Previous
Next


Authentication Configuration  Locate

In this section, we will show you how to change the BEA AquaLogic Service Registry configuration to allow the following authentication providers:

HTTP Basic  Locate

To allow HTTP Basic authentication:

  1. Modify REGISTRY_HOME/app/uddi/services/Wasp-inf/package.xml to enable HTTP basic authentication as follows:

    1. Under <processing name="UDDIv1v2v3PublishingProcessing"/>, uncomment <use ref="tns:HttpBasicInterceptor"/>. This enables the HTTP Basic authentication for UDDI Publishing API v1, v2, v3.

    2. Under <processing name="UDDIv1v2v3InquiryProcessing">, add <use ref="tns:HttpBasicInterceptor"/> . This enables the HTTP Basic authentication for all three versions of the UDDI Inquiry API.

    3. Under <processing name="wsdl2uddiProcessing">, add <use ref="tns:HttpBasicInterceptor"/> . This enables the HTTP Basic authentication for versions 2 and 3 of the WSDL2UDDI API.

    4. Add the attribute accepting-security-providers="HttpBasic" to all service-endpoints you wish to access via HTTP Basic authentication.

    A fragment of the package.xml is shown in Example 1

  2. Shutdown BEA AquaLogic Service Registry, delete the REGISTRY_HOME/work directory, and restart the registry.

Example 1. package.xml - HTTP Basic Enabled

.....
    <service-endpoint path="/inquiry" version="3.0" name="UDDIInquiryV3Endpoint" 
        service-instance="tns:UDDIInquiryV3" processing="tns:UDDIv1v2v3InquiryProcessing"
          accepting-security-providers="HttpBasic">
        <wsdl uri="uddi_api_v3.wsdl" service="uddi_api_v3:UDDI_Inquiry_SoapService"/>
        <envelopePrefix xmlns="arbitraryNamespace" value=""/>
        <namespaceOptimization xmlns="arbitraryNamespace">false</namespaceOptimization>
    </service-endpoint>
    <service-instance 
        implementation-class="com.systinet.uddi.publishing.v3.PublishingApiImpl" 
        name="UDDIPublishingV3"/>
    <service-endpoint path="/publishing" version="3.0" name="UDDIPublishingV3Endpoint" 
        service-instance="tns:UDDIPublishingV3" 
        processing="tns:UDDIv1v2v3PublishingProcessing" 
        accepting-security-providers="HttpBasic">
        <wsdl uri="uddi_api_v3.wsdl" service="uddi_api_v3:UDDI_Publication_SoapService"/>
        <envelopePrefix xmlns="arbitraryNamespace" value=""/>
        <namespaceOptimization xmlns="arbitraryNamespace">false</namespaceOptimization>
    </service-endpoint>

    <processing name="UDDIv3Processing">
      <use ref="uddiclient_v3:UDDIClientProcessing"/>
      <fault-serialization name="MessageTooLargeFaultSerializer" 
      serializer-class="com.systinet.uddi.publishing.v3.serialization.MessageTooLargeFaultSerializer" 
      serialized-exception-class="com.systinet.uddi.interceptor.wasp.MessageTooLargeException"/>
    </processing>

    <processing name="UDDIv1v2v3PublishingProcessing">
     <use ref="uddiclient_v3:UDDIClientProcessing"/>
     <use ref="uddiclient_v2:UDDIClientProcessing"/>
     <use ref="uddiclient_v1:UDDIClientProcessing"/>
     <!-- HttpBasic (without authtoken)         --> 
     <use ref="tns:HttpBasicInterceptor"/>        

    <interceptor name="MessageSizeCheckerInterceptor" 
       implementation-class="com.systinet.uddi.interceptor.wasp.MessageSizeCheckerInterceptor" 
       direction="in">
        <config:maxMessageSize>2097152</config:maxMessageSize>
        </interceptor>
    </processing>

    <processing name="UDDIv1v2v3InquiryProcessing">
        <use ref="tns:UDDIv3Processing"/>
        <use ref="tns:UDDIv2Processing"/>
        <use ref="tns:UDDIv1Processing"/>
        <use ref="tns:HttpBasicInterceptor"/>        
    </processing>
.....

