You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Egor Samarkhanov <sl...@actimind.com> on 2007/10/16 21:03:57 UTC
Disable access to wsdl in Servlet transport
Hello !
How can I restrict access to WSDL of my service?
I don't want someone to access the
http//host.com/services/myservice?wsdl content.
And I use Servlet transport.
Thanks,
Egor Samarkhanov (slash@actimind.com)
Re: Disable access to wsdl in Servlet transport
Posted by Willem Jiang <ni...@iona.com>.
Hi,
I think you can take a look at the WSDLQueryHandler in the CXF core.
You can extend it and add some security check here, then register the
Handler to the QueryHandlerRegistyImpl.
Willem.
Egor Samarkhanov wrote:
> Hello !
>
> How can I restrict access to WSDL of my service?
> I don't want someone to access the
> http//host.com/services/myservice?wsdl content.
> And I use Servlet transport.
>
> Thanks,
> Egor Samarkhanov (slash@actimind.com)
>
>
>
>
Re: Disable access to wsdl in Servlet transport
Posted by Daniel Kulp <dk...@apache.org>.
Programatically, you can grab the Bus, get the QueryHandlerRegistry
extension from it, and then remove the WSDLQueryHandler. Kind of
sucks.
I'm changing the spring config so the WSDLQueryHandler is added via
spring instead of a hardcoded "new WSDLQueryHandler()" in the code.
Thus, you might be able to specify a different configuration.
Dan
On Tuesday 16 October 2007, Egor Samarkhanov wrote:
> Hello !
>
> How can I restrict access to WSDL of my service?
> I don't want someone to access the
> http//host.com/services/myservice?wsdl content.
> And I use Servlet transport.
>
> Thanks,
> Egor Samarkhanov (slash@actimind.com)
--
J. Daniel Kulp
Principal Engineer
IONA
P: 781-902-8727 C: 508-380-7194
daniel.kulp@iona.com
http://www.dankulp.com/blog
RE: Disable access to wsdl in Servlet transport
Posted by Willem2 <ni...@iona.com>.
I do not think httpj configuration can do that .
Because we add the service url context when we add the servant to the Jetty
Engine.
As Benson just mentioned , I don't think a common Jetty handler can filter
all the ?wsdl request.
Maybe we need to do some hacking work in the QueryHandlerRegisty for a
common solution of the Servlet and Jetty HTTP transports.
Willem.
Sergey Beryozkin wrote:
>
> Can you do it using an httpj configuration ?
>
> Cheers, Sergey
>
>
> -----Original Message-----
> From: Benson Margulies [mailto:bim2007@basistech.com]
> Sent: 17 October 2007 11:36
> To: cxf-user@incubator.apache.org
> Subject: RE: Disable access to wsdl in Servlet transport
>
> Well, perhaps you do.
>
> Use the CXF config to hang a handler in front of the CXF handler that
> filter-feeds for ?wsdl? I can't prove that jetty allows one handler to
> peek into a context owned by a successor.
>
>> -----Original Message-----
>> From: James Mao [mailto:james.mao@iona.com]
>> Sent: Wednesday, October 17, 2007 6:11 AM
>> To: cxf-user@incubator.apache.org
>> Subject: Re: Disable access to wsdl in Servlet transport
>>
>> If you're working with a container, i think you can do this through
>> configuration of the container, to redirect the ?wsdl to a more
> friendly
>> page,
>> say, "please contact ... to get the wsdl", or list the service you
> have
>> etc.
>>
>> I guess we don't have this function in a standalone service, do we?
>>
>> James
>>
>> > But I think we still can do it in the filter, such as:
>> >
>> > doFilter() {
>> > if (URLHasWsdlSuffix()) {
>> > //Do the Authentication
>> > } else {
>> > //access the web service }
>> > }
>> >
>> > If you don't want to use the filter to do the security, maybe need
> to
>> > add an interceptor or other codes before dealing with
>> > WSDLQueryHandler, as willem pointed out in the other mail.
>> >
>> > HTH..
>> >
>> > Thanks
>> > Jeff
>> >
>> > Glen Mazza wrote:
>> >> Jeff,
>> >> I think he doesn't want people to see the WSDL file. It's not the
>> >> service he wants to restrict, but viewing its WSDL. I don't know
> if
>> >> that can be done.
>> >>
>> >> Glen
>> >>
>> >> Am Mittwoch, den 17.10.2007, 11:11 +0800 schrieb Jeff Yu:
>> >>
>> >>> Hi,
>> >>>
>> >>> There is an easy way that I came up is to use a filter in web.xml
> to
>> >>> restrict the access.
