javaweb-servicesjax-wsweb-inf

How to secure a sun-jaxws java web service inside the webapp xml config files


I have a sun-jaxws xml web service:

package com.myWebservices.ws;

    import java.*;
    import javax.*;


    @WebService
    public class GetSomeInfo{

   //allow IP to consume web service
    private static final String IP = "192.168.0.1";

    @Resource
    WebServiceContext wsContext; 
        @WebMethod(operationName="getSomeInfo")
        public String getSomeInfo(String data) {

           MessageContext mc = wsContext.getMessageContext();
           HttpServletRequest req = (HttpServletRequest)mc.get(MessageContext.SERVLET_REQUEST);             


         //control access by IP inside the web service code
         if (!(req.getRemoteAddr().equals(IP)))         
                result = "ACCESS DENIED"; 
         else 
               String result = bean.executeSomeProcess(data);              
               return result        
        }
    }

The web service is protected by IP access as you can see. But the web service has public access, even if you do not obtain information only an "ACCESS DENIED", you can consume it.

I would like to know if is possible to configure the web service in their own webapp xml files configuration (WEB-INF/sun-jaxws.xml, web.xml, META-IN/context.xml, or anything..) the same protecction IP access, which rejects automatically any access to the web service that is not the same authorized IP, and nobody can even consume the web service.

Edit: adding info:

What I really need to to know if i can configure the web.xml file for JAX-RS filters and get an IP protecction access.

Thank you.


Solution

  • As Easy as adding a filter in web.xml

    https://knowledgebase.progress.com/articles/Article/How-to-configure-Tomcat-to-accept-only-localhost-access-for-the-Manager-Application