Hi, Non authenticated users aren't shown the list of services in App server 4.0.0. and onwards. However if a person knows the url of the try it service they can access it using tryit.
As you said your AppServer is in development environment and you don't want these services under development to be accessed by others, so it is understandable that you don't want to enable UT. Your requirement is life-cycle management for services in WSAS. What I meant by "life-cycle" is moving a service in these states - Developemnt->Staging->Production. We don't support life-cycle management for WSAS services yet. But you can achieve the behaviour you want by adding the following property in services.xml. This is STRICTLY a WORKAROUND not the correct solution. Please be known that it is a misuse of a property to get the behaviour you want. <parameter name="adminService" locked="ture">true</parameter> Thanks, Dimuthu On Mon, Jan 31, 2011 at 8:53 AM, Jorge Infante Osorio <[email protected]>wrote: > WSAS 3.2.1 > > With the try it functionality I don´t have any problem. > > My problem is that I don´t want that non-authenticate person can see and > use > it. > A solution is to put user/password security to all services but if this is > not a security requirement I can´t do it. > > Jorge. > > De: [email protected] [mailto:[email protected]] En > nombre de Dimuthu Leelarathne > Enviado el: domingo, 30 de enero de 2011 22:05 > Para: [email protected] > Asunto: Re: [Carbon-dev] security issue with try it functionality. > > Hi, > > What version of App server are you using? > > > > > > On Mon, Jan 31, 2011 at 6:09 AM, Jorge Infante Osorio <[email protected]> > wrote: > We deploy an AppServ under a development environment, and in this > environment have access some people that we don´t want to see the home page > of AppServ and also we don´t want that they can use the try it > functionality > of any services. > > The AppServ by default let see the list of services and use the try it with > any services. > > How can we disable this behavior?? > > > Trunk versions of appserver do not display the service list but it is still > possible to use "tryit" if a person knows the url. > > > A solution is the mutual authentication using SSL and client certificate > but > I want to know if it´s possible that the non-authenticate user can see the > list of services but not use the try it until they are authenticate in > AppServ. > > This is not a provided feature yet. However a workaround would be to enable > UT on these services. > > thanks, > dimuthul > > Jorge. > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
