Previous
Next


ACL  Locate

The BEA AquaLogic Service Registry ACL Demos demonstrate the BEA AquaLogic Service Registry ACL application programming interface's capabilities and how to use this API.

The Systinet ACL extension is used to grant or revoke rights to selected users or groups. You will learn how to create, save, delete, get and find ACLs.

The BEA AquaLogic Service Registry Security ACL demo set contains the following demos to assist you in learning the BEA AquaLogic Service Registry client API:

Create Demonstrates how to use Create ACL to give one user rights to create a service in the business entity of another user.

Save Demonstrates how to use Save ACL to give one user rights to update the business entity of another user.

Delete Demonstrates how to use Delete ACL to give one user rights to delete a business entity of another user.

Get Demonstrates how to use Get ACL to revoke from a selected user the right to get the business detail of a business entity.

Find Demonstrates how to use Find ACL to hide the business entity in a find_business operation from a selected user.

Prerequisites and Preparatory Steps: Code  Locate

We expect that you have already installed the BEA AquaLogic Service Registry and set the REGISTRY_HOME environment variable to the registry's installation location.

To run the BEA AquaLogic Service Registry's demos, your BEA AquaLogic Service Registry must be running. To start the registry, execute the serverstart script:

Windows: %REGISTRY_HOME%\bin\serverstart.bat
UNIX: $REGISTRY_HOME/bin/serverstart.sh

It is necessary to configure the demos. The configuration system has two levels: global and local. The properties defined at the global level may be overwritten at the local level. The global properties are located in the file:

Windows: %REGISTRY_HOME%\demos\env.properties
UNIX: $REGISTRY_HOME/demos/env.properties

The values set during the installation of the BEA AquaLogic Service Registry work out of the box, and their modification affects all demos. If you need to redefine a property's value for a single demo (that is,, at the local level), edit env.properties. This file is located in the same directory as the file run.sh ( run.bat). Local level properties for the ACL demos are loaded from the file:

Windows: %REGISTRY_HOME%\demos\security\acl\env.properties
UNIX: $REGISTRY_HOME/demos/security/acl/env.properties

Table 15. Properties Used in Demos

NameDefault ValueDescription
uddi.demos.user.john.namedemo_johnfirst user's name
uddi.demos.user.john.passworddemo_johnfirst user's password
uddi.demos.user.jane.namedemo_janesecond user's name
uddi.demos.user.jane.passworddemo_janesecond user's password
uddi.demos.url.publishinghttp://localhost:8080/uddi/publishingThe publication Web service port URL
uddi.demos.url.securityhttp://localhost:8080/uddi/securitythe security Web service port URL

Presentation and Functional Presentation  Locate

This section describes the programming pattern used in all demos using the Find demo as an example. You can find this demo's source code in the file:

Windows: %REGISTRY_HOME%\demos\security\acl\src\demo\uddi\acl\Find.java
UNIX: $REGISTRY_HOME/demos/security/acl/src/demo/uddi/acl/Find.java

The main method is divided into several logical parts. The first part is used to configure the demo for the user. The "good" user represents the user who will receive a positive ACL; the "bad" user represents the user who will receive a negative ACL.

The second part contains the save_business operation with extra information. The ACLs are set in the categoryBag. In the next section, the bad user unsuccessfully tries to find the business entity by name, and finally the good user finds the business entity. 

String name = UserInput.readString("Enter business name", "ACL find demo");
String description = UserInput.readString("Enter description", 
                                                "Demonstration of find-allowed, find-denied ACLs");
String searchName = UserInput.readString("Enter search string", "ACL%");
String owner = UserInput.readString("Enter entity owner", "admin");
String password = UserInput.readString("Enter owner's password", "changeit");
String loginGood = UserInput.readString("Enter good user's login", 
                                                        DemoProperties.getProperty(USER_JOHN_NAME));
String passwordGood = UserInput.readString("Enter good user's password", 
                                                    DemoProperties.getProperty(USER_JOHN_PASSWORD));
String loginBad = UserInput.readString("Enter bad user's login", 
                                                        DemoProperties.getProperty(USER_JANE_NAME));
String passwordBad = UserInput.readString("Enter bad user's password", 
                                                    DemoProperties.getProperty(USER_JANE_PASSWORD));
System.out.println();

UDDI_Security_PortType security = getSecurityStub();
String authInfoOwner = getAuthInfo(owner, password, security);
Save_business saveBusiness = createSaveBusiness(name, description, loginGood, loginBad, authInfoOwner);
BusinessDetail result = saveBusiness(saveBusiness);
printBusinessDetail(result);
discardAuthInfo(authInfoOwner, security);

System.out.println(" ");
System.out.println("Finding business entity where");
String authInfoGood = getAuthInfo(loginGood, passwordGood, security);
Find_business findBusiness = createFindByName(searchName, authInfoGood);
BusinessList businessList = findBusiness(findBusiness);
printBusinessList(businessList);
discardAuthInfo(authInfoGood, security);

System.out.println(" ");
System.out.println("Finding business entity where");
String authInfoBad = getAuthInfo(loginBad, passwordBad, security);
findBusiness = createFindByName(searchName, authInfoBad);
businessList = findBusiness(findBusiness);
printBusinessList(businessList);
discardAuthInfo(authInfoGood, security);

The createSaveBusiness operation is used to create the Save_business object. The ACLs are stored in the keyedReferenceGroup with the uddi:systinet.com:acl tModelKey as keyedReference, where the tModelKey specifies the tModelKey of the ACL, keyValue holds the login name of the user or group, and finally keyName is used to distinguish between users and groups in the keyValue. 

