I'm using wscompile to generate my webservice including some 15 methods. These are intended for specific clients which using SOAP to execute the service. However, when a user uses Internet Explorer and go to my site: www.xxx.yyy/MyWSService he can see a listing of the methods in the WS.
How can I remove any such listing? I wish to disable HTTP Post/Get access to this WS...
If it may help, I'm also using apache mod_jk and tomcat.
The listing of methods for your web service has is the web service definition (WSDL). I am not sure that it can be removed or disabled, to disable it is usually also means to disable the web service all together.
I know with Apache axis, the WSDL is only shown with the ?wsdl parameter on the URL, so an Apache modrewrite directive could be used to prevent URL requests that contain ?wsdl in them.
Another idea is you could make a servlet filter that maps to the path of your web service. The servlet filter can look for the presence of the user agent HTTP header, and deny access if there is a value indicating the request came from a web browser, like internet explorer.
You can disable the service from being accessed by some people, like making it visible inside your house network, but not visible outside to the Internet with Apache directives.
Something like the following may do this.
<Location /MyWebService> Order Deny,Allow Deny from all Allow from 192.168.1.0/24 </Location>
Error: Keyboard not attached. Press F1 to continue.
Not too familiar with using Axis with Tomcat, but I can tell you that vendors such as IBM place the WSDL in the META-INF\wsdl directory. This denies any client access, but the app may still access it if need be (no idea why it would want to...). For clients to get information about your service, you'd publish to a registry, i.e. UDDI or some XML other XML based registry. The only time your WSDL is useful is design time - client or server design... Although WebSphere uses the WSDL during deployment to create JIT objects for your service to use.