Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
19.5. Security Authentication Implementations Available for the Service Registry
- jUDDI Authentication
Warning
Do not use this authentication method in a production environment. It accepts any credentials provided, and effectively removes the need for clients to authenticate when accessing the registry.The default authentication mechanism provided by the Service Registry is thejUDDIAuthenticator.jUDDIAuthenticator's authenticate phase checks to see if the, user ID submitted matches against a record in thePublishertable. No credentials checks are made. If, during the authentication process, the Publisher record is found to be non-existent, it is added "on-the-fly".In the identify phase, the publisher ID is used to retrieve the Publisher record and return it. The Publisher inherits every property it needs fromUddiEntityPublisher:juddi.authenticator = org.apache.juddi.auth.JUDDIAuthentication- XMLDocAuthentication
- The authenticate phase checks that the user id and password match a value in the XML file. The identify phase uses the user ID to populate a new
UddiEntityPublisher. - CryptedXMLDocAuthentication
- The
CryptedXMLDocAuthenticationimplementation is similar to theXMLDocAuthenticationimplementation, but the passwords are encrypted:juddi.authenticator = org.apache.juddi.auth.CryptedXMLDocAuthentication juddi.usersfile = juddi-users-encrypted.xml juddi.cryptor = org.apache.juddi.cryptor.DefaultCryptorHere, the user credential file isjuddi-users-encrypted.xml, and the content of the file will be similar to this:<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <juddi-users> <user userid="anou_mana" password="+j/kXkZJftwTFTBH6Cf6IQ=="/> <user userid="bozo" password="Na2Ait+2aW0="/> <user userid="sviens" password="+j/kXkZJftwTFTBH6Cf6IQ=="/> </juddi-users>TheDefaultCryptorimplementation usesBEWithMD5AndDESandBase64to encrypt the passwords.Note
You can use the code in theAuthenticatorTestto learn more about how to use this Authenticator implementation. You can plug in your own encryption algorithm by implementing theorg.apache.juddi.cryptor.Cryptorinterface and referencing your implementation class in the juddi.cryptor property.The authenticate phase checks that the user ID and password match values in the XML file. The identify phase uses the user ID to populate a newUddiEntityPublisher. - LDAP Authentication
- Use
LdapSimpleAuthenticatorto authenticate users via LDAP's simple authentication functionality. This class allows you to authenticate a user based on an LDAP principle, provided that the principle and the jUDDI publisher ID are identical. - JBoss Authentication
- A final alternative is to interface with third-party credential stores. You can link it to the JBoss Application Server's authentication component.You will find the
JBossAuthenticatorclass provided in thedocs/examples/authdirectory. This class enables jUDDI deployments on JBoss to use a server security domain to authenticate users.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}