WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Configuring the UDDI Registry to use WebSphere Application Server security

Before you begin

Before starting this task complete the following two steps:

Why and when to perform this task

There are two aspects of WebSphere Application Server security which are exploited by the UDDI registry:
Authorization
Authorization determines whether users are allowed access to services. WebSphere Application Server determines authorization by mapping users, or groups of users, to roles. UDDI makes use of two special WebSphere Application Server classes of user: Everyone (all users are allowed access) and AllAuthenticatedUsers (only valid WebSphere Application Server registered users are allowed access).
Data confidentiality
Data confidentiality determines security at the transport level. Data confidentiality for WebSphere Application Server services can be either 'none' (HTTP is used as the transport protocol) or 'confidential' (requiring the use of SSL; HTTPS is used as the transport protocol).
When WebSphere Application Server security is enabled, the default settings in the UDDI Version 3 Application and Web deployment descriptors result in the following features:
  • Publish, Custody Transfer and Security services are mapped to the AllAuthenticatedUsers class of users, and data confidentiality is enforced (HTTPS is used). Authentication uses the standard WebSphere security facilities and there is no separate registration function for the UDDI registry. You will need to supply your WebSphere user name and password for publish functions (unless you have modified the supplied publish role).
  • Inquiry services are mapped to the Everyone class of users, and data confidentiality is not enforced (HTTP is used).

With the UDDI roles mapped to either the Everyone class or the AllAuthenticatedUsers class, you can then control which individual users in those classes can update the UDDI Registry by registering those users as UDDI publishers. This is the recommended course of action. However, you can change the defaults by mapping roles to different users or user groups, or by not mapping a role to any users or user groups, in which case all access to that role will be disabled. If you do map roles to users or groups, turn on the Automatically register UDDI publishers property (see UDDI node settings) so that you do not have to use two mechanisms for giving access to a subset of users.

For more information about UDDI role mappings, and a list of UDDI Registry services and roles, see Access control for UDDI Registry interfaces.

To change the default settings follow the steps below:

Steps for this task

  1. To change the role mappings using the administrative console, complete the following steps:
    1. In the navigation pane, click Applications > Enterprise Applications.
    2. In the content pane, click the UDDI Registry application.
    3. Under Additional Properties on the right hand side, click Map security roles to users/groups.
    4. Make any changes you require and click OK.
  2. To change the role mappings using the wsadmin command, complete the following steps:
    1. Use the MapRolesToUsers option of the edit command of the AdminApp object to map the roles defined in the UDDI Registry application to classes (Everyone or AllAuthenticatedUsers), to users, or to user groups. For example, the following JACL statement maps the GUI Inquiry role to Everyone, and the Version 3 SOAP Publish role to AllAuthenticatedUsers:
      $AdminApp edit $AppName {-MapRolesToUsers { {"GUI_Inquiry_User" Yes No "" ""}  {"V3SOAP_Publish_User_Role" No Yes "" ""} }} 
      where $AdminApp is a variable representing the name of the UDDI Registry application.

      For more information about using the MapRolesToUsers option, see Options for the AdminApp object install, installInteractive, edit, editInteractive, update, and updateInteractive commands.

  3. To change the data confidentiality settings, refer to Configuring SOAP API and GUI services.



Related concepts
Access control for UDDI Registry interfaces

Related tasks
Configuring the UDDI Registry to use UDDI security
Configuring SOAP API and GUI services

Related reference
Options for the AdminApp object install, installInteractive, edit, editInteractive, update, and updateInteractive commands

Task topic    

Terms of Use | Feedback

Last updated: Mar 17, 2005 4:28:29 AM CST
http://publib.boulder.ibm.com/infocenter/ws60help/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/twsu_wassecurity.html

© Copyright IBM Corporation 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)