glassfish
  1. glassfish
  2. GLASSFISH-3786

Ability to expose JAX-WS services selectively

    Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 9.1peur1
    • Fix Version/s: 9.1peur1
    • Component/s: web_services
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      3,786
    • Status Whiteboard:
      Hide

      911Approved

      Show
      911Approved

      Description

      Ability to selectively expose JAX-WS webservices through HTTP port in Glassfish
      will improve security and usability. Epecially for services with non HTTP-SOAP
      bindings and Services deployed through JBI container.

      Ex: Services deployed with non HTTP SOAP binding like JMS, SAP BC are exposed on
      default port 8080.

        Activity

        Hide
        Bhakti Mehta added a comment -

        Here is the patch waiting for approval
        Index: WebServiceEndpoint.java
        ===================================================================
        RCS file:
        /cvs/glassfish/appserv-commons/src/java/com/sun/enterprise/deployment/WebServiceEndpoint.java,v
        retrieving revision 1.24
        diff -r1.24 WebServiceEndpoint.java
        118a119,127

        > >
        > > /**
        > > * This requirement came from the JBI team who want certain
        > > * services to be private if the jbi.xml has a private field
        > > * then this webservice endpoint will have the jbiPrivate set to
        > > * true. For those webservice endpoints whose jbiPrivate is true
        > > * we will throw an error when the GET or POST req comes
        > > */
        > > private boolean jbiPrivate = false;
        >
        249a259,267

        > >
        > > public void setJBIPrivate(boolean jbiPrivate)

        { > > this.jbiPrivate = jbiPrivate; > > }

        > >
        > > public boolean isJBIPrivate()

        { > > return jbiPrivate; > > }

        > >
        >

        Index: EjbWebServiceServlet.java
        ===================================================================
        RCS file:
        /cvs/glassfish/appserv-core/src/java/com/sun/enterprise/webservice/EjbWebServiceServlet.java,v
        retrieving revision 1.21
        diff -r1.21 EjbWebServiceServlet.java
        100a101,117

        > >
        > > /**
        > > * This requirement came from the jbi team. If the WebServiceEndpoint
        > > * is a jbi endpoint which is private throw an error whenever a get
        > > * or a post request is made
        > > */
        > > Endpoint endpoint =
        WebServiceEngineImpl.getInstance().getEndpoint(hreq.getRequestURI());
        > > if(endpoint != null) {
        > > if ((endpoint.getDescriptor()!= null) &&
        (endpoint.getDescriptor().isJBIPrivate()))

        { > > String message = endpoint.getDescriptor().getWebService().getName() + > > " is a JBI private service; Access is denied."; > > hresp.setContentType("text/xml"); > > (new WsUtil()).writeInvalidMethodType(hresp, message); > > return; > > }

        > > }
        > >
        >
        104c121
        < Endpoint endpoint =
        WebServiceEngineImpl.getInstance().getEndpoint(hreq.getRequestURI());

        > >
        >
        111c128,139
        < }

        > > }
        > >
        > > if((endpoint!= null) ){
        > > if ((endpoint.getDescriptor()!= null) &&
        (endpoint.getDescriptor().isJBIPrivate())) {
        > > String message =
        endpoint.getDescriptor().getWebService().getName() +
        > > throws ServletException {
        >

        > > throws ServletException ,IOException{
        >
        143a144,158

        > > /**
        > > * This requirement came from the jbi team. If the WebServiceEndpoint
        > > * is a jbi endpoint which is private throw an error whenever a get
        > > * or a post request is made
        > > */
        > > Endpoint endpt = wsEngine_.getEndpoint(request.getServletPath());
        > > if (endpt != null) {
        > > if((endpt.getDescriptor() != null)
        &&(endpt.getDescriptor().isJBIPrivate()))

        { > > String message = endpt.getDescriptor().getWebService().getName()+ > > " is a JBI private service; Access is denied."; > > response.setContentType("text/xml"); > > (new WsUtil()).writeInvalidMethodType(response, message); > > return; > > }

        > > }
        >
        146c161
        < Endpoint endpt = wsEngine_.getEndpoint(request.getServletPath());

        > >
        >
        172a188,204

        > >
        > > /**
        > > * This requirement came from the jbi team. If the >
        response.setContentType("text/xml");
        > > (new WsUtil()).writeInvalidMethodType(response, message);
        > > return;
        > > }
        > > }
        > >
        >
        176c208
        < Endpoint endpt = wsEngine_.getEndpoint(request.getServletPath());

        > >
        >
        184a217,227

        > >
        > > if (endpt != null) {
        > > if ((endpt.getDescriptor() != null) &&
        (endpt.getDescriptor().isJBIPrivate()))

        { > > String message = endpt.getDescriptor().getWebService().getName() + > > " is a JBI private service; Access is denied."; > > response.setContentType("text/xml"); > > (new WsUtil()).writeInvalidMethodType(response, message); > > return; > > }

