On Mon, Jan 10, 2011 at 10:01 PM, Prabath Siriwardana <[email protected]>wrote:
> > > On Mon, Jan 10, 2011 at 7:44 PM, Amila Suriarachchi <[email protected]>wrote: > >> hi, >> >> First I think just restricting access to a service meta data won't make >> any thing secure. >> > > But - it makes things harder - specially in the case where a security > policy being attached.. > > One can argue that this "security by obscurity" - but once again this makes > the attacker guessing .. and that has made this a common requirement IMHO... > This is not necessarily about security as I have mentioned earlier. Sorry if my original mail gave this idea. > >> Then when you add this parameter then it won't show the service both >> authorized and unauthorized people. Correct way is to assign a role. show >> the metadata only if user in that role. >> >> For this in Axis2 we need to assume people have configure the tomcat or >> application user manger component properly and use those roles. >> > > > Thanks & regards, > -Prabath > > >> >> thanks, >> Amila. >> >> >> On Mon, Jan 10, 2011 at 5:10 PM, Afkham Azeez <[email protected]> wrote: >> >>> As per https://issues.apache.org/jira/browse/AXIS2-3316 I have >>> implemented this functionality where you can add the <parameter >>> name="exposeServiceMetadata">false</parameter> parameter to the axis2.xml or >>> services.xml file in order to restrict access to the service metadata. >>> >>> Adding the parameter to axis2.xml will not allow access to the metadata >>> of all services. When specified at the service group or service level, it >>> will be applicable only to those services. >>> >>> -- >>> *Afkham Azeez* >>> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com >>> , >>> * >>> * >>> *Member; Apache Software Foundation; >>> **http://www.apache.org/*<http://www.apache.org/> >>> * >>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>> * >>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>> * >>> * >>> *Lean . Enterprise . Middleware* >>> >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > Thanks & Regards, > Prabath > > http://blog.facilelogin.com > http://RampartFAQ.com > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- *Afkham Azeez* Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, * * *Member; Apache Software Foundation; **http://www.apache.org/*<http://www.apache.org/> * email: **[email protected]* <[email protected]>* cell: +94 77 3320919 blog: **http://blog.afkham.org* <http://blog.afkham.org>* twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware*
_______________________________________________ Carbon-dev mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
