Hi! I've gotten a soap service working nicely, and now I want to try it out in the real world. Unfortunately, by default soap installs a gaping security hole as the administrative client. I badly want to make it impossible to access this from anywhere other than the localhost.
I found this in the FAQ: >Modify your servlet container's security settings so that only certain IP addresses can access the admin page. If you >are running Tomcat with its security manager, you can add an entry for the soap webapp in the .policy file located in >the conf directory, and then you can control which IP addresses the webapp will accept connections from. This would be great advice, and would work pretty well for me. Unfortunately, I am unable to find any details on how to accomplish this in the /etc/tomcat4/catalina.policy file. I am running tomcat 4.04 with the soap.war file dumped in the webapps directory, and as far as I can tell, by the time this .policy file gets included, there isn't a way to restrict the IP addresses soap will talk to. Has anyone ever been able to actually get the FAQ advice to work? If so, could you point me in the right direction? Thanks, mike. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
