You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ri...@apache.org on 2002/09/27 04:41:55 UTC
cvs commit: xml-axis/java/docs reference.html
rineholt 2002/09/26 19:41:55
Modified: java/docs reference.html
Log:
Update allowed methods.
Revision Changes Path
1.11 +31 -7 xml-axis/java/docs/reference.html
Index: reference.html
===================================================================
RCS file: /home/cvs/xml-axis/java/docs/reference.html,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- reference.html 26 Sep 2002 20:32:55 -0000 1.10
+++ reference.html 27 Sep 2002 02:41:55 -0000 1.11
@@ -363,7 +363,7 @@
or portTypes.
<p><b>-l, --location <location></b> <br>
Indicates the url of the location of the service. The name after the last
- slash or backslash is the name of the service port (unless overriden by the
+ slash or backslash is the name of the service port (unless overridden by the
-s option). The service port address location attribute is assigned the
specified value.
<p><b>-p, --portTypeName <name></b> <br>
@@ -414,7 +414,7 @@
<p><b>-f, --factory <class></b> <br>
(No longer used.)
<p><b>-i, --implClass <impl-class></b> <br>
- Sometimes extra information is avalable in the implementation class file. Use
+ Sometimes extra information is available in the implementation class file. Use
this option to specify the implementation class.
<p><b>-f, --factory <class></b> <br>
(No longer used.)
@@ -449,7 +449,7 @@
Defines a Handler, and indicates the type of the handler. "Type"
is either the name of another previously defined Handler, or a QName of the
form "<b>java:<i>class.name</i></b>". The optional "name"
- attribute allows you to refer to this Handler defintion in other parts of
+ attribute allows you to refer to this Handler definition in other parts of
the deployment. May contain an arbitrary number of <b><font face="Courier New, Courier, mono"><option
name="</font></b><font face="Courier New, Courier, mono"><i>name</i></font><b><font face="Courier New, Courier, mono">"
value="</font></b><font face="Courier New, Courier, mono"><i>value</i></font><b><font face="Courier New, Courier, mono">"></font></b>
@@ -464,11 +464,35 @@
<b>Options</b> may be specified as follows : <code><b><parameter name="</b>name<b>"
value="</b>value<b>"/></b></code>, and common ones include:<br>
<br>
- <b>className</b> : the backend implementation class<br>
- <b>allowedMethods</b> : the allowed methods (use "*" to allow all
- public methods)<br>
- <b>allowedRoles</b> : comma-separated list of roles allowed to access this
+ <ul>
+ <li><b>className</b> : the backend implementation class<br>
+ <li><b>allowedMethods</b> :
+ Each provider can determine which methods are allowed to be exposed as web services.
+ <br>To summaries for Axis supplied providers:<br>
+ <p><u>Java RPC Provider</u> (provider="java:RPC") by default all public methods specified by the class
+ in the className option, including any inherited methods are
+ available as web services.<br> For more details regarding the Java Provider
+ please see <B>WHERE???</B>.
+ <P><u>Java MsgProvder</u> (provider="java:MSG")
+ <!-- Glen to provide details -->
+ <P>In order to further restrict the above methods, the <b>allowedMethods</b> option may
+ be used to specify in a space delimited list the names of only those methods which are allowed
+ as web services. It is also possible to specify for this option the value <b>"*"</b> which is
+ functionally equivalent to not specify the option at all.
+ Also, it is worth mentioning that the <b>operation</b> element is used to further define the methods being offered, but it does not affect
+ which methods are made available.
+ <p><i>Note, while this is true for Axis supplied providers, it is implementation dependent on each individual provider. Please review
+ your providers documentation on how or if it supports this option.</i>
+ </i>
+ <P>
+ <B><u>Note, Exposing any web service has security implications.</u><br></B>As a best practices guide it is
+ <u>highly</u> recommend when offering a web service in un secure environment to restrict allowed methods to only those
+ required for the service being offered. And, for those that are made available, to <b>fully</b> understand their function
+ and how they may access and expose your systems's resources.
+ <P>
+ <li><b>allowedRoles</b> : comma-separated list of roles allowed to access this
service<br>
+ </ul>
<br>
If you wish to define handlers which should be invoked either before or after
the service's provider, you may do so with the <b><requestFlow></b>