Author: azeez
Date: Mon Jan 10 10:57:21 2011
New Revision: 1057147
URL: http://svn.apache.org/viewvc?rev=1057147&view=rev
Log:
Implemented feature suggested in AXIS2-3316 - Control whether a WSDL is
returned when ?wsdl comes in - both at service level and global level
Modified:
axis/axis2/java/core/trunk/modules/kernel/conf/axis2.xml
axis/axis2/java/core/trunk/modules/transport/http/src/org/apache/axis2/transport/http/HTTPWorker.java
axis/axis2/java/core/trunk/modules/transport/http/src/org/apache/axis2/transport/http/ListingAgent.java
axis/axis2/java/core/trunk/modules/webapp/conf/axis2.xml
Modified: axis/axis2/java/core/trunk/modules/kernel/conf/axis2.xml
URL:
http://svn.apache.org/viewvc/axis/axis2/java/core/trunk/modules/kernel/conf/axis2.xml?rev=1057147&r1=1057146&r2=1057147&view=diff
==============================================================================
--- axis/axis2/java/core/trunk/modules/kernel/conf/axis2.xml (original)
+++ axis/axis2/java/core/trunk/modules/kernel/conf/axis2.xml Mon Jan 10
10:57:21 2011
@@ -26,14 +26,25 @@
<parameter name="enableMTOM">false</parameter>
<parameter name="enableSwA">false</parameter>
-
- <parameter name="EnableChildFirstClassLoading">false</parameter>
-
<!--Uncomment if you want to enable file caching for attachments -->
<!--parameter name="cacheAttachments">true</parameter>
<parameter name="attachmentDIR"></parameter>
<parameter name="sizeThreshold">4000</parameter-->
+ <parameter name="EnableChildFirstClassLoading">false</parameter>
+
+ <!--
+ The exposeServiceMetadata parameter decides whether the metadata (WSDL,
schema, policy) of
+ the services deployed on Axis2 should be visible when ?wsdl, ?wsdl2, ?xsd,
?policy requests
+ are received.
+ This parameter can be defined in the axi2.xml file, in which case this
will be applicable
+ globally, or in the services.xml files, in which case, it will be
applicable to the
+ Service groups and/or services, depending on the level at which the
parameter is declared.
+ This value of this parameter defaults to true.
+ -->
+ <parameter name="exposeServiceMetadata">true</parameter>
+
+
<!--Uncomment if you want to plugin your own attachments lifecycle
implementation -->
<!--<attachmentsLifecycleManager
class="org.apache.axiom.attachments.lifecycle.impl.LifecycleManagerImpl"/>-->
Modified:
axis/axis2/java/core/trunk/modules/transport/http/src/org/apache/axis2/transport/http/HTTPWorker.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/core/trunk/modules/transport/http/src/org/apache/axis2/transport/http/HTTPWorker.java?rev=1057147&r1=1057146&r2=1057147&view=diff
==============================================================================
---
axis/axis2/java/core/trunk/modules/transport/http/src/org/apache/axis2/transport/http/HTTPWorker.java
(original)
+++
axis/axis2/java/core/trunk/modules/transport/http/src/org/apache/axis2/transport/http/HTTPWorker.java
Mon Jan 10 10:57:21 2011
@@ -24,6 +24,7 @@ import org.apache.axis2.context.Configur
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.deployment.DeploymentConstants;
import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.Parameter;
import org.apache.axis2.engine.Handler.InvocationResponse;
import org.apache.axis2.transport.RequestResponseTransport;
