You can implement a flexible authorization policy using roles. Membership in a role determines the level of authoriization for a given user. There are three roles that are predefined as Web application roles and used for the private UDDI server:
UddiInquire role – members can search and query the UDDI registry. By default, UDDI does not require the user to be authenticated to search the UDDI server. However, you might not want to do this in a production environment. So, by mapping this role appropriately in a publish or aadministration capacity authentication and authorization can be explicitly enforced by the container.
UddiPublish role – members can publish information to and query from the UDDI registry. Members of this role can modify or delete only information that they have published.
UddiAdmin role – members can modify or delete any information published in the UDDI registry. In addition, members of this role have publish and query privileges, and can add, modify, and delete configuration parameters.
You can map these roles to any EAServer role to enforce the desired authorization policy. See Chapter 3, “Using Web Application Security,” in the EAServer Security Administration and Programming Guide for information about roles and role mapping.In a development environment, you might want to map the UddiAdmin role to EAServer’s Admin role, and map the other two roles to “everyone.” In this case, any authenticated user is considered a member of the role and can publish and query. Only the jagadmin user can modify published data and UDDI configuration settings.
The default security policy permits unauthenticated users to query the UDDI registry. However, you can modify the policy by defining the UddiInquire role for the Web application.
Mapping UDDI registry roles
Connect to the private UDDI server (UDDI on localhost).
Expand the Administration folder.
Highlight the Security Administration folder. The UDDI registry roles display in the right pane.
Each role is mapped to an EAServer role. To change the role mapping, select an EAServer role from the drop-down list to which you want to map the UDDI role. Click Apply to apply the changes.
In addition to using roles to enforce security, you can use secure transport connections when publishing information to the UDDI server. By setting the appropriate security constraints for the private UDDI Web application, the EAServer Web container enforces HTTPS access for publish only.
See Chapter 3, “Using Web Application Security,” in the EAServer Security Administration and Programming Guide for information about establishing security constraints.
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|
