Tutorial - User Registration

Any user can browse the public content of a registry. Access to private objects as well as write access to public objects requires that the user is logged in and is authorized to perform that action on that object.

A user must register with a registry before they can logon to that registry and perform secure operations such as object publishing, update and removal. A user may register with the registry using one of the following ways:

Registration Using Registry Browser

The easiest method of registering yourself as a registered user of a registry is through the User Registration toolbar button in the registry browser.

User Registration Wizard

The User Registration Wizard is launched from the User Registration Wizard button on the toolbar for the Registry Browser. It is used to create and register new users for the registry. Upon clicking the User Registration Wizard button a popup window will appear with a number of fields to fill in. The username, fullname, phone number, address, email, etc. fields are mandatory ( See Figure 6.1 ). After filling in all the fields, click ok and the Login dialog box will appear ( See Figure 6.2 ). Enter the new username and password to login the new user. The new user's information will now be stored in the client and server side keystores for future Logons.

Self Signed Certificates

By default the User Registration Wizard uses self signed digital certificates. These certificates are not very secure.

3rd Party Issued Certificates

A more secure solution is to use 3rd party certificates when performing user registration. In order to use a 3rd party certificate you must import that certificate manually using keytool into the client keystore before performing user registration using the User Registration Wizard as described earlier. The following steps describe how to register using 3rd party certificates:

  1. Acquire a third party X509 digital certificate. One source where you can obtain a free certificate is at http://www.thawte.com/html/COMMUNITY/personal/index.html .
  2. Import the certificate into the client keystore using keytool . This step is described in detail here .
  3. Perform user registration using User Registration Wizard. . Make sure that you use the same alias and key password that is associated with the key in the 3rd party certificate imported into the client keystore in the previous step.

Importing Certificates Using Keytool

The following keytool command may be used to import a certificate from a PKCS12 format file into the client keystore:

keytool -import -keystore ~/jaxr-ebxml/security/keystore.jks -storepass <store password: usually ebxmlrr> -keypass <keypasswd> -file <cert file> -storetype PKCS12

Login

Making any changes to the registry requires you to login to the registry. To login you must click the Login button on the toolbar and fill in the username and password fields. This information will then be validated in both client and server keystores. Once logged in, you may add registry objects or edit any existing objects created by you and save your changes. To login as a different user click the login button again and enter the alternate user information. If you perform a secure operation without logging in as a registered user, the Login dialog box will appear when attempting to save your changes.

Note: There is currently no time-out for a logged in user but this feature may be added in future releases.