import org.apache.axis2.transport.TransportUtils;
@@ -32,6 +33,7 @@ import org.apache.axis2.transport.http.s
import org.apache.axis2.transport.http.server.HttpUtils;
import org.apache.axis2.transport.http.server.Worker;
import org.apache.axis2.transport.http.util.RESTUtil;
+import org.apache.axis2.util.JavaUtils;
import org.apache.http.Header;
import org.apache.http.HttpException;
import org.apache.http.HttpStatus;
@@ -118,9 +120,14 @@ public class HTTPWorker implements Worke
HashMap services =
configurationContext.getAxisConfiguration().getServices();
AxisService service = (AxisService) services.get(serviceName);
if (service != null) {
- response.setStatus(HttpStatus.SC_OK);
- response.setContentType("text/xml");
- service.printWSDL2(response.getOutputStream(),
getHost(request));
+ boolean canExposeServiceMetadata =
canExposeServiceMetadata(service);
+ if (canExposeServiceMetadata) {
+ response.setStatus(HttpStatus.SC_OK);
+ response.setContentType("text/xml");
+ service.printWSDL2(response.getOutputStream(),
getHost(request));
+ } else {
+ response.setStatus(HttpStatus.SC_FORBIDDEN);
+ }
return;
}
}
@@ -135,9 +142,14 @@ public class HTTPWorker implements Worke
HashMap services =
configurationContext.getAxisConfiguration().getServices();
AxisService service = (AxisService) services.get(serviceName);
if (service != null) {
- response.setStatus(HttpStatus.SC_OK);
- response.setContentType("text/xml");
- service.printWSDL(response.getOutputStream(),
getHost(request));
+ boolean canExposeServiceMetadata =
canExposeServiceMetadata(service);
+ if (canExposeServiceMetadata) {
+ response.setStatus(HttpStatus.SC_OK);
+ response.setContentType("text/xml");
+ service.printWSDL(response.getOutputStream(),
getHost(request));
+ } else {
+ response.setStatus(HttpStatus.SC_FORBIDDEN);
+ }
return;
}
}
@@ -146,9 +158,14 @@ public class HTTPWorker implements Worke
HashMap services =
configurationContext.getAxisConfiguration().getServices();
AxisService service = (AxisService) services.get(serviceName);
if (service != null) {
- response.setStatus(HttpStatus.SC_OK);
- response.setContentType("text/xml");
- service.printSchema(response.getOutputStream());
+ boolean canExposeServiceMetadata =
canExposeServiceMetadata(service);
+ if (canExposeServiceMetadata) {
+ response.setStatus(HttpStatus.SC_OK);
+ response.setContentType("text/xml");
+ service.printSchema(response.getOutputStream());
+ } else {
+ response.setStatus(HttpStatus.SC_FORBIDDEN);
+ }
return;
}
}
@@ -163,6 +180,11 @@ public class HTTPWorker implements Worke
HashMap services =
configurationContext.getAxisConfiguration().getServices();
AxisService service = (AxisService) services.get(serviceName);
if (service != null) {
+ boolean canExposeServiceMetadata =
canExposeServiceMetadata(service);
+ if (!canExposeServiceMetadata) {
+ response.setStatus(HttpStatus.SC_FORBIDDEN);
+ return;
+ }
//run the population logic just to be sure
service.populateSchemaMappings();
//write out the correct schema
@@ -332,6 +354,22 @@ public class HTTPWorker implements Worke
}
}
+ /**
+ * Checks whether exposing the WSDL & WSDL elements such as schema &
policy have been allowed
+ *
+ * @param service The AxisService which needs to be verified
+ * @throws IOException If exposing WSDL & WSDL elements has been
restricted.
