[jboss-user] [JBossWS] - Re: Protected Access to WSDL - How to define required Securi

alessio.soldano@jboss.com do-not-reply at jboss.com
Wed Nov 21 16:41:29 EST 2007


"centecbertl" wrote : Hi,
  | 
  | according to JBWS-723 it is possible to protect access to the WSDL requests of  Web-Services. Looking at it in more detail it appears that access does require only any valid login, but is not restricted to specific security roles.
  | 
  | Is it possible to restrict the access to WSDL´s of Web-Services in a role based manner per Web-Service?
Right now this feature is not available. Feel free to create a feature request issue on JIRA so that we or the community can work on it in the future.

anonymous wrote : Use case: We have a full web-service API for internal use. For Clients we want to make one or two of these services available without publishing the full API structure (services, data structures,...) related to internal web-services. So the idea is that access to internal web-services and their WSDL requires a security roles which are not granted to clients.
Ok, I understand your use case; btw, is it doable for you to use different security domains to protect services that should be accessed by internal users only? this could be another solution...

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4106910#4106910

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4106910




More information about the jboss-user mailing list