/serverstart.sh |
It is necessary to configure the demos. The configuration system has two levels: global and local. The properties defined at the global level may be overwritten at the local level. The global properties are located in the file:
Windows: | %REGISTRY_HOME%\demos\env.properties |
UNIX: | $REGISTRY_HOME/demos/env.properties |
The values set during the installation of the BEA AquaLogic Service Registry work out of the box, and their modification affects all demos. If you need to redefine a property's value for a single demo (that is,, at the local level), edit env.properties. This file is located in the same directory as the file run.sh ( run.bat). Local level properties for the ACL demos are loaded from the file:
Windows: | %REGISTRY_HOME%\demos\security\acl\env.properties |
UNIX: | $REGISTRY_HOME/demos/security/acl/env.properties |
Table 15. Properties Used in Demos
Name | Default Value | Description |
---|---|---|
uddi.demos.user.john.name | demo_john | first user's name |
uddi.demos.user.john.password | demo_john | first user's password |
uddi.demos.user.jane.name | demo_jane | second user's name |
uddi.demos.user.jane.password | demo_jane | second user's password |
uddi.demos.url.publishing | http://localhost:8080/uddi/publishing | The publication Web service port URL |
uddi.demos.url.security | http://localhost:8080/uddi/security | the security Web service port URL |
This section describes the programming pattern used in all demos using the Find demo as an example. You can find this demo's source code in the file:
Windows: | %REGISTRY_HOME%\demos\security\acl\src\demo\uddi\acl\Find.java |
UNIX: | $REGISTRY_HOME/demos/security/acl/src/demo/uddi/acl/Find.java |
The main method is divided into several logical parts. The first part is used to configure the demo for the user. The "good" user represents the user who will receive a positive ACL; the "bad" user represents the user who will receive a negative ACL.
The second part contains the save_business operation with extra information. The ACLs are set in the categoryBag. In the next section, the bad user unsuccessfully tries to find the business entity by name, and finally the good user finds the business entity.
String name = UserInput.readString("Enter business name", "ACL find demo"); String description = UserInput.readString("Enter description", "Demonstration of find-allowed, find-denied ACLs"); String searchName = UserInput.readString("Enter search string", "ACL%"); String owner = UserInput.readString("Enter entity owner", "admin"); String password = UserInput.readString("Enter owner's password", "changeit"); String loginGood = UserInput.readString("Enter good user's login", DemoProperties.getProperty(USER_JOHN_NAME)); String passwordGood = UserInput.readString("Enter good user's password", DemoProperties.getProperty(USER_JOHN_PASSWORD)); String loginBad = UserInput.readString("Enter bad user's login", DemoProperties.getProperty(USER_JANE_NAME)); String passwordBad = UserInput.readString("Enter bad user's password", DemoProperties.getProperty(USER_JANE_PASSWORD)); System.out.println(); UDDI_Security_PortType security = getSecurityStub(); String authInfoOwner = getAuthInfo(owner, password, security); Save_business saveBusiness = createSaveBusiness(name, description, loginGood, loginBad, authInfoOwner); BusinessDetail result = saveBusiness(saveBusiness); printBusinessDetail(result); discardAuthInfo(authInfoOwner, security); System.out.println(" "); System.out.println("Finding business entity where"); String authInfoGood = getAuthInfo(loginGood, passwordGood, security); Find_business findBusiness = createFindByName(searchName, authInfoGood); BusinessList businessList = findBusiness(findBusiness); printBusinessList(businessList); discardAuthInfo(authInfoGood, security); System.out.println(" "); System.out.println("Finding business entity where"); String authInfoBad = getAuthInfo(loginBad, passwordBad, security); findBusiness = createFindByName(searchName, authInfoBad); businessList = findBusiness(findBusiness); printBusinessList(businessList); discardAuthInfo(authInfoGood, security);
The createSaveBusiness operation is used to create the Save_business object. The ACLs are stored in the keyedReferenceGroup with the uddi:systinet.com:acl tModelKey as keyedReference, where the tModelKey specifies the tModelKey of the ACL, keyValue holds the login name of the user or group, and finally keyName is used to distinguish between users and groups in the keyValue.