+ * @return true - if service metadata can be exposed, false - otherwise
+ */
+ private boolean canExposeServiceMetadata(AxisService service) throws
IOException {
+ Parameter exposeServiceMetadata =
service.getParameter("exposeServiceMetadata");
+ if (exposeServiceMetadata != null &&
+ JavaUtils.isFalseExplicitly(exposeServiceMetadata.getValue())) {
+ return false;
+ }
+ return true;
+ }
+
private boolean processInternalWSDL(String uri, ConfigurationContext
configurationContext,
String serviceName, AxisHttpResponse
response, String ip)
throws IOException {
Modified:
axis/axis2/java/core/trunk/modules/transport/http/src/org/apache/axis2/transport/http/ListingAgent.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/core/trunk/modules/transport/http/src/org/apache/axis2/transport/http/ListingAgent.java?rev=1057147&r1=1057146&r2=1057147&view=diff
==============================================================================
---
axis/axis2/java/core/trunk/modules/transport/http/src/org/apache/axis2/transport/http/ListingAgent.java
(original)
+++
axis/axis2/java/core/trunk/modules/transport/http/src/org/apache/axis2/transport/http/ListingAgent.java
Mon Jan 10 10:57:21 2011
@@ -28,6 +28,7 @@ import org.apache.axis2.description.Poli
import org.apache.axis2.description.Parameter;
import org.apache.axis2.util.ExternalPolicySerializer;
import org.apache.axis2.util.IOUtils;
+import org.apache.axis2.util.JavaUtils;
import org.apache.axis2.util.OnDemandLogger;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyRegistry;
@@ -176,132 +177,22 @@ public class ListingAgent extends Abstra
if (serviceObj != null) {
AxisService axisService = (AxisService) serviceObj;
if (wsdl2 >= 0) {
- res.setContentType("text/xml");
- String ip = extractHost(url);
- String wsdlName = req.getParameter("wsdl2");
-
- int ret = axisService.printWSDL2(res.getOutputStream(),
ip, wsdlName);
- if (ret == 0) {
- res.sendRedirect("");
- } else if (ret == -1) {
- res.sendError(HttpServletResponse.SC_NOT_FOUND);
- }
+ handleWSDL2Request(req, res, url, axisService);
return;
} else if (wsdl >= 0) {
- OutputStream out = res.getOutputStream();
- res.setContentType("text/xml");
- String ip = extractHost(url);
- String wsdlName = req.getParameter("wsdl");
-
- if (wsdlName != null && wsdlName.length()>0) {
- axisService.printUserWSDL(out, wsdlName, ip);
- } else {
- axisService.printWSDL(out, ip);
- }
+ handleWSDLRequest(req, res, url, axisService);
return;
} else if (xsd >= 0) {
- res.setContentType("text/xml");
- int ret = axisService.printXSD(res.getOutputStream(),
req.getParameter("xsd"));
- if (ret == 0) {
- //multiple schemas are present and the user specified
- //no name - in this case we cannot possibly pump a
schema
- //so redirect to the service root
- res.sendRedirect("");
- } else if (ret == -1) {
- res.sendError(HttpServletResponse.SC_NOT_FOUND);
- }
+ handleXSDRequest(req, res, axisService);
return;
} else if (policy >= 0) {
-
- ExternalPolicySerializer serializer = new
ExternalPolicySerializer();
- serializer.setAssertionsToFilter(configContext
-
.getAxisConfiguration().getLocalPolicyAssertions());
-
- // check whether Id is set
- String idParam = req.getParameter("id");
-
- if (idParam != null) {
- // Id is set
-
- Policy targetPolicy = findPolicy(idParam, axisService);
-
- if (targetPolicy != null) {
- XMLStreamWriter writer;
-
- try {
- OutputStream out = res.getOutputStream();
- writer = XMLOutputFactory.newInstance()
- .createXMLStreamWriter(out);
-
- res.setContentType("application/wspolicy+xml");
- targetPolicy.serialize(writer);
- writer.flush();
-
- } catch (XMLStreamException e) {
- throw new ServletException(
- "Error occured when serializing the
Policy",
- e);
-
- } catch (FactoryConfigurationError e) {
- throw new ServletException(
- "Error occured when serializing the
Policy",
- e);
- }
-
- } else {
-
- OutputStream out = res.getOutputStream();
- res.setContentType("text/html");
- String outStr = "<b>No policy found for id="