>> >>>
>> >>> Say there are three services: A,B,C , we want to restrict the B,C
>> >>> service. we can pulish the services as following:
>> >>>
>> >>> http://host.com/services/secure/B
>> >>> http://host.com/services/secure/C
>> >>> http://host.com/services/A.
>> >>>
>> >>> And then we will config a filter to restrict the
>> >>> http://lhost.com/service/secure url to do the authentication.
>> >>>
>> >>> So people can access the A service without any restriction, but
> need
>> >>> to get authentication to access B,C service.
>> >>>
>> >>> Thanks
>> >>> Jeff
>> >>>
>> >>>
>> >>> Egor Samarkhanov wrote:
>> >>>
>> >>>> Hello !
>> >>>>
>> >>>> How can I restrict access to WSDL of my service?
>> >>>> I don't want someone to access the
>> >>>> http//host.com/services/myservice?wsdl content.
>> >>>> And I use Servlet transport.
>> >>>>
>> >>>> Thanks,
>> >>>> Egor Samarkhanov (slash@actimind.com)
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>
>> >>
>> >
>
> ----------------------------
> IONA Technologies PLC (registered in Ireland)
> Registered Number: 171387
> Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
>
>
--
View this message in context: http://www.nabble.com/Disable-access-to-wsdl-in-Servlet-transport-tf4636104.html#a13254817
Sent from the cxf-user mailing list archive at Nabble.com.
RE: Disable access to wsdl in Servlet transport
Posted by "Beryozkin, Sergey" <Se...@iona.com>.
Can you do it using an httpj configuration ?
Cheers, Sergey
-----Original Message-----
From: Benson Margulies [mailto:bim2007@basistech.com]
Sent: 17 October 2007 11:36
To: cxf-user@incubator.apache.org
Subject: RE: Disable access to wsdl in Servlet transport
Well, perhaps you do.
Use the CXF config to hang a handler in front of the CXF handler that
filter-feeds for ?wsdl? I can't prove that jetty allows one handler to
peek into a context owned by a successor.
> -----Original Message-----
> From: James Mao [mailto:james.mao@iona.com]
> Sent: Wednesday, October 17, 2007 6:11 AM
> To: cxf-user@incubator.apache.org
> Subject: Re: Disable access to wsdl in Servlet transport
>
> If you're working with a container, i think you can do this through
> configuration of the container, to redirect the ?wsdl to a more
friendly
> page,
> say, "please contact ... to get the wsdl", or list the service you
have
> etc.
>
> I guess we don't have this function in a standalone service, do we?
>
> James
>
> > But I think we still can do it in the filter, such as:
> >
> > doFilter() {
> > if (URLHasWsdlSuffix()) {
> > //Do the Authentication
> > } else {
> > //access the web service }
> > }
> >
> > If you don't want to use the filter to do the security, maybe need
to
> > add an interceptor or other codes before dealing with
> > WSDLQueryHandler, as willem pointed out in the other mail.
> >
> > HTH..
> >
> > Thanks
> > Jeff
> >
> > Glen Mazza wrote:
> >> Jeff,
> >> I think he doesn't want people to see the WSDL file. It's not the
> >> service he wants to restrict, but viewing its WSDL. I don't know
if
> >> that can be done.
> >>
> >> Glen
> >>
> >> Am Mittwoch, den 17.10.2007, 11:11 +0800 schrieb Jeff Yu:
> >>
> >>> Hi,
> >>>
> >>> There is an easy way that I came up is to use a filter in web.xml
to
> >>> restrict the access.
> >>>
> >>> Say there are three services: A,B,C , we want to restrict the B,C
> >>> service. we can pulish the services as following:
> >>>
> >>> http://host.com/services/secure/B
> >>> http://host.com/services/secure/C
> >>> http://host.com/services/A.
> >>>
> >>> And then we will config a filter to restrict the
> >>> http://lhost.com/service/secure url to do the authentication.
> >>>
> >>> So people can access the A service without any restriction, but
need
> >>> to get authentication to access B,C service.
> >>>
> >>> Thanks
> >>> Jeff
> >>>
> >>>
> >>> Egor Samarkhanov wrote:
> >>>
> >>>> Hello !
> >>>>
> >>>> How can I restrict access to WSDL of my service?
> >>>> I don't want someone to access the
> >>>> http//host.com/services/myservice?wsdl content.
> >>>> And I use Servlet transport.
