my dog learned polymorphism
The moose likes Web Services and the fly likes Remove auto-generated WS Info Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "Remove auto-generated WS Info" Watch "Remove auto-generated WS Info" New topic

Remove auto-generated WS Info

Daniel Gordon

Joined: Jun 03, 2006
Posts: 1
Hello all,

I'm using wscompile to generate my webservice including some 15 methods.
These are intended for specific clients which using SOAP to execute the service. However, when a user uses Internet Explorer and go to my site: he can see a listing of the methods in the WS.

How can I remove any such listing? I wish to disable HTTP Post/Get access to this WS...

If it may help, I'm also using apache mod_jk and tomcat.

Many Thanks,
Travis Hein
Ranch Hand

Joined: Jun 06, 2006
Posts: 161
The listing of methods for your web service has is the web service definition (WSDL). I am not sure that it can be removed or disabled, to disable it is usually also means to disable the web service all together.

I know with Apache axis, the WSDL is only shown with the ?wsdl parameter on the URL, so an Apache modrewrite directive could be used to prevent URL requests that contain ?wsdl in them.

Another idea is you could make a servlet filter that maps to the path of your web service. The servlet filter can look for the presence of the user agent HTTP header, and deny access if there is a value indicating the request came from a web browser, like internet explorer.

You can disable the service from being accessed by some people, like making it visible inside your house network, but not visible outside to the Internet with Apache directives.

Something like the following may do this.

<Location /MyWebService>
Order Deny,Allow
Deny from all
Allow from

Error: Keyboard not attached. Press F1 to continue.
Michael Valentino
Ranch Hand

Joined: Nov 01, 2005
Posts: 96
Not too familiar with using Axis with Tomcat, but I can tell you that vendors such as IBM place the WSDL in the META-INF\wsdl directory. This denies any client access, but the app may still access it if need be (no idea why it would want to...). For clients to get information about your service, you'd publish to a registry, i.e. UDDI or some XML other XML based registry. The only time your WSDL is useful is design time - client or server design... Although WebSphere uses the WSDL during deployment to create JIT objects for your service to use.

SCJP 1.4, SCWCD J2EE 1.4, SCJD J2SE 1.5, SCBCD J2EE 1.3, SCDJWS (In Progress)
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
Axis can suppress those auto-generated WSDL pages. Check this page for how to do that and other measures to protect a production Axis server.
I agree. Here's the link:
subject: Remove auto-generated WS Info
It's not a secret anymore!