cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arul Dhesiaseelan <a...@fluxcorp.com>
Subject Re: Fw: Entitlements in webservices
Date Sat, 17 Jan 2009 00:12:47 GMT
Scott,

I had implemented something very similar to Dan suggested,  but using 
CXF APIs (not using XML config). It worked like a charm.
I was running some 5 services on the same port but with different 
endpoints. In fact, my requirement was to just provide a Java API to the 
external world so that client won't even have to access the wsdl. So I 
safely disabled the WSDL access and all worked.

It should probably work the same way when using in containers too.

-Arul

scott.w.sinclair@jpmchase.com wrote:
> Hi,
>
> I am wanting to publish 2 versions of all of my services, an external 
> version with limitied data and methods, and and internal version which 
> provides access to all data.
>
> Is it possible in Apache CXF to have 2 different urls in the same webapp 
> and then publish the different versions accordingly? For example, can I 
> have /services/external - for external services  and /services/internal 
> for internal web services.
>
> Any help is appricated!
>
> Thanks,
>
> Scott
>
> Desk Phone : (+44)-141-228-5450 (direct)
> e-mail : scott.w.sinclair@jpmchase.com
> ----- Forwarded by Scott W Sinclair/JPMCHASE on 16/01/2009 09:48 -----
>
> Scott W Sinclair/JPMCHASE
> 15/01/2009 12:12
>
> To
> users@cxf.apache.org
> cc
> andrew.clegg@gmail.com, users@cxf.apache.org
> Subject
> Re: Entitlements in webservices
>
>
>
>
>
> Hi Andrew, 
>
> Yes, manually controlling the WSDL  is a great idea, I guess then I am 
> also moving to a more contract first approach :)
>
>
> Thanks & Regards,
>
>
> Scott Sinclair
>
> JP Morgan Chase 
> 45, Waterloo Street
> Alhambra House - 5th Floor
> (Exotics and Hybrids - JPMorgan Structured Products)
> Glasgow G2 6HS 
> Scotland
>
> Desk Phone : (+44)-141-228-5450 (direct)
> e-mail : scott.w.sinclair@jpmchase.com
>
>
>
> "Andrew Clegg" <andrew@nervechannel.com> 
> Sent by: andrew.clegg@gmail.com
> 15/01/2009 11:49
> Please respond to
> users@cxf.apache.org
>
>
> To
> users@cxf.apache.org
> cc
>
> Subject
> Re: Entitlements in webservices
>
>
>
>
>
>
> This isn't a job for the web service layer -- this is a job for the
> business logic layer that retrieves the data from the database (or
> wherever it's coming from). In my opinion.
>
> In the long run I suspect it'll be much less effort to maintain two
> separate interfaces, one for internal clients and one for external,
> backed by different parameters to the database queries.
>
> You could try to do something funky with filtering the WSDLs and SOAP
> messages, but you'd risk an error letting something leak out to your
> customers, and if you're serving financial information that could get
> you into hot water...
>
> Andrew.
>
> 2009/1/15  <scott.w.sinclair@jpmchase.com>:
>   
>> Hi,
>>
>> I have the requirement to provide webservices, to internal clients who
>> should see all data we have, and external clients who should see a 
>>     
> subset
>   
>> of the data.
>>
>> Is there an established way in webservices or CXF to handle this?
>>
>> One easy way would be to have a layer which would walk the object graph 
>>     
> of
>   
>> a returned value, setting NULL or 0 where appropriate. The problem is 
>>     
> that
>   
>> some clients may think 0 is a proper value and that they are seeing
>> something they should not be seeing.
>>
>> I think a cooler way would be to have different WSDL generated, so the
>> client stubs don't even have the fields in their generated classes.  But
>> how can I make one interface publish 2 different WSDLs and is there a 
>>     
> way
>   
>> to autogenerate the WSDLs (as I am doing), but perform some kind of
>> filtering on how the POJOs are published to WSDL?
>>
>> Thanks for any help!
>>
>>
>> Scott Sinclair
>>
>>
>>
>> -----------------------------------------
>> This communication is for informational purposes only. It is not
>> intended as an offer or solicitation for the purchase or sale of
>> any financial instrument or as an official confirmation of any
>> transaction. All market prices, data and other information are not
>> warranted as to completeness or accuracy and are subject to change
>> without notice. Any comments or statements made herein do not
>> necessarily reflect those of JPMorgan Chase & Co., its subsidiaries
>> and affiliates.
>>
>> This transmission may contain information that is privileged,
>> confidential, legally privileged, and/or exempt from disclosure
>> under applicable law. If you are not the intended recipient, you
>> are hereby notified that any disclosure, copying, distribution, or
>> use of the information contained herein (including any reliance
>> thereon) is STRICTLY PROHIBITED. Although this transmission and any
>> attachments are believed to be free of any virus or other defect
>> that might affect any computer system into which it is received and
>> opened, it is the responsibility of the recipient to ensure that it
>> is virus free and no responsibility is accepted by JPMorgan Chase &
>> Co., its subsidiaries and affiliates, as applicable, for any loss
>> or damage arising in any way from its use. If you received this
>> transmission in error, please immediately contact the sender and
>> destroy the material in its entirety, whether in electronic or hard
>> copy format. Thank you.
>>
>> Please refer to http://www.jpmorgan.com/pages/disclosures for
>> disclosures relating to UK legal entities.
>>     
>
>
>
>   


Mime
View raw message