File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Remove auto-generated WS Info

 
Daniel Gordon
Greenhorn
Posts: 1
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,

I'm using wscompile to generate my webservice including some 15 methods.
These are intended for specific clients which using SOAP to execute the service. However, when a user uses Internet Explorer and go to my site: www.xxx.yyy/MyWSService he can see a listing of the methods in the WS.

How can I remove any such listing? I wish to disable HTTP Post/Get access to this WS...

If it may help, I'm also using apache mod_jk and tomcat.

Many Thanks,
Dani
 
Travis Hein
Ranch Hand
Posts: 161
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The listing of methods for your web service has is the web service definition (WSDL). I am not sure that it can be removed or disabled, to disable it is usually also means to disable the web service all together.

I know with Apache axis, the WSDL is only shown with the ?wsdl parameter on the URL, so an Apache modrewrite directive could be used to prevent URL requests that contain ?wsdl in them.

Another idea is you could make a servlet filter that maps to the path of your web service. The servlet filter can look for the presence of the user agent HTTP header, and deny access if there is a value indicating the request came from a web browser, like internet explorer.

You can disable the service from being accessed by some people, like making it visible inside your house network, but not visible outside to the Internet with Apache directives.

Something like the following may do this.

<Location /MyWebService>
Order Deny,Allow
Deny from all
Allow from 192.168.1.0/24
</Location>
 
Michael Valentino
Ranch Hand
Posts: 96
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not too familiar with using Axis with Tomcat, but I can tell you that vendors such as IBM place the WSDL in the META-INF\wsdl directory. This denies any client access, but the app may still access it if need be (no idea why it would want to...). For clients to get information about your service, you'd publish to a registry, i.e. UDDI or some XML other XML based registry. The only time your WSDL is useful is design time - client or server design... Although WebSphere uses the WSDL during deployment to create JIT objects for your service to use.
 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Axis can suppress those auto-generated WSDL pages. Check this page for how to do that and other measures to protect a production Axis server.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic