Access to UDDI Registry interfaces is controlled by a combination of J2EE declarative security using role mappings, and UDDI properties and policies such as the registering of users as UDDI publishers. Each of the UDDI Registry interfaces is represented by a security role. The interfaces and their corresponding roles are as follows:
| UDDI Registry interface | Security role |
|---|---|
| Version 3 SOAP inquiry | V3SOAP_Inquiry_User_Role |
| Version 3 SOAP publish | V3SOAP_Publish_User_Role |
| Version 3 SOAP custody transfer | V3SOAP_CustodyTransfer_User_Role |
| Version 3 SOAP security | V3SOAP_Security_User_Role |
| Version 3 GUI inquiry | GUI_Inquiry_User |
| Version 3 GUI publish | GUI_Publish_User |
| Versions 1 and 2 SOAP inquiry | SOAP_Inquiry_User |
| Versions 1 and 2 SOAP publish | SOAP_Publish_User |
| EJB inquiry | EJB_Inquiry_Role |
| EJB publish | EJB_Publish_Role |
By default, the inquiry roles are mapped to the Everyone special subject and the non inquiry roles are mapped to the AllAuthenticatedUsers special subject. For more information about WebSphere Application Server role mapping and the Everyone and AllAuthenticatedUsers special subjects, see Role-based authorization. With these default settings, after you enable WebSphere Application Server security you do not need access control to use the UDDI Registry inquiry interfaces, however to use the publish roles and the Version 3 custody transfer role be authenticated using a WebSphere Application Server userid and password. (The Version 3 security role is a special case, as this concerns use of UDDI Registry security instead of WebSphere Application Server security, and must be specially configured as described in Configuring
the UDDI Registry to use UDDI security.)
For more information about UDDI Registry security roles and how they can be used to control authorization and data confidentiality, see Configuring the UDDI Registry to use WebSphere Application Server security. Roles which are mapped to AllAuthenticatedUsers (as the UDDI Registry publish interfaces are by default) are further protected in that, having successfully authenticated, the user must also be registered as a UDDI publisher in order to publish data to the UDDI Registry. An E_unknownUser error is returned in the disposition report if the user is not registered. You can register users as UDDI publishers in one of two ways:
In accordance with the UDDI specification, there is additional access control in that an entity which has been published to the UDDI Registry can only be updated or deleted by the user who originally published that entity.
The UDDI Registry also provides some management interfaces which are protected by requiring administrative permissions for certain operations; see UDDI Registry Management Interfaces for details.
Related concepts
Role-based authorization
Related tasks
Configuring the UDDI Registry to use UDDI security
Configuring the UDDI Registry to use WebSphere Application Server security
Using the UDDI Registry
Related reference
UDDI Publisher collection
UDDI Registry Administrative (JMX) Interface
UDDI node settings
UDDI Registry Management Interfaces