> >>>>
> >>>> Thanks,
> >>>> Egor Samarkhanov (slash@actimind.com)
> >>>>
> >>>>
> >>>>
> >>>>
> >>
> >>
> >
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
RE: Disable access to wsdl in Servlet transport
Posted by Benson Margulies <bi...@basistech.com>.
Well, perhaps you do.
Use the CXF config to hang a handler in front of the CXF handler that
filter-feeds for ?wsdl? I can't prove that jetty allows one handler to
peek into a context owned by a successor.
> -----Original Message-----
> From: James Mao [mailto:james.mao@iona.com]
> Sent: Wednesday, October 17, 2007 6:11 AM
> To: cxf-user@incubator.apache.org
> Subject: Re: Disable access to wsdl in Servlet transport
>
> If you're working with a container, i think you can do this through
> configuration of the container, to redirect the ?wsdl to a more
friendly
> page,
> say, "please contact ... to get the wsdl", or list the service you
have
> etc.
>
> I guess we don't have this function in a standalone service, do we?
>
> James
>
> > But I think we still can do it in the filter, such as:
> >
> > doFilter() {
> > if (URLHasWsdlSuffix()) {
> > //Do the Authentication
> > } else {
> > //access the web service }
> > }
> >
> > If you don't want to use the filter to do the security, maybe need
to
> > add an interceptor or other codes before dealing with
> > WSDLQueryHandler, as willem pointed out in the other mail.
> >
> > HTH..
> >
> > Thanks
> > Jeff
> >
> > Glen Mazza wrote:
> >> Jeff,
> >> I think he doesn't want people to see the WSDL file. It's not the
> >> service he wants to restrict, but viewing its WSDL. I don't know
if
> >> that can be done.
> >>
> >> Glen
> >>
> >> Am Mittwoch, den 17.10.2007, 11:11 +0800 schrieb Jeff Yu:
> >>
> >>> Hi,
> >>>
> >>> There is an easy way that I came up is to use a filter in web.xml
to
> >>> restrict the access.
> >>>
> >>> Say there are three services: A,B,C , we want to restrict the B,C
> >>> service. we can pulish the services as following:
> >>>
> >>> http://host.com/services/secure/B
> >>> http://host.com/services/secure/C
> >>> http://host.com/services/A.
> >>>
> >>> And then we will config a filter to restrict the
> >>> http://lhost.com/service/secure url to do the authentication.
> >>>
> >>> So people can access the A service without any restriction, but
need
> >>> to get authentication to access B,C service.
> >>>
> >>> Thanks
> >>> Jeff
> >>>
> >>>
> >>> Egor Samarkhanov wrote:
> >>>
> >>>> Hello !
> >>>>
> >>>> How can I restrict access to WSDL of my service?
> >>>> I don't want someone to access the
> >>>> http//host.com/services/myservice?wsdl content.
> >>>> And I use Servlet transport.
> >>>>
> >>>> Thanks,
> >>>> Egor Samarkhanov (slash@actimind.com)
> >>>>
> >>>>
> >>>>
> >>>>
> >>
> >>
> >
Re: Disable access to wsdl in Servlet transport
Posted by James Mao <ja...@iona.com>.
If you're working with a container, i think you can do this through
configuration of the container, to redirect the ?wsdl to a more friendly
page,
say, "please contact ... to get the wsdl", or list the service you have etc.
I guess we don't have this function in a standalone service, do we?
James
> But I think we still can do it in the filter, such as:
>
> doFilter() {
> if (URLHasWsdlSuffix()) {
> //Do the Authentication
> } else {
> //access the web service }
> }
>
> If you don't want to use the filter to do the security, maybe need to
> add an interceptor or other codes before dealing with
> WSDLQueryHandler, as willem pointed out in the other mail.
>
> HTH..
>
> Thanks
> Jeff
>
> Glen Mazza wrote:
>> Jeff,
>> I think he doesn't want people to see the WSDL file. It's not the
>> service he wants to restrict, but viewing its WSDL. I don't know if
>> that can be done.
>>
>> Glen
>>
>> Am Mittwoch, den 17.10.2007, 11:11 +0800 schrieb Jeff Yu:
>>
>>> Hi,
>>>
>>> There is an easy way that I came up is to use a filter in web.xml to
>>> restrict the access.
>>>
>>> Say there are three services: A,B,C , we want to restrict the B,C
>>> service. we can pulish the services as following:
>>>
>>> http://host.com/services/secure/B
>>> http://host.com/services/secure/C
>>> http://host.com/services/A.
>>>
>>> And then we will config a filter to restrict the
>>> http://lhost.com/service/secure url to do the authentication.
