Re: Securing Apache Axis to ensure web service is not public.
Sunday, January 16, 2005 11:49 PM
Ok I may be answering one part my own question here. This seems to be offerring some privacy for the webservice.
Ok deploy your axis service with the deploy.wsdd and run the servlet to get the auto generated ?WSDL from the servlet.
Copy the WSDL xml generated from the servlet into a new file say myService.wsdl that is in the same directory as your services Class.
Allright now to stop the WSDL autogenerating by putting the following line in the deploy.wsdd
I think you can put this line anywhere (not 100% sure) but for reference I put it under
that should be right at the top of the deploy.wsdd.
Now run the java org.apache.axis.client.AdminClient undeploy.wsdd followed by the same except with the deploy.wsdd (I think you can also do this through the axis web client) but this is just as easy.
Thats pretty much all their is to it. The servlet will now not auto produce a wsdl when you navigate to the web service and append ?wsdl to the end. I assume as long as the file system is hidden by the web-server not just anyone will be able to access the wsdl to the web service.
You may also want to check that your web service is still working with whatever client you have built to consume the service. Personally I use a jsp to produce some output.
How am I going so far? I'm sure this is not the complete solution but it seems to be part of it.