hi, First I think just restricting access to a service meta data won't make any thing secure.
Then when you add this parameter then it won't show the service both authorized and unauthorized people. Correct way is to assign a role. show the metadata only if user in that role. For this in Axis2 we need to assume people have configure the tomcat or application user manger component properly and use those roles. thanks, Amila. On Mon, Jan 10, 2011 at 5:10 PM, Afkham Azeez <[email protected]> wrote: > As per https://issues.apache.org/jira/browse/AXIS2-3316 I have implemented > this functionality where you can add the <parameter > name="exposeServiceMetadata">false</parameter> parameter to the axis2.xml or > services.xml file in order to restrict access to the service metadata. > > Adding the parameter to axis2.xml will not allow access to the metadata of > all services. When specified at the service group or service level, it will > be applicable only to those services. > > -- > *Afkham Azeez* > Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, > * > * > *Member; Apache Software Foundation; > **http://www.apache.org/*<http://www.apache.org/> > * > email: **[email protected]* <[email protected]>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >
_______________________________________________ Carbon-dev mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
