WAS v8.5 > Secure applications > Secure web services > Configure UDDI registry securityConfigure UDDI Security with WAS security disabled
We can configure the UDDI registry to use the UDDI v3 security API or the UDDI v1 and v2 publish security features. When WebSphere Application Server security is disabled, WAS security roles and data confidentiality constraints do not apply.
WAS security must be disabled. We can configure the UDDI registry to use the UDDI security features with WAS security disabled for test purposes. It is not advisable to use this type of configuration for production purposes.
For UDDI v1 and v2 security, the following features are active and do not require further configuration:
- UDDI v1 and v2 publish requests require UDDI v1 and v2 authentication tokens respectively. Publishers that request or use an authentication token must be registered WAS users.
- UDDI v1 and v2 inquiry requests do not require authentication tokens.
For UDDI v3, configure the UDDI registry to use the UDDI v3 Security API, or to use authentication tokens with the v3 Publish and Custody Transfer APIs.
To configure the UDDI registry to use the UDDI v3 security features, we use the dmgr console.
- Click UDDI > UDDI Nodes > uddi_node_name.
- In the General Properties section, select Use authInfo credentials if provided to specify the authInfo contents in UDDI API requests are used to validate users.
- Click OK.
Results
Authentication tokens are required for publish requests and custody transfer requests, but not for inquiry requests. Publishers that request or use an authentication token must be registered WAS users.
Next topic: UDDI registry security and UDDI registry settings
Related
Configure UDDI security with WAS security enabled
Reference:
Security API for the UDDI v3 registry