Hi, Sorry I might have misread your earlier email. If you are concern about the security you can run soap via SSL, therefore other sites that doesn't have your certificate wouldn't be able to connect to your rpcrouter. Is this what you're trying to do?
/victor On Tue, 2 Oct 2001 13:15, you wrote: > Hi, > Thanks for replying... > > > <configManager value="com.yourClass" /> > > Do you mean I have to write my own config manager? I am new to SOAP for > about 2 weeks. > Is that the only solution? > > Can any soap engine developer please compile a rpcrouter container that is > safe for production? > In my novice opinion removing response to deploy, list, query and undeploy > command from any where > would be safe enough. We can live with rpcrouter loading the services > component from "DeployedServices.ds". > Usually the production environment are rather static. > > > cheers, > Boon Pang > > At 09:36 AM 10/2/2001 +1000, you wrote: > >Read the documentation about configuring your Manager. Basically you have > > to change the > > > > <init-param> > > <param-name>ConfigFile</param-name> > > <param-value>WEB-INF/yourconfigfile.xml</param-value> > > </init-param> > > > >to point to your file. > > > >And in that file you can specify your config manager, it looks like this: > > > > <soapServer> > > <configManager value="com.yourClass" /> > > </soapServer> > > > > > >vic . > > > >On Fri, 28 Sep 2001 19:14, you wrote: > > > Hi, > > > > > > Something cross my mind..when I was using this tool: > > > >Usage: java org.apache.soap.server.ServiceManagerClient [-auth > > > > > > username:password] url operation arguments > > > > > > >where > > > > username and password is the HTTP Basic authentication info > > > > url is the Apache SOAP router's URL whose services are > > > > managed operation and arguments are: > > > > deploy deployment-descriptor-file.xml > > > > list > > > > query service-name > > > > undeploy service-name > > > > > > and URL is be > > > http://somehost.somedomain.com:8080/soap/servlet/rpcrouter for managing > > > the soap services. > > > This is also the URL we use by the soap client to connect to for soap > > > deployed services. > > > > > > In a production environment over the internet, this can be very > > > dangerous. Hackers can use the same tool > > > to exploit the soap services we publish using this URL. > > > > > > Is there anyway I can turn off the Manager part of the rpcrouter > > > [org.apache.soap.providers.RPCJavaProvider ] > > > and still allow my client to connect to this URL? Is there another > > > rpcrouter that does not have any management binary > > > in it? > > > > > > Did I miss anything? Maybe is documented. If no such feature is avail, > > > Can someone please > > > show me how to work around? > > > > > > thanks 1000, > > > Boon Pang > > > >-- > >Victor Hadianto > >Nuix Pty. Ltd. (02) 9283 9010 -- Victor Hadianto Nuix Pty. Ltd. (02) 9283 9010
