[英]How to secure a sun-jaxws java web service inside the webapp xml config files
I have a sun-jaxws xml web service: 我有一个sun-jaxws xml Web服务:
package com.myWebservices.ws;
import java.*;
import javax.*;
@WebService
public class GetSomeInfo{
//allow IP to consume web service
private static final String IP = "192.168.0.1";
@Resource
WebServiceContext wsContext;
@WebMethod(operationName="getSomeInfo")
public String getSomeInfo(String data) {
MessageContext mc = wsContext.getMessageContext();
HttpServletRequest req = (HttpServletRequest)mc.get(MessageContext.SERVLET_REQUEST);
//control access by IP inside the web service code
if (!(req.getRemoteAddr().equals(IP)))
result = "ACCESS DENIED";
else
String result = bean.executeSomeProcess(data);
return result
}
}
The web service is protected by IP access as you can see. 如您所见,Web服务受IP访问保护。 But the web service has public access, even if you do not obtain information only an "ACCESS DENIED", you can consume it.
但是,Web服务具有公共访问权限,即使您不仅仅通过“访问拒绝”获得信息,也可以使用它。
I would like to know if is possible to configure the web service in their own webapp xml files configuration (WEB-INF/sun-jaxws.xml, web.xml, META-IN/context.xml, or anything..) the same protecction IP access, which rejects automatically any access to the web service that is not the same authorized IP, and nobody can even consume the web service. 我想知道是否可以在自己的webapp xml文件配置(WEB-INF / sun-jaxws.xml,web.xml,META-IN / context.xml或其他任何内容)中配置Web服务。保护IP访问,它将自动拒绝对不是同一授权IP的Web服务的任何访问,甚至没有人可以使用该Web服务。
Edit: adding info: 编辑:添加信息:
What I really need to to know if i can configure the web.xml file for JAX-RS filters and get an IP protecction access. 我真正需要知道的是是否可以为JAX-RS过滤器配置web.xml文件并获得IP保护访问。
Thank you. 谢谢。
As Easy as adding a filter in web.xml 就像在web.xml中添加过滤器一样容易
https://knowledgebase.progress.com/articles/Article/How-to-configure-Tomcat-to-accept-only-localhost-access-for-the-Manager-Application https://knowledgebase.progress.com/articles/Article/How-to-configure-Tomcat-to-accept-only-localhost-access-for-the-Manager-Application
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.