堆栈内存溢出
  简体   繁体   English

如何在webapp xml配置文件中保护Sun-jaxws Java Web服务

[英]How to secure a sun-jaxws java web service inside the webapp xml config files

 原文  2019-02-13 08:57:45       java/ web-services/ jax-ws/ web-inf

问题描述

I have a sun-jaxws xml web service: 我有一个sun-jaxws xml Web服务: 

package com.myWebservices.ws;

    import java.*;
    import javax.*;


    @WebService
    public class GetSomeInfo{

   //allow IP to consume web service
    private static final String IP = "192.168.0.1";

    @Resource
    WebServiceContext wsContext; 
        @WebMethod(operationName="getSomeInfo")
        public String getSomeInfo(String data) {

           MessageContext mc = wsContext.getMessageContext();
           HttpServletRequest req = (HttpServletRequest)mc.get(MessageContext.SERVLET_REQUEST);             


         //control access by IP inside the web service code
         if (!(req.getRemoteAddr().equals(IP)))         
                result = "ACCESS DENIED"; 
         else 
               String result = bean.executeSomeProcess(data);              
               return result        
        }
    }

The web service is protected by IP access as you can see. 如您所见,Web服务受IP访问保护。 But the web service has public access, even if you do not obtain information only an "ACCESS DENIED", you can consume it. 但是,Web服务具有公共访问权限,即使您不仅仅通过“访问拒绝”获得信息,也可以使用它。

I would like to know if is possible to configure the web service in their own webapp xml files configuration (WEB-INF/sun-jaxws.xml, web.xml, META-IN/context.xml, or anything..) the same protecction IP access, which rejects automatically any access to the web service that is not the same authorized IP, and nobody can even consume the web service. 我想知道是否可以在自己的webapp xml文件配置(WEB-INF / sun-jaxws.xml,web.xml,META-IN / context.xml或其他任何内容)中配置Web服务。保护IP访问,它将自动拒绝对不是同一授权IP的Web服务的任何访问,甚至没有人可以使用该Web服务。

Edit: adding info: 编辑:添加信息:

What I really need to to know if i can configure the web.xml file for JAX-RS filters and get an IP protecction access. 我真正需要知道的是是否可以为JAX-RS过滤器配置web.xml文件并获得IP保护访问。

Thank you. 谢谢。

1 个解决方案

解决方案1
 0 已采纳  2019-02-15 12:58:59

As Easy as adding a filter in web.xml 就像在web.xml中添加过滤器一样容易

https://knowledgebase.progress.com/articles/Article/How-to-configure-Tomcat-to-accept-only-localhost-access-for-the-Manager-Application https://knowledgebase.progress.com/articles/Article/How-to-configure-Tomcat-to-accept-only-localhost-access-for-the-Manager-Application

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 没有sun-jaxws.xml的Tomcat上的JAX-WS Web服务 - JAX-WS Web service on Tomcat without sun-jaxws.xml Webapp和Web服务之间的安全通信 - Secure communication between webapp and web service 在旧版Java Webapp中的web.xml文件之间切换 - Switch between web.xml files in a legacy Java webapp sun-jaxws.xml - 什么时候需要,什么时候不需要? - sun-jaxws.xml - When is it needed and when not? 如何在Java EE 6中保护REST Web服务 - How to secure a REST web service in Java EE 6 如何解决'绝对uri:http://java.sun.com/portlet无法在web.xml或使用此应用程序部署的jar文件中解析' - How to fix 'The absolute uri: http://java.sun.com/portlet cannot be resolved in either web.xml or the jar files deployed with this application' jaxws-rt.jar中的“ / com / sun / xml / ws /”软件包和rt.jar中的“ / com / sun / xml / internal / ws /”软件包之间有什么区别 - what is the Difference between the “/com/sun/xml/ws/” package in jaxws-rt.jar and “/com/sun/xml/internal/ws/” package inside rt.jar 如何将配置XML文件从WEB-INF移到Java Spring中的资源? - how to move config xml files from WEB-INF to resources in java spring? 需要一个Java Web服务教程以及如何使Web服务安全 - Need a java webservice tutorial and how to make a web service secure 如何使用Java构建简单的安全Web服务? - How can I build simple secure web service with Java?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM