Client Authentication  Locate

By default, all exposed registry APIs use the UDDI authentication scheme, where an authentication token is passed with every call to identify a remote user. This is shown in registry demos such as Publishing v3. The UDDI authentication scheme can be replaced.

This section demonstrates an example client that publishes a new business entity using HTTP-Basic or SSL client authentication.

Example Client  Locate

For simplicity, the example client uses a SOAP stack provided with Oracle Service Registry. You can use a SOAP stack of your choice to communicate with the registry.

Example 3. ExampleClient.java

// (c) Copyright 2001-2008 Hewlett-Packard Development Company, L.P.
// Use is subject to license terms.

import org.systinet.uddi.client.v3.UDDIPublishStub;
import org.systinet.uddi.client.v3.UDDI_Publication_PortType;
import org.systinet.uddi.client.v3.struct.*;

public class ExampleClient {
    public static void main(String[] args) {
        String registryBaseUrl = System.getProperty("registry.base.url","http://localhost:8080");
        String urlPublishing = registryBaseUrl+ "/uddi/publishing";
        System.out.print("Using publishing URL "+urlPublishing + " .");

        try {
            UDDI_Publication_PortType publish = UDDIPublishStub.getInstance(urlPublishing);
            System.out.println(publish.save_business(new Save_business
                    (new BusinessEntityArrayList(new BusinessEntity(new NameArrayList
                            (new Name("Created by Client Authentication Example")))))));

            System.out.println(" done");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

The client is created as follows:

  1. Create the directory CLIENT_HOME.

  2. Create a client class in the CLIENT_HOME directory. The example client is shown in Example 3. The client contains no security calls or structures. Client-side security is configured later using properties supplied to the java command that runs the client.

  3. In CLIENT_HOME, create the lib subdirectory. Copy the jar files required for compilation and client execution to this directory. All the jars are in the Oracle Service Registry installation directory. They are:

    • lib/activation.jar

    • lib/builtin_serialization.jar

    • lib/core_services_client.jar

    • lib/jaxm.jar

    • lib/jaxrpc.jar

    • lib/jetty.jar

    • lib/log4j.jar

    • lib/saaj.jar

    • lib/security-ng.jar

    • lib/security2-ng.jar

    • lib/security_providers_client.jar

    • lib/wasp.jar

    • lib/wsdl_api.jar

    • lib/xalan.jar

    • lib/xercesImpl.jar

    • lib/xml-apis.jar

    • dist/uddiclient_core.jar

    • dist/uddiclient_api_ v3.jar

  4. In CLIENT_HOME, create the conf subdirectory. Copy configuration files required to run the client to this directory. These files are also in the Oracle Service Registry installation directory:

    • conf/clientconf.xml

    • conf/package12.xml

    • conf/package13.xml

    • conf/jaas.config

  5. Compile the example client class using a CLASSPATH that includes all jar files in the lib subdirectory of CLIENT_HOME

Before running the client, configure registry to one of the authentication schemes described in HTTP Basic or SSL Client authentication with Embedded HTTP/HTTPS Server. If you want to configure a deployed registry for SSL client authentication, follow the instructions given in J2EE Server Authentication

To run the client:

  1. Use a classpath that includes all jar files from CLIENT_HOME/lib, and the directory containing the compiled example class.

  2. Add the following property definitions to the java command line:

    • -Dwasp.location=CLIENT_HOME

    • -Djava.security.auth.login.config=CLIENT_HOME/conf/jaas.config

  3. To run the client with HTTP Basic authentication add the following command-line options:

    • -Dwasp.username=USERNAME

    • -Dwasp.password=PASSWORD

    • -Dwasp.securityMechanism=HttpBasic

    • -Dregistry.base.url=http://HOST:PORT/CONTEXT

    Use the credentials of a registered user instead of USERNAME and PASSWORD. To register a new user, start with the main page of registry console. See Registry Consoles for details. If you imported demo data during installation, you can also use the demo user demo_john with password demo_john.

    The base URL for registry is specified using the registry.base.url property as shown in Example 3. Replace HOST,PORT and CONTEXT to match your registry deployment; for example http://pc1.example.com:8080.

  4. To run the client with SSL client authentication add the following command-line options:

    • -Dwasp.username=USERNAME

    • -Dwasp.password=PASSWORD

    • -Dwasp.securityMechanism=SSL

    • -Dregistry.base.url=https://HOST:PORT/CONTEXT

    Unlike HTTP Basic authentication, USERNAME and PASSWORD are used to obtain the client identity from a local protected store. You must import the client identity using the instructions provided in SSL Tool. The protected store of the example client is in the file CLIENT_HOME/conf/clientconf.xml. You must also import a server certificate (or the certificate of a certification authority that issued the server certificate) to the same protected store using the instructions provided in PStore Tool.

    Use an alias in the protected store instead of USERNAME. PASSWORD stands for the password that is used to protect the private key stored under that alias.

    The base URL for registry is specified using the registry.base.url System property as shown in Example 3. Replace HOST,PORT and CONTEXT to match your registry deployment; for example https://pc1.example.com:8443.