Introduction
In order to submit content to the Registry, a Registry Client must have
the proper credentials. One kind of proper credential is a client
certficate. When submitting content using the Web UI, the client
certificate may be imported into your web browser and sent to the web
container over a secure connection. The certificate is used by the Web
UI to identify and authenticate the Client. See the Using HTTPS document for details. This
is the recommended configuration for production deployments.
For developer deployments, however, there is another Web UI option
that does involve less configuration. You can set a property to
indicate which user principal name to use for authentication. The
user principal name maps to the alias of the client certificate. So,
instead of each user sending their client certificate over a secure
connection, the Registry will load a client certificate from the client
keystore file using the principal name. The client keystore is
located in this file:
${user.home}/${omar.name}/${dist.version}/jaxr-ebxml/security/keystore.jks
The omar.name and dist.version properties are set in
omar/build.properties.
Note: this option is only available for Web UI deployments that do not
have container-managed authentication. This kind of authentication
involves the web container protecting the Web UI's resources such as
its JSP pages. The container manages the authentication, and, as a
result, handles the setting of the Client's principal name. Since
the container sets the principal name, configuring an anonymous one is
not an option.
Getting Started
To enable this option, do the following:
omar.security.anonymousUserPrincipalName=<certificate alias>In the above example, <certificate alias> is replaced by 'testuser'.