dcsimg
Securing Apache Axis to ensure web service is not public.
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   tom_t
Posted On:   Sunday, January 16, 2005 07:24 PM

I am using apache axis to handle my web services.
The intended user of the web-services are going to be on the same domain and will use the services through Flash.

My problem is that it appears as though anyone who gets hold of the address of the web WSDL file that is generated by axis will be able to use the service.

Is their a way to configure axis so that it will only accept calls from my domain?

Or will I need to some how authenticate every call to ensure it is from my domain?

Re: Securing Apache Axis to ensure web service is not public.

Posted By:   tom_t  
Posted On:   Sunday, January 16, 2005 11:49 PM

Ok I may be answering one part my own question here. This seems to be offerring some privacy for the webservice.

Ok deploy your axis service with the deploy.wsdd and run the servlet to get the auto generated ?WSDL from the servlet.

Copy the WSDL xml generated from the servlet into a new file say myService.wsdl that is in the same directory as your services Class.




Allright now to stop the WSDL autogenerating by putting the following line in the deploy.wsdd

/myService.wsdl
I think you can put this line anywhere (not 100% sure) but for reference I put it under




that should be right at the top of the deploy.wsdd.




Now run the java org.apache.axis.client.AdminClient undeploy.wsdd followed by the same except with the deploy.wsdd (I think you can also do this through the axis web client) but this is just as easy.




Thats pretty much all their is to it. The servlet will now not auto produce a wsdl when you navigate to the web service and append ?wsdl to the end. I assume as long as the file system is hidden by the web-server not just anyone will be able to access the wsdl to the web service.

You may also want to check that your web service is still working with whatever client you have built to consume the service. Personally I use a jsp to produce some output.



How am I going so far? I'm sure this is not the complete solution but it seems to be part of it.
About | Sitemap | Contact