You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by nitintiwari <ni...@thomsonreuters.com> on 2012/03/20 15:49:25 UTC
Hiding the WSDL from Public Access
I'm using CXF to publish a Web Service, but our Security Team wants us to
protect the WSDL over https access.
So what are my options, so that Web Service remains functional but WSDL is
hidden?
This should also hide the CXFServlet displaying the avaliable soap services
part as well.
Is there a way I can password protect the WSDL Endpoint? Will it break the
testers testing with SoapUI?
Thanks
Nitin
--
View this message in context: http://cxf.547215.n5.nabble.com/Hiding-the-WSDL-from-Public-Access-tp5580226p5580226.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Hiding the WSDL from Public Access
Posted by Glen Mazza <gm...@talend.com>.
This blog entry might help:
http://www.jroller.com/gmazza/entry/ssl_for_web_services
Glen
On 03/20/2012 10:49 AM, nitintiwari wrote:
> I'm using CXF to publish a Web Service, but our Security Team wants us to
> protect the WSDL over https access.
> So what are my options, so that Web Service remains functional but WSDL is
> hidden?
> This should also hide the CXFServlet displaying the avaliable soap services
> part as well.
>
> Is there a way I can password protect the WSDL Endpoint? Will it break the
> testers testing with SoapUI?
>
> Thanks
> Nitin
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Hiding-the-WSDL-from-Public-Access-tp5580226p5580226.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Glen Mazza
Talend Community Coders
coders.talend.com
blog: www.jroller.com/gmazza
Re: Hiding the WSDL from Public Access
Posted by Daniel Kulp <dk...@apache.org>.
On Tuesday, March 20, 2012 07:49:25 AM nitintiwari wrote:
> I'm using CXF to publish a Web Service, but our Security Team wants us to
> protect the WSDL over https access.
> So what are my options, so that Web Service remains functional but WSDL is
> hidden?
> This should also hide the CXFServlet displaying the avaliable soap
> services part as well.
The second part is easy. If you add a servlet param of
"hide-service-list-page" "true"
then the service list page won't display.
> Is there a way I can password protect the WSDL Endpoint? Will it break the
> testers testing with SoapUI?
With CXF 2.4.x and newer, you can add an interceptor to the start of the
chain that would check if it's a query for the wsdl and pretty much do what
ever you want. Check basic auth creds, modify urls, etc...
Alternatively , from you web.xml, you should be able to set that the context
the cxf servlet is deployed on requires security.
Dan
>
> Thanks
> Nitin
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Hiding-the-WSDL-from-Public-Access-tp5580
> 226p5580226.html Sent from the cxf-user mailing list archive at
> Nabble.com.
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com