[Carbon-dev] Restricting access to service metadata (WSDL, schema, policy)

Senaka Fernando senaka at wso2.com
Mon Jan 10 08:42:23 PST 2011


On Mon, Jan 10, 2011 at 10:05 PM, Afkham Azeez <azeez at wso2.com> wrote:

> This requirement is different. In the case of some organizations, the WSDL
> is copyrighted and distributed out of band. People who get access to these
> WSDLs may need to sign a NDA. So, in their deployment, they would allow
> authorized users to call the service, but they do not want anybody to get
> access to the WSDL through a URL.


+1. The WSDL can reside on a corporate registry perhaps.

Thanks,
Senaka.

>
> Azeez
>
> On Mon, Jan 10, 2011 at 7:44 PM, Amila Suriarachchi <amila at wso2.com>wrote:
>
>> hi,
>>
>> First I think just restricting access to a service meta data won't make
>> any thing secure.
>>
>> Then when you add this parameter then it won't show the service both
>> authorized and unauthorized people. Correct way is to assign a role. show
>> the metadata only if user in that role.
>>
>> For this in Axis2 we need to assume people have configure the tomcat or
>> application user manger component properly and use those roles.
>>
>> thanks,
>> Amila.
>>
>>
>> On Mon, Jan 10, 2011 at 5:10 PM, Afkham Azeez <azeez at wso2.com> wrote:
>>
>>> As per https://issues.apache.org/jira/browse/AXIS2-3316 I have
>>> implemented this functionality where you can add the <parameter
>>> name="exposeServiceMetadata">false</parameter> parameter to the axis2.xml or
>>> services.xml file in order to restrict access to the service metadata.
>>>
>>> Adding the parameter to axis2.xml will not allow access to the metadata
>>> of all services. When specified at the service group or service level, it
>>> will be applicable only to those services.
>>>
>>> --
>>> *Afkham Azeez*
>>> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com
>>> ,
>>> *
>>> *
>>> *Member; Apache Software Foundation; **http://www.apache.org/*<http://www.apache.org/>
>>> *
>>> email: **azeez at wso2.com* <azeez at wso2.com>* cell: +94 77 3320919
>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>*
>>> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez>
>>> *
>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez*
>>> *
>>> *
>>> *Lean . Enterprise . Middleware*
>>>
>>>
>>> _______________________________________________
>>> Carbon-dev mailing list
>>> Carbon-dev at wso2.org
>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>
>>>
>>
>> _______________________________________________
>> Carbon-dev mailing list
>> Carbon-dev at wso2.org
>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>
>
>
> --
> *Afkham Azeez*
> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com,
> *
> *
> *Member; Apache Software Foundation; **http://www.apache.org/*<http://www.apache.org/>
> *
> email: **azeez at wso2.com* <azeez at wso2.com>* cell: +94 77 3320919
> blog: **http://blog.afkham.org* <http://blog.afkham.org>*
> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez>
> *
> linked-in: **http://lk.linkedin.com/in/afkhamazeez*
> *
> *
> *Lean . Enterprise . Middleware*
>
>
> _______________________________________________
> Carbon-dev mailing list
> Carbon-dev at wso2.org
> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>


-- 
*Senaka Fernando*
Associate Technical Lead & Product Manager - WSO2 G-Reg;
WSO2, Inc.; http://wso2.com*
Member; Apache Software Foundation; http://apache.org

E-mail: senaka AT wso2.com
**P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
Linked-In: http://www.linkedin.com/in/senakafernando

*Lean . Enterprise . Middleware
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://wso2.org/pipermail/carbon-dev/attachments/20110110/35236327/attachment.htm>


More information about the Carbon-dev mailing list