在JAX-WS中隐藏WSDL [英] Hiding WSDL in JAX-WS

问题描述

我正在使用JAX-WS来构建和部署Web服务.

一切正常，但是我需要隐藏WSDL.换句话说，如果用户转到以下URL: http://foo.com/wm- ws/WMService2?wsdl ，我不希望显示WSDL.

我读到我们可以使用@WSDL注释，所以我这样做如下:

@WebService(serviceName = "WMService2",
        targetNamespace = "http://test.wmservice.soap/",
        portName = "WMService2")
@WSDL(exposed = false)

public class WMService2
{
  ...
}

但这并没有任何改变..WSDL仍在显示.我已经看到了在其中创建过滤器的变通方法，但是我认为这太过分了.

有什么想法吗?

解决方案

对于初学者来说，您的客户端可能会在运行时需要WSDL.可以通过手工制作的客户端代码或通过包括WSDL的本地副本(在EE环境中需要一些魔术，即将WSDL打包在工件中并在wsimport中指定wsdl位置)来解决此问题. (如果需要，我可以提供更多信息；这也是有效的解决方案:为什么Java Client在运行时需要WSDL?

话虽如此，听起来您实际上要完成的工作是限制对Web资源的访问，这可以通过web.xml轻松实现.具体来说，您可以添加安全约束

<security-constraint>
    <web-resource-collection>
        <url-pattern>*?wsdl</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>

尽管这意味着您必须在容器中设置身份验证并在客户端中进行身份验证(您的容器是什么?客户端?). url-pattern可以是任何内容，而角色名称*表示任何经过身份验证的用户都可以访问该资源.

关于安全性限制: http://docs .oracle.com/cd/E19798-01/821-1841/bncbk/index.html

I'm, using JAX-WS in order to build and deploy web-services.

Everything is working properly, however I need to hide the WSDL. In other words, If the user goes to the following URL: http://foo.com/wm-ws/WMService2?wsdl, i don't want the WSDL to show.

I read that we could use the @WSDL annotation so i did that as follows:

@WebService(serviceName = "WMService2",
        targetNamespace = "http://test.wmservice.soap/",
        portName = "WMService2")
@WSDL(exposed = false)

public class WMService2
{
  ...
}

But this doesn't change anything..The WSDL is still showing. I've seen work-around where a filter is created, but i think it's an overkill.

Any ideas?

解决方案

For starters, your client will likely require the WSDL at runtime. It is possible to get around this with hand-crafted client code or by including a local copy of the WSDL (which requires a bit of magic in an EE environment, namely packaging the WSDL in your artifact and specifying a wsdl-location in your wsimport (I can provide more info if desired; this is also a valid solution: JAX-WS client : what's the correct path to access the local WSDL?). This explains more about the dependency but it's also a good idea to have it available for interoperability: Why is WSDL required for Java Client at runtime?

With that said, it sounds like what you're actually trying to accomplish is restrict access to web resources, which is easily accomplished with a web.xml. Specifically you can add a security constraint,

<security-constraint>
    <web-resource-collection>
        <url-pattern>*?wsdl</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>

although this will mean that you must set up authentication in your container and authenticate in your client (what is your container? client?). The url-pattern can be anything and the role-name * indicates any authenticated user may access the resource.

About security contraints: http://docs.oracle.com/cd/E19798-01/821-1841/bncbk/index.html

这篇关于在JAX-WS中隐藏WSDL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！