- + idParam + "</b>";
- out.write(outStr.getBytes());
- }
-
- } else {
-
- PolicyInclude policyInclude =
axisService.getPolicyInclude();
- Policy effecPolicy =
policyInclude.getEffectivePolicy();
-
- if (effecPolicy != null) {
- XMLStreamWriter writer;
-
- try {
- OutputStream out = res.getOutputStream();
- writer = XMLOutputFactory.newInstance()
- .createXMLStreamWriter(out);
-
- res.setContentType("application/wspolicy+xml");
- effecPolicy.serialize(writer);
- writer.flush();
-
- } catch (XMLStreamException e) {
- throw new ServletException(
- "Error occured when serializing the
Policy",
- e);
-
- } catch (FactoryConfigurationError e) {
- throw new ServletException(
- "Error occured when serializing the
Policy",
- e);
- }
- } else {
-
- OutputStream out = res.getOutputStream();
- res.setContentType("text/html");
- String outStr = "<b>No effective policy for "
- + serviceName + " service</b>";
- out.write(outStr.getBytes());
- }
- }
-
+ handlePolicyRequest(req, res, serviceName, axisService);
return;
} else {
- req.getSession().setAttribute(Constants.SINGLE_SERVICE,
- serviceObj);
+ req.getSession().setAttribute(Constants.SINGLE_SERVICE,
serviceObj);
}
} else {
req.getSession().setAttribute(Constants.SINGLE_SERVICE, null);
-
res.sendError(HttpServletResponse.SC_NOT_FOUND, url);
}
}
@@ -309,6 +200,170 @@ public class ListingAgent extends Abstra
renderView(LIST_SINGLE_SERVICE_JSP_NAME, req, res);
}
+ private void handlePolicyRequest(HttpServletRequest req,
+ HttpServletResponse res,
+ String serviceName,
+ AxisService axisService) throws
IOException, ServletException {
+ if (!canExposeServiceMetadata(axisService)){
+ res.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+ ExternalPolicySerializer serializer = new ExternalPolicySerializer();
+ serializer.setAssertionsToFilter(configContext
+ .getAxisConfiguration().getLocalPolicyAssertions());
+
+ // check whether Id is set
+ String idParam = req.getParameter("id");
+
+ if (idParam != null) {
+ // Id is set
+
+ Policy targetPolicy = findPolicy(idParam, axisService);
+
+ if (targetPolicy != null) {
+ XMLStreamWriter writer;
+
+ try {
+ OutputStream out = res.getOutputStream();
+ writer = XMLOutputFactory.newInstance()
+ .createXMLStreamWriter(out);
+
+ res.setContentType("application/wspolicy+xml");
+ targetPolicy.serialize(writer);
+ writer.flush();
+
+ } catch (XMLStreamException e) {
+ throw new ServletException(
+ "Error occured when serializing the Policy",
+ e);
+
+ } catch (FactoryConfigurationError e) {
+ throw new ServletException(
+ "Error occured when serializing the Policy",
+ e);
+ }
+
+ } else {
+
+ OutputStream out = res.getOutputStream();
+ res.setContentType("text/html");
+ String outStr = "<b>No policy found for id="
+ + idParam + "</b>";
+ out.write(outStr.getBytes());
+ }
+
+ } else {
+
+ PolicyInclude policyInclude = axisService.getPolicyInclude();
+ Policy effecPolicy = policyInclude.getEffectivePolicy();
+
+ if (effecPolicy != null) {
+ XMLStreamWriter writer;
+
+ try {
+ OutputStream out = res.getOutputStream();
+ writer = XMLOutputFactory.newInstance()
+ .createXMLStreamWriter(out);
+
+ res.setContentType("application/wspolicy+xml");
+ effecPolicy.serialize(writer);
+ writer.flush();
+
+ } catch (XMLStreamException e) {
+ throw new ServletException(
+ "Error occured when serializing the Policy",
+ e);
+
+ } catch (FactoryConfigurationError e) {
+ throw new ServletException(
+ "Error occured when serializing the Policy",
+ e);
+ }
+ } else {
+
+ OutputStream out = res.getOutputStream();
+ res.setContentType("text/html");
+ String outStr = "<b>No effective policy for "
+ + serviceName + " service</b>";
+ out.write(outStr.getBytes());
+ }
+ }
+ }
+
+ private void handleXSDRequest(HttpServletRequest req, HttpServletResponse
res,
+ AxisService axisService) throws IOException {
+ if (!canExposeServiceMetadata(axisService)){
+ res.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+ res.setContentType("text/xml");
