You should be able to remove the xfire-servlet mapping from your web.xml. Of course, to thoroughly remove it, you should remove XFire JARs from your project (and build files) and see what doesn't compile (then remove those classes).
Matt On Mon, Jul 27, 2009 at 11:06 PM, Dale Newfield <d...@newfield.org> wrote: > OWASP's "Security Analysis of Core J2EE Design Patterns" says I should turn > off the serving of WSDL files: > > http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project/EISTier#tab=Web_Service_Broker > > Publishing WSDL Files >> Web Services Description Language (WSDL) files provide details on how >> to access web services and are very useful to attackers. Many SOAP >> frameworks publish the WSDL by default (e.g. http://url/path?WSDL). Turn >> > > this feature off. > > My application was originally created with AppFuse 1.9.x, and still uses > XFire for web services. I've aborted the update process to CXF on more than > one occasion (for reasons I don't currently recall), and I don't seem to be > able to locate any documentation describing how to turn this off...has > anyone here already done this? If so, pointers would be appreciated... > > -Dale > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net > For additional commands, e-mail: users-h...@appfuse.dev.java.net > >