Netegrity SiteMinder  Locate

To allow Netegrity SiteMinder authentication:

  1. Modify REGISTRY_HOME/app/uddi/services/Wasp-inf/package.xml as follows:

    1. Under <processing name="UDDIv1v2v3PublishingProcessing"/>, add <use ref="tns:SiteMinderInterceptor"/>. This enables the SiteMinder authentication for all three versions of the UDDI Publishing API.

    2. Under <processing name="UDDIv1v2v3InquiryProcessing">, add <use ref="tns:SiteMinderInterceptor"/>. This enables the SiteMinder authentication for versions 1, 2, and 3 of the Inquiry API.

    3. Under <processing name="wsdl2uddiProcessing">, add <use ref="tns:SiteMinderInterceptor"/> . This enables the SiteMinder authentication for versions 2 and 3 of the WSDL2UDDI API.

    4. Add the attribute accepting-security-providers="Siteminder" to all service-endpoints you wish to access via Netegrity SiteMinder authentication.

    5. Under the elements <securityProviderPreferences> and <interceptor name="SiteMinderInterceptor", fill in:

      • <loginNameHeader> - login name header

      • <groupHeader> - group header

      • <delimiter> - group name delimiter.

      [Important]Important

      You must set the same element values to both <securityProviderPreferences> and <interceptor name="SiteMinderInterceptor" elements.

    A fragment of the package.xml is shown in Example 2

  2. Shutdown BEA AquaLogic Service Registry, delete the REGISTRY_HOME/work directory, and restart the registry.

Example 2. package.xml - Netegrity SiteMinder Enabled

.....
  <!-- Netegrity SiteMinded security provider preferences for the server side -->
    <securityProviderPreferences xmlns="http://systinet.com/wasp/package/extension" 
       name="Siteminder">
        <loginNameHeader>sm-userdn</loginNameHeader>
        <groupHeader>sm-role</groupHeader>
        <delimiter>^</delimiter>
    </securityProviderPreferences>

    <!-- Netegrity SiteMinded interceptor-->
    <interceptor name="SiteMinderInterceptor" 
         implementation-class="com.systinet.uddi.security.siteminder.SmInterceptor" >
        <config:loginNameHeader>sm-userdn</config:loginNameHeader>
        <config:groupHeader>sm-role</config:groupHeader>
        <config:delimiter>^</config:delimiter>
    </interceptor>
.....

Consoles Configuration  Locate

In this section, we will show you how to configure authentication for both Registry Console and Business Service Console. The configuration of consoles is very similar to the configuration of other endpoints.

[Note]Referring to jar packages

The file path REGISTRY_HOME/app/uddi/web.jar/WASP-INF/package.xml means the /WASP-INF/package.xml inside the jar package REGISTRY_HOME/app/uddi/web.jar.

For the Registry Console, modify the file REGISTRY_HOME/app/uddi/web.jar/WASP-INF/package.xml with the following:

<service-endpoint path="/web" name="WebUIEndpoint1" 
     service-instance="tns:WebUI" type="raw" other-methods="get" 
     accepting-security-providers="HttpBasic"/>
<service-endpoint path="/web/*" name="WebUIEndpoint2" 
     service-instance="tns:WebUI" type="raw" other-methods="get" 
     accepting-security-providers="HttpBasic"/>

If you want to set Netegrity SiteMinder provider, use accepting-security-providers="Siteminder"

For the Business Service Console do the same in the file REGISTRY_HOME/app/uddi/bsc.jar/WASP-INF/package.xml

We just set authentication providers for both HTTP and HTTPS protocols. Now, we must specify which protocol consoles will be using for user authentication. The default registry configuration is to use HTTP for browsing and searching. HTTPS is used for publishing. To avoid displaying the login dialog twice, (for the first time when accessing via HTTP then the second time when accessing via HTTPS), modify the configuration to use only one protocol.

For the Registry Console, modify url and secureUrl elements in the file REGISTRY_HOME/app/uddi/conf/web.xml to have the same value:

<url>https://servername:8443</url>
<secureUrl>https://servername:8443</secureUrl>

For the Business Service Console, make the same change in the REGISTRY_HOME/app/uddi/bsc.jar/conf/web.xml file.



Previous
Next