+ int ret = axisService.printXSD(res.getOutputStream(),
req.getParameter("xsd"));
+ if (ret == 0) {
+ //multiple schemas are present and the user specified
+ //no name - in this case we cannot possibly pump a schema
+ //so redirect to the service root
+ res.sendRedirect("");
+ } else if (ret == -1) {
+ res.sendError(HttpServletResponse.SC_NOT_FOUND);
+ }
+ }
+
+ private void handleWSDLRequest(HttpServletRequest req,
+ HttpServletResponse res,
+ String url,
+ AxisService axisService) throws IOException
{
+ if (!canExposeServiceMetadata(axisService)){
+ res.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+ OutputStream out = res.getOutputStream();
+ res.setContentType("text/xml");
+ String ip = extractHost(url);
+ String wsdlName = req.getParameter("wsdl");
+
+ if (wsdlName != null && wsdlName.length()>0) {
+ axisService.printUserWSDL(out, wsdlName, ip);
+ } else {
+ axisService.printWSDL(out, ip);
+ }
+ }
+
+ private void handleWSDL2Request(HttpServletRequest req,
+ HttpServletResponse res,
+ String url,
+ AxisService axisService) throws
IOException {
+ if (!canExposeServiceMetadata(axisService)){
+ res.sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
+ }
+ res.setContentType("text/xml");
+ String ip = extractHost(url);
+ String wsdlName = req.getParameter("wsdl2");
+
+ int ret = axisService.printWSDL2(res.getOutputStream(), ip, wsdlName);
+ if (ret == 0) {
+ res.sendRedirect("");
+ } else if (ret == -1) {
+ res.sendError(HttpServletResponse.SC_NOT_FOUND);
+ }
+ }
+
+ /**
+ * Checks whether exposing the WSDL & WSDL elements such as schema &
policy have been allowed
+ *
+ * @param service The AxisService which needs to be verified
+ * @throws IOException If exposing WSDL & WSDL elements has been
restricted.
+ * @return true - if service metadata can be exposed, false - otherwise
+ */
+ private boolean canExposeServiceMetadata(AxisService service) {
+ Parameter exposeServiceMetadata =
service.getParameter("exposeServiceMetadata");
+ if(exposeServiceMetadata != null &&
+ JavaUtils.isFalseExplicitly(exposeServiceMetadata.getValue())) {
+ return false;
+ }
+ return true;
+ }
+
protected void processListServices(HttpServletRequest req,
HttpServletResponse res)
throws IOException, ServletException {
Modified: axis/axis2/java/core/trunk/modules/webapp/conf/axis2.xml
URL:
http://svn.apache.org/viewvc/axis/axis2/java/core/trunk/modules/webapp/conf/axis2.xml?rev=1057147&r1=1057146&r2=1057147&view=diff
==============================================================================
--- axis/axis2/java/core/trunk/modules/webapp/conf/axis2.xml (original)
+++ axis/axis2/java/core/trunk/modules/webapp/conf/axis2.xml Mon Jan 10
10:57:21 2011
@@ -26,14 +26,24 @@
<parameter name="enableMTOM">false</parameter>
<parameter name="enableSwA">false</parameter>
-
- <parameter name="EnableChildFirstClassLoading">false</parameter>
-
<!--Uncomment if you want to enable file caching for attachments -->
<!--parameter name="cacheAttachments">true</parameter>
<parameter name="attachmentDIR"></parameter>
<parameter name="sizeThreshold">4000</parameter-->
+ <parameter name="EnableChildFirstClassLoading">false</parameter>
+
+ <!--
+ The exposeServiceMetadata parameter decides whether the metadata (WSDL,
schema, policy) of
+ the services deployed on Axis2 should be visible when ?wsdl, ?wsdl2,
?xsd, ?policy requests
+ are received.
+ This parameter can be defined in the axi2.xml file, in which case this
will be applicable
+ globally, or in the services.xml files, in which case, it will be
applicable to the
+ Service groups and/or services, depending on the level at which the
parameter is declared.
+ This value of this parameter defaults to true.
+ -->
+ <parameter name="exposeServiceMetadata">true</parameter>
+
<!--Uncomment if you want to plugin your own attachments lifecycle
implementation -->
<!--<attachmentsLifecycleManager
class="org.apache.axiom.attachments.lifecycle.impl.LifecycleManagerImpl"/>-->
