Thursday, May 30, 2013

jUDDI's extensiblity: Authentication Modules

I've been diving through the jUDDI code and ran across another extensibility point: Authentication modules. Authentication modules are used when the UDDI's AuthToken is utilized on the Security web service. It's function is to point to some kind of user credential store to validate users. Let's first go over what's out of the box.

  • org.apache.juddi.v3.auth.JUDDIAuthenticator - this really performs no credential checks. Just give it whatever you want and you'll get a token.
  • org.apache.juddi.v3.auth.XMLDocAuthenticator - this validates users against a clear text xml file, normally called "juddi-users.xml"
  • org.apache.juddi.v3.auth.CryptedXMLDocAuthenticator - this validates users against an encrypted xml file called "juddi-users-encrypted.xml". This uses the Cipher PBEWithMD5AndDES.  I don't believe there's currently any command line utility to encrypt a password, but there is an open ticket for it.
  • org.apache.juddi.v3.auth.LdapSimpleAuthenticator - this validates credentials against an LDAP using "simple" authentication (which can send credentials in the clear). It basically tries to connect to LDAP as the user that's attempting to use jUDDI. Most LDAP's require the user to authentication as a distinguished name, such as CN=Bob Smith, OU=Users,, etc. This is a bit of a  burden on the user.
All of these classes implement the interface org.apache.juddi.v3.auth.Authenticator. So, if you wanted something a bit more functional than what's provided out of the box. you'll need to implement your own Authenticator.  To wire it in, edit the file, specifying your class name as the value to the property "juddi.authenticator" and then add the class or jar containing your implementation to juddiv3.war/WEB-INF/classes or judiv3.war/WEB-INF/lib respectively. 

Note: there's a few open tickets in jUDDI's JIRA Issue tracker that detail some enhancements to Authenticators. 

As always, we appreciate community contributions!

No comments:

Post a Comment