• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Need to block GET requests for a WebService

 
Greenhorn
Posts: 11
Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

I have a JaxWS WebService and I want the WebService URL to be available only for HTTP POST method.

What I understand after little bit googling and writing a sample code is that normally a JaxWS WebService can be invoked only through HTTP POST request. When I try HTTP GET request on the same URL I get HTTP (200 OK) response having links to all Endpoints/wsdl provided by the WebService.

I want to hide even the wsdl information from unknown client and on getting GET request I want to send "405 Method not Allowed" HTTP response to Client.

Please let me know if anyone has any details to share. I am using Glassfish application Server.

Thanks,
Naive
 
Saloon Keeper
Posts: 7582
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The WSDL can be disabled by some setting in the web.xml (depending on which SOAP stack you're using).
 
Hemant B. Kumar
Greenhorn
Posts: 11
Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

depending on which SOAP stack you're using



I'm sorry (I'm very new to WebServices), what do you mean by which SOAP stack? If you mean SOAP spec version then its 1.1.

Just to clarify what I need is not just restricting access to wsdl but also to send 405 response everytime a GET request is used to access the WebService URL.

Thanks.
 
Ranch Hand
Posts: 2198
1
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!
Try this in your web.xml deployment descriptor:

The above will only allow POST requests with a user in the role "user" to the specified URL pattern.
This should not depend on which web service stack you use.
Best wishes!
 
Hemant B. Kumar
Greenhorn
Posts: 11
Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the suggestions.

For me a filter on WebService URL worked. This filter is to allow only POST requests and rejects other HTTP requests.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic