On Sun, Jan 30, 2011 at 10:23 PM, Jorge Infante Osorio <[email protected]>wrote:
> WSAS 3.2.1 > > With the try it functionality I don´t have any problem. > > My problem is that I don´t want that non-authenticate person can see and > use > it. > You are trying to have security by obscurity. If you don't want unauthorized personnel to call your Web services, the correct solution is to secure them using WS-Security. > A solution is to put user/password security to all services but if this is > not a security requirement I can´t do it. > > Jorge. > > De: [email protected] [mailto:[email protected]] En > nombre de Dimuthu Leelarathne > Enviado el: domingo, 30 de enero de 2011 22:05 > Para: [email protected] > Asunto: Re: [Carbon-dev] security issue with try it functionality. > > Hi, > > What version of App server are you using? > > > > > > On Mon, Jan 31, 2011 at 6:09 AM, Jorge Infante Osorio <[email protected]> > wrote: > We deploy an AppServ under a development environment, and in this > environment have access some people that we don´t want to see the home page > of AppServ and also we don´t want that they can use the try it > functionality > of any services. > > The AppServ by default let see the list of services and use the try it with > any services. > > How can we disable this behavior?? > > > Trunk versions of appserver do not display the service list but it is still > possible to use "tryit" if a person knows the url. > > > A solution is the mutual authentication using SSL and client certificate > but > I want to know if it´s possible that the non-authenticate user can see the > list of services but not use the try it until they are authenticate in > AppServ. > > This is not a provided feature yet. However a workaround would be to enable > UT on these services. > > thanks, > dimuthul > > Jorge. > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > -- *Afkham Azeez* Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, * * *Member; Apache Software Foundation; **http://www.apache.org/*<http://www.apache.org/> * email: **[email protected]* <[email protected]>* cell: +94 77 3320919 blog: **http://blog.afkham.org* <http://blog.afkham.org>* twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware*
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
