[Carbon-dev] Restricting access to service metadata (WSDL, schema, policy)
Amila Suriarachchi
amila at wso2.com
Mon Jan 10 06:14:10 PST 2011
hi,
First I think just restricting access to a service meta data won't make any
thing secure.
Then when you add this parameter then it won't show the service both
authorized and unauthorized people. Correct way is to assign a role. show
the metadata only if user in that role.
For this in Axis2 we need to assume people have configure the tomcat or
application user manger component properly and use those roles.
thanks,
Amila.
On Mon, Jan 10, 2011 at 5:10 PM, Afkham Azeez <azeez at wso2.com> wrote:
> As per https://issues.apache.org/jira/browse/AXIS2-3316 I have implemented
> this functionality where you can add the <parameter
> name="exposeServiceMetadata">false</parameter> parameter to the axis2.xml or
> services.xml file in order to restrict access to the service metadata.
>
> Adding the parameter to axis2.xml will not allow access to the metadata of
> all services. When specified at the service group or service level, it will
> be applicable only to those services.
>
> --
> *Afkham Azeez*
> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com,
> *
> *
> *Member; Apache Software Foundation; **http://www.apache.org/*<http://www.apache.org/>
> *
> email: **azeez at wso2.com* <azeez at wso2.com>* cell: +94 77 3320919
> blog: **http://blog.afkham.org* <http://blog.afkham.org>*
> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez>
> *
> linked-in: **http://lk.linkedin.com/in/afkhamazeez*
> *
> *
> *Lean . Enterprise . Middleware*
>
>
> _______________________________________________
> Carbon-dev mailing list
> Carbon-dev at wso2.org
> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://wso2.org/pipermail/carbon-dev/attachments/20110110/3b115be8/attachment.htm>
More information about the Carbon-dev
mailing list