For example, if you have this servelt config in web.xml file:
<servlet> <servlet-name>ApacheCXF</servlet-name> <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>ApacheCXF</servlet-name> <url-pattern>/services/*</url-pattern> </servlet-mapping>
The CXF info page will be: http://domain/context/services.
In order to disable this page I found two solutions:
- Disable the page at all
- Securize the page
Disable the info page
In the servlet configuration you have to set the parameter "hide-service-list-page" to value "false".<servlet> <servlet-name>ApacheCXF</servlet-name> <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class> <init-param> <param-name>hide-service-list-page</param-name> <param-value>true</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>ApacheCXF</servlet-name> <url-pattern>/services/*</url-pattern> </servlet-mapping>
Securize the info page
You can allow only certain users (based on their Application Roles) see this page.In the web.xml file add the following lines:
<security-constraint> <display-name>CXF services list</display-name> <web-resource-collection> <web-resource-name>CXF services list</web-resource-name> <url-pattern>/services</url-pattern> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>roleAdminCXF</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <security-role> <role-name>roleAdminCXF</role-name> </security-role>
In this way, only users with roleAdminCXF will be able to see it.
No hay comentarios:
Publicar un comentario