This is not going to do what Tim wants. ?wsdl will still be available with the difference that the WSDL you specify in WSDD file will be provided for that request. He wants to disable that feature all together.
Also, AFAIK, when you use <wsdlFile> you need a WSDL file somewhere on the classpath, not necessarily in AXIS_HOME/WEB-INF/classes. -- Eugene ----- Original Message ----- From: "Yves Erb" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, January 26, 2005 11:41a Subject: Re: Securing an Axis deployment > Hello, > I think I can help you for the first point. In the service element of your > deploy.wsdd file, add <wsdlFile>yourWsdlFile</wsdlFile>. I read somewhere > that you should put this wsdl in the AXIS_HOME/WEB-INF/classes directory (or > some descendant) but maybe it's not a requirement. > > Yves > > ----- Original Message ----- > From: "Tim K. (Gmane)" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, January 26, 2005 1:46 AM > Subject: Securing an Axis deployment > > > > Hello, > > > > How can I turn off these features for an Axis production deployment: > > > > 1) Disable the generation of WSDL when one goes to > > http://server:port/app/ws/ServiceName?wsdl > > > > 2) Turn off listing the available services and their methods by going to > > http://server:port/app/ws/ > > > > 3) Turn off all Admin services/servlets, etc. > > > > I would like to provide clients static WSDL files they can download from > > another (static) location and only allow my custom web services to be > > invoked, not the Axis built-in ones. This way I only have to worry about > > the security and exploits of my stuff rather than sweat over what could be > > exploited via the default Axis features (which for development are great, > > but not for production). > > > > Thank you for your help. > > > > -- > > Tim
