Mailing-List: contact java-dev-help@axis.apache.org; run by ezmlm
Precedence: bulk
Reply-To: java-dev@axis.apache.org
Date: Tue, 1 May 2012 14:59:49 +0000 (UTC)
From: "Kishanthan Thangarajah (JIRA)" <jira@apache.org>
To: java-dev@axis.apache.org
Message-ID: 
 <1011436051.13374.1335884389508.JavaMail.tomcat@hel.zones.apache.org>
Subject: [jira] [Updated] (AXIS2-3278) Allow Customizable WSDL generation
 error messages
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


     [ https://issues.apache.org/jira/browse/AXIS2-3278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kishanthan Thangarajah updated AXIS2-3278:
------------------------------------------

    Attachment: AXIS2-3278.patch

This patch includes the proposed improvement. If the useOriginalWsdl is set to true and if the wsdl file is not found, then 404 status will be returned.
                
> Allow Customizable WSDL generation error messages
> -------------------------------------------------
>
>                 Key: AXIS2-3278
>                 URL: https://issues.apache.org/jira/browse/AXIS2-3278
>             Project: Axis2
>          Issue Type: New Feature
>          Components: wsdl
>    Affects Versions: 1.3
>         Environment: Axis2 (1.3)
>            Reporter: Nathan Hook
>            Assignee: Deepal Jayasinghe
>            Priority: Minor
>         Attachments: AXIS2-3278.patch
>
>
> When setting the value useOriginalwsdl to true in a services.xml and not providing a wsdl file in your directory the following message occurs:
> Unable to generate WSDL 1.1 for this serviceIf you wish Axis2 to automatically generate the WSDL 1.1, then please +set  useOriginalwsdl as false in your services.xml
> However, it would be better if a customizable error message (including a blank message) could be returned or even better allow the behavior to return different http error codes like 404 where the wsdl is effectively hidden without giving a clue that it exists.
> A work around for this is to create a filter that will check to see if someone is try to access the wsdl file directly and then return a 404 or what ever type of message they chose.
> Here is an example filter class:
> import java.io.*;
> import java.util.*;
> import javax.servlet.*;
> import javax.servlet.http.*;
> public class WebServiceSecurityFilter implements Filter
> {
> 	private static org.apache.log4j.Logger log = org.apache.log4j.Logger.getLogger(WebServiceSecurityFilter.class);
> 	
> 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException
> 	{
> 		HttpServletRequest httpRequest = (HttpServletRequest)request;
> 		
> 		if(!httpRequest.getQueryString().contains("wsdl"))
> 		{
> 			filterChain.doFilter(request, response);
> 		}
> 		else
> 		{
> 			log.debug("WebServiceSecurityFilter - Unauthorized WSDL Access Attempt");
> 			log.debug("    remote ip: " + address);
> 			
> 			HttpServletResponse httpResponse = (HttpServletResponse)response;
> 			httpResponse.setStatus(HttpServletResponse.SC_NOT_FOUND);
> 			
> 			RequestDispatcher dispatcher = request.getRequestDispatcher("/WEB-INF/error_pages/404.html");
> 			dispatcher.forward(request, response);
> 		}
> 	}
> 	
> 	public void init(FilterConfig config)
> 	{
> 		
> 	}
> 	
> 	public void destroy()
> 	{
> 		
> 	}
> }
> Thank you for your time.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org