Red Hat Training
A Red Hat training course is available for JBoss Enterprise SOA Platform
Chapter 19. Securing the Service Registry
19.1. Service Registry Authentication
Introduction
Here is a theoretical understanding of how the authentication process works.
Authentication is a two-phase process. These are known as the authenticate phase and the identify phase. Both of these phases are represented by a method in the
Authenticator
interface.
The authenticate phase occurs when the
GetAuthToken
request is made. The goal of this phase is to turn a user id and credentials into a valid publisher id. The publisher id (referred to as the authorized name in UDDI terminology) is the value that assigns ownership within UDDI. Whenever a new entity is created, it must be tagged with ownership by the authorized name of the publisher.
The value of the publisher id is irrelevant to the jUDDI Registry: the only requirement is that one exists to assign to new entities so it must be non-null. Upon completion of the
GetAuthToken
request, an authentication token
is issued to the caller.
When you make subsequent calls to the UDDI API that require authentication, you must provide the token issued in response to the
GetAuthToken
request. This leads to the identify phase.
The identify phase is responsible for turning the authentication token (or the publisher id associated with that token) into a valid
UddiEntityPublisher
object. This object contains all the properties necessary to handle ownership of UDDI entities. Thus, the token (or publisher id) is used to identify the publisher.
The two phases provide compliance with the UDDI authentication structure and grant flexibility if you wish to provide your own authentication mechanism.
Handling of credentials and publisher properties could be done entirely outside of the jUDDI Registry. However, by default, the Registry provides the
Publisher
entity, which is a sub-class of UddiEntityPublisher
. This sub-class makes publisher properties persist within the jUDDI Registry.