public static Save_business createSaveBusiness(String name, String description, String goodUser, String badUser, String authInfo) throws InvalidParameterException { System.out.println("name = " + name); System.out.println("description = " + description); System.out.println("goodUser = " + goodUser); System.out.println("badUser = " + badUser); BusinessEntity businessEntity = new BusinessEntity(); businessEntity.addName(new Name(name)); businessEntity.addDescription(new Description(description)); CategoryBag categoryBag = new CategoryBag(); businessEntity.setCategoryBag(categoryBag); KeyedReferenceGroup aclGroup = new KeyedReferenceGroup("uddi:systinet.com:acl"); aclGroup.addKeyedReference(new KeyedReference("uddi:systinet.com:acl:find-allowed", goodUser, "user")); aclGroup.addKeyedReference(new KeyedReference("uddi:systinet.com:acl:find-denied", badUser, "user")); categoryBag.addKeyedReferenceGroup(aclGroup); Save_business save = new Save_business(); save.addBusinessEntity(businessEntity); save.setAuthInfo(authInfo); return save; }
The find_business operation takes the authInfo parameter used to identify the user who runs the query.
public static Find_business createFindByName(String name, String authInfo) throws InvalidParameterException { System.out.println("name = " + name); Find_business find_business = new Find_business(); find_business.addName(new Name(name)); find_business.setMaxRows(new Integer(MAX_ROWS)); find_business.setAuthInfo(authInfo); find_business.addFindQualifier("approximateMatch"); return find_business; }
This section shows how to build and run the BEA AquaLogic Service Registry ACL demos.
Be sure that the demos are properly configured and the BEA AquaLogic Service Registry is up and running.
Change your working directory to:
Windows: | %REGISTRY_HOME%\demos\security\acl |
UNIX: | $REGISTRY_HOME/demos/security/acl |
Build demos using:
Windows: | run.bat make |
UNIX: | ./run.sh make |
![]() | Note |
---|---|
When compiling demos on Windows platforms, you may see the following text: A subdirectory or file ..\..\common\.\build\classes already exists. This is expected and does not indicate a problem. |
To get list of all available commands, run
Windows: | run.bat help |
UNIX: | ./run.sh help |
The selected demo can be executed via the run command with the name of the demo as parameter. For example, to run the Find demo, invoke
Windows: | run.bat Find |
UNIX: | ./run.sh Find |
The output of this demo will resemble the following:
Running Find demo... ************************************************************************** *** Systinet Registry Demo - ACLFind *** ************************************************************************** Saving business entity where Enter business name [ACL find demo]: Enter description [Demonstration of find-allowed, find-denied ACLs]: Enter search string [ACL%]: Enter entity owner [admin]: Enter owner's password [changeit]: Enter good user's login [demo_john]: Enter good user's password [demo_john]: Enter bad user's login [demo_jane]: Enter bad user's password [demo_jane]: Using Security at url https://mycomp.com:8443/uddi/security .. done Authenticating the user admin .. done name = ACL find demo description = Demonstration of find-allowed, find-denied ACLs goodUser = demo_john badUser = demo_jane Using Publishing at url https://mycomp.com:8443/uddi/publishing .. done Save business in progress ... done Business 1 : uddi:91ba8390-a8e0-11d8-b2ad-779f83c0b2ad <businessEntity businessKey="uddi:91ba8390-a8e0-11d8-b2ad-779f83c0b2ad" xmlns="urn:uddi-org:api_v3"> <name>ACL find demo</name> <description>Demonstration of find-allowed, find-denied ACLs</description> <categoryBag> <keyedReferenceGroup tModelKey="uddi:systinet.com:acl"> <keyedReference tModelKey="uddi:systinet.com:acl:find-allowed" keyName="user" keyValue="demo_john"/> <keyedReference tModelKey="uddi:systinet.com:acl:find-denied" keyName="user" keyValue="demo_jane"/> </keyedReferenceGroup> </categoryBag> </businessEntity> Logging out .. done Finding business entity where Authenticating the user demo_john .. done name = ACL% Using Inquiry at url http://mycomp.com:8080/uddi/inquiry .. done Search in progress .. done Displaying 1 of 1, starting at position 1 Business 1 : uddi:91ba8390-a8e0-11d8-b2ad-779f83c0b2ad <businessInfo businessKey="uddi:91ba8390-a8e0-11d8-b2ad-779f83c0b2ad" xmlns="urn:uddi-org:api_v3"> <name>ACL find demo</name> <description>Demonstration of find-allowed, find-denied ACLs</description> </businessInfo> Logging out .. done Finding business entity where Authenticating the user demo_jane .. done name = ACL% Using Inquiry at url http://mycomp.com:8080/uddi/inquiry .. done Search in progress .. done Displaying 0 of 0, starting at position 1 Nothing found Logging out .. done
To rebuild demos, execute run.bat clean (./run.sh clean) to delete the classes directory and run.bat make (./run.sh make) to rebuild the demo classes.