public static Save_business createSaveBusiness(String name, 
	                                                         String description, String goodUser,
  String badUser, String authInfo) throws InvalidParameterException {
    System.out.println("name = " + name);
    System.out.println("description = " + description);
    System.out.println("goodUser = " + goodUser);
    System.out.println("badUser = " + badUser);

    BusinessEntity businessEntity = new BusinessEntity();
    businessEntity.addName(new Name(name));
    businessEntity.addDescription(new Description(description));

    CategoryBag categoryBag = new CategoryBag();
    businessEntity.setCategoryBag(categoryBag);
    KeyedReferenceGroup aclGroup = new KeyedReferenceGroup("uddi:systinet.com:acl");
    aclGroup.addKeyedReference(new KeyedReference("uddi:systinet.com:acl:find-allowed", 
                                                                                  goodUser, "user"));
    aclGroup.addKeyedReference(new KeyedReference("uddi:systinet.com:acl:find-denied", 
                                                                                   badUser, "user"));
    categoryBag.addKeyedReferenceGroup(aclGroup);

    Save_business save = new Save_business();
    save.addBusinessEntity(businessEntity);
    save.setAuthInfo(authInfo);

    return save;
}

The find_business operation takes the authInfo parameter used to identify the user who runs the query. 

public static Find_business createFindByName(String name, String authInfo)
  throws InvalidParameterException {
System.out.println("name = " + name);
Find_business find_business = new Find_business();
find_business.addName(new Name(name));
find_business.setMaxRows(new Integer(MAX_ROWS));
find_business.setAuthInfo(authInfo);
find_business.addFindQualifier("approximateMatch");
return find_business;
}

Building and Running Demos  Locate

This section shows how to build and run the BEA AquaLogic Service Registry ACL demos.

  1. Be sure that the demos are properly configured and the BEA AquaLogic Service Registry is up and running.

  2. Change your working directory to:

    Windows: %REGISTRY_HOME%\demos\security\acl
    UNIX: $REGISTRY_HOME/demos/security/acl

  3. Build demos using:

    Windows: run.bat make
    UNIX: ./run.sh make

    [Note]Note

    When compiling demos on Windows platforms, you may see the following text: 

    A subdirectory or file ..\..\common\.\build\classes already exists.

    This is expected and does not indicate a problem.

  4. To get list of all available commands, run

    Windows: run.bat help
    UNIX: ./run.sh help

  5. The selected demo can be executed via the run command with the name of the demo as parameter. For example, to run the Find demo, invoke

    Windows: run.bat Find
    UNIX: ./run.sh Find

    The output of this demo will resemble the following:

    Running Find demo...
**************************************************************************
***    Systinet Registry Demo - ACLFind   ***
**************************************************************************

Saving business entity where
Enter business name [ACL find demo]:
Enter description [Demonstration of find-allowed, find-denied ACLs]:
Enter search string [ACL%]:
Enter entity owner [admin]:
Enter owner's password [changeit]:
Enter good user's login [demo_john]:
Enter good user's password [demo_john]:
Enter bad user's login [demo_jane]:
Enter bad user's password [demo_jane]:

Using Security at url https://mycomp.com:8443/uddi/security .. done
Authenticating the user admin .. done
name = ACL find demo
description = Demonstration of find-allowed, find-denied ACLs
goodUser = demo_john
badUser = demo_jane
Using Publishing at url https://mycomp.com:8443/uddi/publishing .. done
Save business in progress ... done

Business 1 : uddi:91ba8390-a8e0-11d8-b2ad-779f83c0b2ad
<businessEntity businessKey="uddi:91ba8390-a8e0-11d8-b2ad-779f83c0b2ad"
xmlns="urn:uddi-org:api_v3">
<name>ACL find demo</name>
<description>Demonstration of find-allowed, find-denied ACLs</description>
<categoryBag>
<keyedReferenceGroup tModelKey="uddi:systinet.com:acl">
<keyedReference tModelKey="uddi:systinet.com:acl:find-allowed"
keyName="user" keyValue="demo_john"/>
<keyedReference tModelKey="uddi:systinet.com:acl:find-denied"
keyName="user" keyValue="demo_jane"/>
</keyedReferenceGroup>
</categoryBag>
</businessEntity>

Logging out .. done

Finding business entity where
Authenticating the user demo_john .. done
name = ACL%
Using Inquiry at url http://mycomp.com:8080/uddi/inquiry .. done
Search in progress .. done

Displaying 1 of 1, starting at position 1
Business 1 : uddi:91ba8390-a8e0-11d8-b2ad-779f83c0b2ad
<businessInfo businessKey="uddi:91ba8390-a8e0-11d8-b2ad-779f83c0b2ad"
xmlns="urn:uddi-org:api_v3">
<name>ACL find demo</name>
<description>Demonstration of find-allowed, find-denied ACLs</description>
</businessInfo>

Logging out .. done

Finding business entity where
Authenticating the user demo_jane .. done
name = ACL%
Using Inquiry at url http://mycomp.com:8080/uddi/inquiry .. done
Search in progress .. done

Displaying 0 of 0, starting at position 1
Nothing found
Logging out .. done

  6. To rebuild demos, execute run.bat clean (./run.sh clean) to delete the classes directory and run.bat make (./run.sh make) to rebuild the demo classes.



Previous
Next