{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 贼婆χ 的问题《Hiding WSDL in JAX-WS》','https://www.manongdao.com/q-730901.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm, using JAX-WS in order to build and deploy web-services.
Everything is working properly, however I need to hide the WSDL. In other words, If the user goes to the following URL: http://foo.com/wm-ws/WMService2?wsdl, i don't want the WSDL to show.
I read that we could use the @WSDL annotation so i did that as follows:
@WebService(serviceName = "WMService2",
targetNamespace = "http://test.wmservice.soap/",
portName = "WMService2")
@WSDL(exposed = false)
public class WMService2
{
...
}
But this doesn't change anything..The WSDL is still showing. I've seen work-around where a filter is created, but i think it's an overkill.
Any ideas?
For starters, your client will likely require the WSDL at runtime. It is possible to get around this with hand-crafted client code or by including a local copy of the WSDL (which requires a bit of magic in an EE environment, namely packaging the WSDL in your artifact and specifying a wsdl-location in your wsimport (I can provide more info if desired; this is also a valid solution: JAX-WS client : what's the correct path to access the local WSDL?). This explains more about the dependency but it's also a good idea to have it available for interoperability: Why is WSDL required for Java Client at runtime?
With that said, it sounds like what you're actually trying to accomplish is restrict access to web resources, which is easily accomplished with a web.xml. Specifically you can add a security constraint,
although this will mean that you must set up authentication in your container and authenticate in your client (what is your container? client?). The url-pattern can be anything and the role-name * indicates any authenticated user may access the resource.
About security contraints: http://docs.oracle.com/cd/E19798-01/821-1841/bncbk/index.html