        > > }
        > >
        >

        Show
        Bhakti Mehta added a comment - Here is the patch waiting for approval Index: WebServiceEndpoint.java =================================================================== RCS file: /cvs/glassfish/appserv-commons/src/java/com/sun/enterprise/deployment/WebServiceEndpoint.java,v retrieving revision 1.24 diff -r1.24 WebServiceEndpoint.java 118a119,127 > > > > /** > > * This requirement came from the JBI team who want certain > > * services to be private if the jbi.xml has a private field > > * then this webservice endpoint will have the jbiPrivate set to > > * true. For those webservice endpoints whose jbiPrivate is true > > * we will throw an error when the GET or POST req comes > > */ > > private boolean jbiPrivate = false; > 249a259,267 > > > > public void setJBIPrivate(boolean jbiPrivate) { > > this.jbiPrivate = jbiPrivate; > > } > > > > public boolean isJBIPrivate() { > > return jbiPrivate; > > } > > > Index: EjbWebServiceServlet.java =================================================================== RCS file: /cvs/glassfish/appserv-core/src/java/com/sun/enterprise/webservice/EjbWebServiceServlet.java,v retrieving revision 1.21 diff -r1.21 EjbWebServiceServlet.java 100a101,117 > > > > /** > > * This requirement came from the jbi team. If the WebServiceEndpoint > > * is a jbi endpoint which is private throw an error whenever a get > > * or a post request is made > > */ > > Endpoint endpoint = WebServiceEngineImpl.getInstance().getEndpoint(hreq.getRequestURI()); > > if(endpoint != null) { > > if ((endpoint.getDescriptor()!= null) && (endpoint.getDescriptor().isJBIPrivate())) { > > String message = endpoint.getDescriptor().getWebService().getName() + > > " is a JBI private service; Access is denied."; > > hresp.setContentType("text/xml"); > > (new WsUtil()).writeInvalidMethodType(hresp, message); > > return; > > } > > } > > > 104c121 < Endpoint endpoint = WebServiceEngineImpl.getInstance().getEndpoint(hreq.getRequestURI()); — > > > 111c128,139 < } — > > } > > > > if((endpoint!= null) ){ > > if ((endpoint.getDescriptor()!= null) && (endpoint.getDescriptor().isJBIPrivate())) { > > String message = endpoint.getDescriptor().getWebService().getName() + > > throws ServletException { > — > > throws ServletException ,IOException{ > 143a144,158 > > /** > > * This requirement came from the jbi team. If the WebServiceEndpoint > > * is a jbi endpoint which is private throw an error whenever a get > > * or a post request is made > > */ > > Endpoint endpt = wsEngine_.getEndpoint(request.getServletPath()); > > if (endpt != null) { > > if((endpt.getDescriptor() != null) &&(endpt.getDescriptor().isJBIPrivate())) { > > String message = endpt.getDescriptor().getWebService().getName()+ > > " is a JBI private service; Access is denied."; > > response.setContentType("text/xml"); > > (new WsUtil()).writeInvalidMethodType(response, message); > > return; > > } > > } > 146c161 < Endpoint endpt = wsEngine_.getEndpoint(request.getServletPath()); — > > > 172a188,204 > > > > /** > > * This requirement came from the jbi team. If the > response.setContentType("text/xml"); > > (new WsUtil()).writeInvalidMethodType(response, message); > > return; > > } > > } > > > 176c208 < Endpoint endpt = wsEngine_.getEndpoint(request.getServletPath()); — > > > 184a217,227 > > > > if (endpt != null) { > > if ((endpt.getDescriptor() != null) && (endpt.getDescriptor().isJBIPrivate())) { > > String message = endpt.getDescriptor().getWebService().getName() + > > " is a JBI private service; Access is denied."; > > response.setContentType("text/xml"); > > (new WsUtil()).writeInvalidMethodType(response, message); > > return; > > } > > } > > >
        Hide
        Bhakti Mehta added a comment -

        Committed changes to last nights' v2.1 build Should be in GF v2.1 b20

        Show
        Bhakti Mehta added a comment - Committed changes to last nights' v2.1 build Should be in GF v2.1 b20
        Hide
        Bhavanishankar added a comment -

        Checked in JavaEE Service Engine part of the fix. The check-in details are at:

        https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=24443

        Also, checked in new devtests
        (jbi-serviceengine/service_unit/private_endpoints). The check-in details are at:

        https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=24462
        https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=24463

        Show
        Bhavanishankar added a comment - Checked in JavaEE Service Engine part of the fix. The check-in details are at: https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=24443 Also, checked in new devtests (jbi-serviceengine/service_unit/private_endpoints). The check-in details are at: https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=24462 https://glassfish.dev.java.net/servlets/ReadMsg?list=cvs&msgNo=24463
        Hide
        harpreet added a comment -

        Approved it for v2.1 as this functionality hides WS that are for private consumption.

        Show
        harpreet added a comment - Approved it for v2.1 as this functionality hides WS that are for private consumption.

          People

          • Assignee:
            Bhakti Mehta
            Reporter:
            gmpatil
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: