• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Need to block GET requests for a WebService

 
Hemant B. Kumar
Greenhorn
Posts: 11
Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I have a JaxWS WebService and I want the WebService URL to be available only for HTTP POST method.

What I understand after little bit googling and writing a sample code is that normally a JaxWS WebService can be invoked only through HTTP POST request. When I try HTTP GET request on the same URL I get HTTP (200 OK) response having links to all Endpoints/wsdl provided by the WebService.

I want to hide even the wsdl information from unknown client and on getting GET request I want to send "405 Method not Allowed" HTTP response to Client.

Please let me know if anyone has any details to share. I am using Glassfish application Server.

Thanks,
Naive
 
Tim Moores
Bartender
Posts: 2675
33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The WSDL can be disabled by some setting in the web.xml (depending on which SOAP stack you're using).
 
Hemant B. Kumar
Greenhorn
Posts: 11
Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
depending on which SOAP stack you're using


I'm sorry (I'm very new to WebServices), what do you mean by which SOAP stack? If you mean SOAP spec version then its 1.1.

Just to clarify what I need is not just restricting access to wsdl but also to send 405 response everytime a GET request is used to access the WebService URL.

Thanks.
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
Try this in your web.xml deployment descriptor:

The above will only allow POST requests with a user in the role "user" to the specified URL pattern.
This should not depend on which web service stack you use.
Best wishes!
 
Hemant B. Kumar
Greenhorn
Posts: 11
Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the suggestions.

For me a filter on WebService URL worked. This filter is to allow only POST requests and rejects other HTTP requests.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic