Hi Frizz,
you can take a look at this class
https://github.com/apache/cxf/blob/master/rt/transports/http/src/main/java/org/apache/cxf/transport/http/osgi/HTTPTransportActivator.java
This is where the CXF servlet is configured from the config admin service.
So the file to edit is etc/org.apache.cxf.osgi.cfg
# This will hide the complete service list
org.apache.cxf.servlet.hide-service-list-page=true
# This enables authentication using JAAS
org.apache.cxf.servlet.service-list-page-authenticate=true
# There you can set the auth realm. The default of karaf should be fine
org.apache.cxf.servlet.service-list-page-authenticate-realm=karaf
If you set it like this then a jaas login will occur. So everyone with a
valid user for the karaf instance can authenticate and see the page.
You can try it by using the default karaf user / password (karaf/karaf).
Christian
On 04.07.2014 14:21, Frizz wrote:
When I go to http://localhost:8040/services (configurable via
etc/org.apache.cxf.osgi.cfg) I get a list of all available web services.
Is there an option to disable this?
Or even better: Can I secure access to this information (so that it's
not available for everyone)?
--
Christian Schneider
http://www.liquid-reality.de
Open Source Architect
http://www.talend.com