>>>
>>> So people can access the A service without any restriction, but need
>>> to get authentication to access B,C service.
>>>
>>> Thanks
>>> Jeff
>>>
>>>
>>> Egor Samarkhanov wrote:
>>>
>>>> Hello !
>>>>
>>>> How can I restrict access to WSDL of my service?
>>>> I don't want someone to access the
>>>> http//host.com/services/myservice?wsdl content.
>>>> And I use Servlet transport.
>>>>
>>>> Thanks,
>>>> Egor Samarkhanov (slash@actimind.com)
>>>>
>>>>
>>>>
>>>>
>>
>>
>
Re: Disable access to wsdl in Servlet transport
Posted by Jeff Yu <je...@iona.com>.
But I think we still can do it in the filter, such as:
doFilter() {
if (URLHasWsdlSuffix()) {
//Do the Authentication
} else {
//access the web service
}
}
If you don't want to use the filter to do the security, maybe need to
add an interceptor or other codes before dealing with WSDLQueryHandler,
as willem pointed out in the other mail.
HTH..
Thanks
Jeff
Glen Mazza wrote:
> Jeff,
>
> I think he doesn't want people to see the WSDL file. It's not the
> service he wants to restrict, but viewing its WSDL. I don't know if
> that can be done.
>
> Glen
>
> Am Mittwoch, den 17.10.2007, 11:11 +0800 schrieb Jeff Yu:
>
>> Hi,
>>
>> There is an easy way that I came up is to use a filter in web.xml to
>> restrict the access.
>>
>> Say there are three services: A,B,C , we want to restrict the B,C
>> service. we can pulish the services as following:
>>
>> http://host.com/services/secure/B
>> http://host.com/services/secure/C
>> http://host.com/services/A.
>>
>> And then we will config a filter to restrict the
>> http://lhost.com/service/secure url to do the authentication.
>>
>> So people can access the A service without any restriction, but need to
>> get authentication to access B,C service.
>>
>> Thanks
>> Jeff
>>
>>
>> Egor Samarkhanov wrote:
>>
>>> Hello !
>>>
>>> How can I restrict access to WSDL of my service?
>>> I don't want someone to access the
>>> http//host.com/services/myservice?wsdl content.
>>> And I use Servlet transport.
>>>
>>> Thanks,
>>> Egor Samarkhanov (slash@actimind.com)
>>>
>>>
>>>
>>>
>>>
>
>
Re: Disable access to wsdl in Servlet transport
Posted by Glen Mazza <gl...@verizon.net>.
Jeff,
I think he doesn't want people to see the WSDL file. It's not the
service he wants to restrict, but viewing its WSDL. I don't know if
that can be done.
Glen
Am Mittwoch, den 17.10.2007, 11:11 +0800 schrieb Jeff Yu:
> Hi,
>
> There is an easy way that I came up is to use a filter in web.xml to
> restrict the access.
>
> Say there are three services: A,B,C , we want to restrict the B,C
> service. we can pulish the services as following:
>
> http://host.com/services/secure/B
> http://host.com/services/secure/C
> http://host.com/services/A.
>
> And then we will config a filter to restrict the
> http://lhost.com/service/secure url to do the authentication.
>
> So people can access the A service without any restriction, but need to
> get authentication to access B,C service.
>
> Thanks
> Jeff
>
>
> Egor Samarkhanov wrote:
> > Hello !
> >
> > How can I restrict access to WSDL of my service?
> > I don't want someone to access the
> > http//host.com/services/myservice?wsdl content.
> > And I use Servlet transport.
> >
> > Thanks,
> > Egor Samarkhanov (slash@actimind.com)
> >
> >
> >
> >
Re: Disable access to wsdl in Servlet transport
Posted by Jeff Yu <je...@iona.com>.
Hi,
There is an easy way that I came up is to use a filter in web.xml to
restrict the access.
Say there are three services: A,B,C , we want to restrict the B,C
service. we can pulish the services as following:
http://host.com/services/secure/B
http://host.com/services/secure/C
http://host.com/services/A.
And then we will config a filter to restrict the
http://lhost.com/service/secure url to do the authentication.
So people can access the A service without any restriction, but need to
get authentication to access B,C service.
Thanks
Jeff
Egor Samarkhanov wrote:
> Hello !
>
> How can I restrict access to WSDL of my service?
> I don't want someone to access the
> http//host.com/services/myservice?wsdl content.
> And I use Servlet transport.
>
> Thanks,
> Egor Samarkhanov (slash@actimind.com)
>
>
>
>