[
https://issues.apache.org/jira/browse/AXIS2-3278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13267259#comment-13267259
]
Sagara Gunathunga commented on AXIS2-3278:
-------------------------------------------
In this case we should not remove the clue we have to provide those details.
I'm OK with the approach that return a 404 error code and print error messages
on console. But we have lived with existing approach for a long time and we
need to know what other users think about this. Can you send a mail to both dev
and user list with your suggestion ?
> Allow Customizable WSDL generation error messages
> -------------------------------------------------
>
> Key: AXIS2-3278
> URL: https://issues.apache.org/jira/browse/AXIS2-3278
> Project: Axis2
> Issue Type: New Feature
> Components: wsdl
> Affects Versions: 1.3
> Environment: Axis2 (1.3)
> Reporter: Nathan Hook
> Assignee: Deepal Jayasinghe
> Priority: Minor
> Attachments: AXIS2-3278.patch
>
>
> When setting the value useOriginalwsdl to true in a services.xml and not
> providing a wsdl file in your directory the following message occurs:
> Unable to generate WSDL 1.1 for this serviceIf you wish Axis2 to
> automatically generate the WSDL 1.1, then please +set useOriginalwsdl as
> false in your services.xml
> However, it would be better if a customizable error message (including a
> blank message) could be returned or even better allow the behavior to return
> different http error codes like 404 where the wsdl is effectively hidden
> without giving a clue that it exists.
> A work around for this is to create a filter that will check to see if
> someone is try to access the wsdl file directly and then return a 404 or what
> ever type of message they chose.
> Here is an example filter class:
> import java.io.*;
> import java.util.*;
> import javax.servlet.*;
> import javax.servlet.http.*;
> public class WebServiceSecurityFilter implements Filter
> {
> private static org.apache.log4j.Logger log =
> org.apache.log4j.Logger.getLogger(WebServiceSecurityFilter.class);
>
> public void doFilter(ServletRequest request, ServletResponse response,
> FilterChain filterChain) throws IOException, ServletException
> {
> HttpServletRequest httpRequest = (HttpServletRequest)request;
>
> if(!httpRequest.getQueryString().contains("wsdl"))
> {
> filterChain.doFilter(request, response);
> }
> else
> {
> log.debug("WebServiceSecurityFilter - Unauthorized WSDL
> Access Attempt");
> log.debug(" remote ip: " + address);
>
> HttpServletResponse httpResponse =
> (HttpServletResponse)response;
>
> httpResponse.setStatus(HttpServletResponse.SC_NOT_FOUND);
>
> RequestDispatcher dispatcher =
> request.getRequestDispatcher("/WEB-INF/error_pages/404.html");
> dispatcher.forward(request, response);
> }
> }
>
> public void init(FilterConfig config)
> {
>
> }
>
> public void destroy()
> {
>
> }
> }
> Thank you for your time.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
