You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by nitintiwari <ni...@thomsonreuters.com> on 2012/03/20 15:49:25 UTC

Hiding the WSDL from Public Access

I'm using CXF to publish a Web Service, but our Security Team wants us to
protect the WSDL over https access.
So what are my options, so that Web Service remains functional but WSDL is
hidden? 
This should also hide the CXFServlet displaying the avaliable soap services
part as well.

Is there a way I can password protect the WSDL Endpoint? Will it break the
testers testing with SoapUI?

Thanks
Nitin

--
View this message in context: http://cxf.547215.n5.nabble.com/Hiding-the-WSDL-from-Public-Access-tp5580226p5580226.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: Hiding the WSDL from Public Access

Posted by Glen Mazza <gm...@talend.com>.

This blog entry might help: 
http://www.jroller.com/gmazza/entry/ssl_for_web_services

Glen

On 03/20/2012 10:49 AM, nitintiwari wrote:
> I'm using CXF to publish a Web Service, but our Security Team wants us to
> protect the WSDL over https access.
> So what are my options, so that Web Service remains functional but WSDL is
> hidden?
> This should also hide the CXFServlet displaying the avaliable soap services
> part as well.
>
> Is there a way I can password protect the WSDL Endpoint? Will it break the
> testers testing with SoapUI?
>
> Thanks
> Nitin
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Hiding-the-WSDL-from-Public-Access-tp5580226p5580226.html
> Sent from the cxf-user mailing list archive at Nabble.com.


-- 
Glen Mazza
Talend Community Coders
coders.talend.com
blog: www.jroller.com/gmazza

Re: Hiding the WSDL from Public Access

Posted by Daniel Kulp <dk...@apache.org>.

On Tuesday, March 20, 2012 07:49:25 AM nitintiwari wrote:
> I'm using CXF to publish a Web Service, but our Security Team wants us to
> protect the WSDL over https access.
> So what are my options, so that Web Service remains functional but WSDL is
> hidden?
> This should also hide the CXFServlet displaying the avaliable soap
> services part as well.

The second part is easy.  If you add a servlet param of 
"hide-service-list-page" "true"

then the service list page won't display.

> Is there a way I can password protect the WSDL Endpoint? Will it break the
> testers testing with SoapUI?

With CXF 2.4.x and newer, you can add an interceptor to the start of the 
chain that would check if it's a query for the wsdl and pretty much do what 
ever you want.  Check basic auth creds, modify urls, etc...  

Alternatively , from you web.xml, you should be able to set that the context 
the cxf servlet is deployed on requires security.   

Dan

> 
> Thanks
> Nitin
> 
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Hiding-the-WSDL-from-Public-Access-tp5580
> 226p5580226.html Sent from the cxf-user mailing list archive at
> Nabble.com.
-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com