Read the documentation about configuring your Manager. Basically you have to
change the
<init-param>
<param-name>ConfigFile</param-name>
<param-value>WEB-INF/yourconfigfile.xml</param-value>
</init-param>
to point to your file.
And in that file you can specify your config manager, it looks like this:
<soapServer>
<configManager value="com.yourClass" />
</soapServer>
vic .
On Fri, 28 Sep 2001 19:14, you wrote:
> Hi,
>
> Something cross my mind..when I was using this tool:
> >Usage: java org.apache.soap.server.ServiceManagerClient [-auth
>
> username:password] url operation arguments
>
> >where
> > username and password is the HTTP Basic authentication info
> > url is the Apache SOAP router's URL whose services are managed
> > operation and arguments are:
> > deploy deployment-descriptor-file.xml
> > list
> > query service-name
> > undeploy service-name
>
> and URL is be http://somehost.somedomain.com:8080/soap/servlet/rpcrouter
> for managing the soap services.
> This is also the URL we use by the soap client to connect to for soap
> deployed services.
>
> In a production environment over the internet, this can be very dangerous.
> Hackers can use the same tool
> to exploit the soap services we publish using this URL.
>
> Is there anyway I can turn off the Manager part of the rpcrouter
> [org.apache.soap.providers.RPCJavaProvider ]
> and still allow my client to connect to this URL? Is there another
> rpcrouter that does not have any management binary
> in it?
>
> Did I miss anything? Maybe is documented. If no such feature is avail, Can
> someone please
> show me how to work around?
>
> thanks 1000,
> Boon Pang
--
Victor Hadianto
Nuix Pty. Ltd. (02) 9283 9010
