This request originated from a customer requirement. In a customer deployment a user doesn't usually expose the underlying technologies to the out side. The user exposes some functionalities using our products to the out side and these are the only functionalities that should get expose the out side. If the ?wsdl works for some URLs think of this in terms of the end users perspective. Now the enduser can access the exposed intended functionality but also they can access other non relevant information about the system.
So I think this is not about open source and having users have access to our stuff publicly. I think it is about exposing only the required and intended functionalities to the user of a production deployment. Thanks, Supun.. On Wed, Jan 26, 2011 at 2:45 PM, Heshan Suriyaarachchi <hes...@wso2.com> wrote: > > > On Tue, Jan 25, 2011 at 7:30 PM, Afkham Azeez <az...@wso2.com> wrote: >> >> It doesn't hurt to have the ability to turn off WSDLs for all admin >> services. > > +1 > > IMV the best option is to give the user the option to configure whether to > expose AdminService WSDLs is by giving a carbon.xml param to configure the > Carbon Server (As per my original proposal). Furthermore, we can make the > service WSDLs available by default since not many Devs like the idea of > blocking the WSDLs. Then if a user wants to block the AdminService WSDLs > he/she can add the proposed param to the carbon.xml. > >> The other option is for the admin service OSGi bundle authors to >> explicitly declare the 'exposeServiceMetadata' parameter in the respective >> services.xml files. > > In this case, the authors will have to modify each and every Admin Service. > Another downside is if we do it at the bundle level, it'll be the default > behavior. > > > So guys, is it alright if I go ahead and implement this in the trunk? If > there are objections, please raise them now because we have this requirement > as an action item for the next release of the ESB (ie. 3.2.0). >> >> Azeez >> >> On Tue, Jan 25, 2011 at 5:57 AM, Heshan Suriyaarachchi <hes...@wso2.com> >> wrote: >>> >>> Sometime back one of our customers were asking whether we supported this >>> features. >>> >>> On Tue, Jan 25, 2011 at 6:49 PM, Afkham Azeez <az...@wso2.com> wrote: >>>> >>>> How did this requirement originate? Did one of our customers or users >>>> ask for it? >>>> >>>> On Tue, Jan 25, 2011 at 3:48 AM, Heshan Suriyaarachchi <hes...@wso2.com> >>>> wrote: >>>>> >>>>> Hi Amila, >>>>> >>>>> Yes, your point is correct. But say for example a user who has deployed >>>>> a Carbon based server in production wants to block publishing unwanted >>>>> information to outside. Now there is no way of doing this. >>>>> >>>>> Another point is that say for example a user in production has >>>>> developed custom bundles and exposed their services as AdminServices. Then >>>>> in situation like that also we might need to block WSDLs. >>>>> >>>>> On Tue, Jan 25, 2011 at 4:54 PM, Amila Suriarachchi <am...@wso2.com> >>>>> wrote: >>>>>> >>>>>> >>>>>> On Tue, Jan 25, 2011 at 3:38 PM, Heshan Suriyaarachchi >>>>>> <hes...@wso2.com> wrote: >>>>>>> >>>>>>> Hi Devs, >>>>>>> >>>>>>> Currently there isn't a way provided by the Carbon Server to block >>>>>>> Admin Service WSDLs to outside parties. I am looking at a way to fix >>>>>>> this. I >>>>>>> had a offline discussion with Azeez on $subject. >>>>>> >>>>>> Since our products are open source there is nothing we can hide by >>>>>> just blocking wsdl for Admin services. >>>>>> >>>>>> thanks, >>>>>> Amila. >>>>>>> >>>>>>> Recently, Azeez has done a change to Axis2 trunk to have the >>>>>>> following property. >>>>>>> <parameter name="exposeServiceMetadata">true</parameter> >>>>>>> It will decide whether the metadata (WSDL, schema, policy) of the >>>>>>> services deployed on Axis2, should be visible to the incoming ?wsdl, >>>>>>> ?wsdl2, >>>>>>> ?xsd, ?policy requests. >>>>>>> >>>>>>> The idea is to implement the $subject in following way. >>>>>>> >>>>>>> In the carbon.xml have a parameter named ShowAdminServiceMetadata. >>>>>>> which will have the default value to false. That means the AdminServies >>>>>>> are >>>>>>> blocked by default. Then the carbon.core.DeploymentInterceptor will be >>>>>>> modified in a such a way that if a service being deployed is an >>>>>>> AdminService >>>>>>> the above mentioned, exposeServiceMetadata property will be added. >>>>>>> >>>>>>> I just wanted to inform you before I do the change. Your feedback and >>>>>>> ideas are welcome. >>>>>>> >>>>>>> >>>>>>> Regards, >>>>>>> Heshan. >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> Heshan Suriyaarachchi >>>>>>> Software Engineer >>>>>>> WSO2 Inc.; http://wso2.com/ >>>>>>> >>>>>>> Blog: http://heshans.blogspot.com/ >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Carbon-dev mailing list >>>>>>> carbon-...@wso2.org >>>>>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Carbon-dev mailing list >>>>>> carbon-...@wso2.org >>>>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Regards, >>>>> Heshan Suriyaarachchi >>>>> Software Engineer >>>>> WSO2 Inc.; http://wso2.com/ >>>>> >>>>> Blog: http://heshans.blogspot.com/ >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> carbon-...@wso2.org >>>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>> >>>> >>>> >>>> -- >>>> Afkham Azeez >>>> Senior Software Architect & Senior Manager; WSO2, Inc.; >>>> http://wso2.com, >>>> >>>> Member; Apache Software Foundation; http://www.apache.org/ >>>> email: az...@wso2.com cell: +94 77 3320919 >>>> blog: http://blog.afkham.org >>>> twitter: http://twitter.com/afkham_azeez >>>> linked-in: http://lk.linkedin.com/in/afkhamazeez >>>> >>>> Lean . Enterprise . Middleware >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> carbon-...@wso2.org >>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>> >>> >>> >>> -- >>> Regards, >>> Heshan Suriyaarachchi >>> Software Engineer >>> WSO2 Inc.; http://wso2.com/ >>> >>> Blog: http://heshans.blogspot.com/ >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> carbon-...@wso2.org >>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >> >> >> >> -- >> Afkham Azeez >> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, >> >> Member; Apache Software Foundation; http://www.apache.org/ >> email: az...@wso2.com cell: +94 77 3320919 >> blog: http://blog.afkham.org >> twitter: http://twitter.com/afkham_azeez >> linked-in: http://lk.linkedin.com/in/afkhamazeez >> >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Carbon-dev mailing list >> carbon-...@wso2.org >> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> > > > > -- > Regards, > Heshan Suriyaarachchi > Software Engineer > WSO2 Inc.; http://wso2.com/ > > Blog: http://heshans.blogspot.com/ > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@lists.wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Supun Kamburugamuva Technical Lead WSO2 Inc.; http://wso2.org E-mail: su...@wso2.com; Mobile: +94 77 431 3585 Blog: http://supunk.blogspot.com _______________________________________________ Carbon-dev mailing list Carbon-dev@lists.wso2.org http://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
