You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Gul Onural <on...@nortel.com> on 2007/06/21 01:55:08 UTC
How to password protect access to SOAPMonitor
Hi,
I noticed that the SOAPMonitor is not protected with userId/password. If
somebody knows the url of the service,
he can then launch the SOAPMonitor and see the messages coming back and
forth.
Is there a way to password protect the SOAPMonitor, or we just have to
take it out from our production system?
Gul
Re: How to password protect access to SOAPMonitor
Posted by robert lazarski <ro...@gmail.com>.
It might require more effort than your time permits, so I would say disable
the soapmonitor module until you need it.
Since this really has nothing to do with axis2 - you just want to password
protect a url - there really is nothing to integrate. The way I'd do it -
acegi - is far beyond the scope of axis2 I'd imagine.
Robert
On 6/20/07, Gul Onural <on...@nortel.com> wrote:
>
> How easy is this? We are about to deliver the product for trial and I
> cannot make to much change right now.
> Are you planning to integrate this solution to next version of Axis2 ?
>
> Gul
>
> ------------------------------
> *From:* robert lazarski [mailto:robertlazarski@gmail.com]
> *Sent:* Wednesday, June 20, 2007 8:55 PM
> *To:* axis-user@ws.apache.org
> *Subject:* Re: How to password protect access to SOAPMonitor
>
> I tend to put basic auth on the soap monitor using acegi - a security
> framework that requires spring, but doesn't need any axis2 / spring
> integration. If you decide to go that route I can help you implement it as
> its pretty easy once you know how to do it.
>
> Robert
>
> On 6/20/07, Gul Onural <on...@nortel.com> wrote:
> >
> > Hi,
> >
> > I noticed that the SOAPMonitor is not protected with userId/password. If
> > somebody knows the url of the service,
> > he can then launch the SOAPMonitor and see the messages coming back and
> > forth.
> >
> > Is there a way to password protect the SOAPMonitor, or we just have to
> > take it out from our production system?
> >
> > Gul
> >
>
>
RE: How to password protect access to SOAPMonitor
Posted by Gul Onural <on...@nortel.com>.
How easy is this? We are about to deliver the product for trial and I
cannot make to much change right now.
Are you planning to integrate this solution to next version of Axis2 ?
Gul
________________________________
From: robert lazarski [mailto:robertlazarski@gmail.com]
Sent: Wednesday, June 20, 2007 8:55 PM
To: axis-user@ws.apache.org
Subject: Re: How to password protect access to SOAPMonitor
I tend to put basic auth on the soap monitor using acegi - a security
framework that requires spring, but doesn't need any axis2 / spring
integration. If you decide to go that route I can help you implement it
as its pretty easy once you know how to do it.
Robert
On 6/20/07, Gul Onural <on...@nortel.com> wrote:
Hi,
I noticed that the SOAPMonitor is not protected with
userId/password. If somebody knows the url of the service,
he can then launch the SOAPMonitor and see the messages coming
back and forth.
Is there a way to password protect the SOAPMonitor, or we just
have to take it out from our production system?
Gul
Re: How to password protect access to SOAPMonitor
Posted by Martin Gainty <mg...@hotmail.com>.
When used with ORM tools such as hibernate with lazy-init="true" where LazyInitializaionExceptions happen you'll want to look into
OpenSessionInViewFilter
http://www.thearcmind.com/confluence/display/SpribernateSF/Configuring+Hibernate,+Spring,+OpenInSessionViewFilter+and+MyFaces+JSF
Automatically assigning the datasource for all beans from the configured BeanFactory thru Spring is a nice advantage though
http://static.springframework.org/spring/docs/1.1.5/reference/transactionhtml
M--
This email message and any files transmitted with it contain confidential
information intended only for the person(s) to whom this email message is
addressed. If you have received this email message in error, please notify
the sender immediately by telephone or email and destroy the original
message without making a copy. Thank you.
----- Original Message -----
From: robert lazarski
To: axis-user@ws.apache.org
Sent: Wednesday, June 20, 2007 8:54 PM
Subject: Re: How to password protect access to SOAPMonitor
I tend to put basic auth on the soap monitor using acegi - a security framework that requires spring, but doesn't need any axis2 / spring integration. If you decide to go that route I can help you implement it as its pretty easy once you know how to do it.
Robert
On 6/20/07, Gul Onural <on...@nortel.com> wrote:
Hi,
I noticed that the SOAPMonitor is not protected with userId/password. If somebody knows the url of the service,
he can then launch the SOAPMonitor and see the messages coming back and forth.
Is there a way to password protect the SOAPMonitor, or we just have to take it out from our production system?
Gul
Re: How to password protect access to SOAPMonitor
Posted by robert lazarski <ro...@gmail.com>.
I tend to put basic auth on the soap monitor using acegi - a security
framework that requires spring, but doesn't need any axis2 / spring
integration. If you decide to go that route I can help you implement it as
its pretty easy once you know how to do it.
Robert
On 6/20/07, Gul Onural <on...@nortel.com> wrote:
>
> Hi,
>
> I noticed that the SOAPMonitor is not protected with userId/password. If
> somebody knows the url of the service,
> he can then launch the SOAPMonitor and see the messages coming back and
> forth.
>
> Is there a way to password protect the SOAPMonitor, or we just have to
> take it out from our production system?
>
> Gul
>
Re: How to password protect access to SOAPMonitor
Posted by Martin Gainty <mg...@hotmail.com>.
Have you looked into Rampart?
http://ws.apache.org/axis2/modules/rampart/1_2/security-module.html
M--
This email message and any files transmitted with it contain confidential
information intended only for the person(s) to whom this email message is
addressed. If you have received this email message in error, please notify
the sender immediately by telephone or email and destroy the original
message without making a copy. Thank you.
----- Original Message -----
From: Gul Onural
To: axis-user@ws.apache.org
Sent: Wednesday, June 20, 2007 7:55 PM
Subject: How to password protect access to SOAPMonitor
Hi,
I noticed that the SOAPMonitor is not protected with userId/password. If somebody knows the url of the service,
he can then launch the SOAPMonitor and see the messages coming back and forth.
Is there a way to password protect the SOAPMonitor, or we just have to take it out from our production system?
Gul