我需要隐藏WSDL URL或仅使其可用于身份验证的用户。即我不想揭露http://localhost:8080/services/application?wsdl。
Tomcat版本8.5.11,Java 8,Axis 1.4(我知道轴版本太旧了,但这是我现在必须使用的(
我认为我可以在此处http://docs.oracle.com/cd/e19798-01/821-1841/bncbk/index.html上添加安全约束。>
<security-constraint>
<web-resource-collection>
<web-resource-name>WSDL</web-resource-name>
<description>WSDL Files</description>
<url-pattern>*?wsdl</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
还发现了这个线程,建议做同样的事情,但对我不起作用,将wsdl隐藏在jax-ws
中tomcat抛出以下错误:
org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:167)
at org.apache.catalina.core.StandardContext.reload(StandardContext.java:3782)
at org.apache.catalina.startup.HostConfig.reload(HostConfig.java:1377)
at org.apache.catalina.startup.HostConfig.checkResources(HostConfig.java:1350)
at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1586)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:280)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:94)
at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1164)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1388)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1392)
at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1360)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.IllegalArgumentException: Invalid <url-pattern> *?wsdl in security constraint
at org.apache.catalina.core.StandardContext.addConstraint(StandardContext.java:2827)
at org.apache.catalina.startup.ContextConfig.configureContext(ContextConfig.java:1317)
at org.apache.catalina.startup.ContextConfig.webConfig(ContextConfig.java:1190)
at org.apache.catalina.startup.ContextConfig.configureStart(ContextConfig.java:775)
at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:299)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:94)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5087)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
... 11 more
知道我在做什么错吗?还是我如何实现上述?
非常感谢
不符合Java WS规格。我相信轴1.4早期的Java WS规格。
我相信可以写一个servlet来过滤WSDL文件。https://coderanch.com/t/224470/java/disable-wsdl-url-axis#1054987
感谢所有试图提供帮助的人,经过长时间阅读轴文档后,似乎有两种方法可以禁用WSDL:
1-默认情况下,轴提供了三个轴Servlet查询字符串处理程序(?列表,?方法和?WSDL(,如果您关闭默认行为,则不会发布WSDL,您可以通过设置来执行此操作useDefaultQueryStrings标志至false如下http transport中的CC_3上的以下内容:
<transport name="http">
<requestFlow>
<handler type="URLMapper"/>
<handler type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
</requestFlow>
<parameter name="useDefaultQueryStrings" value="false" />
</transport>
2-文档中有一个称为(预配置的轴组件参考(的部分,这里有一个 urlmapper ,其中有以下说明:
"The URLMapper, an HTTP-specific handler, usually goes on HTTP transport chains (it is deployed by default). It serves to do service dispatch based on URL - for instance, this is the Handler which allows URLs like http://localhost:8080/axis/services/MyService?wsdl to work."
如果您再次评论URLMAPPER,则WSDL将不会发布。您需要评论处理程序
<!-- <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>-->
和RequestFlow中的参考:
<transport name="http">
<requestFlow>
<!--<handler type="URLMapper"/>-->
<handler type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
</requestFlow>
</transport>
应该是。
轴文档此处http://axis.apache.org/axis/java/reference.html
我个人已经使用了第一个解决方案,如果有人认为我们不应该这样做,我将不胜感激,请随时发表评论。