I have a sun-jaxws xml web service:
package com.myWebservices.ws;
import java.*;
import javax.*;
@WebService
public class GetSomeInfo{
//allow IP to consume web service
private static final String IP = "192.168.0.1";
@Resource
WebServiceContext wsContext;
@WebMethod(operationName="getSomeInfo")
public String getSomeInfo(String data) {
MessageContext mc = wsContext.getMessageContext();
HttpServletRequest req = (HttpServletRequest)mc.get(MessageContext.SERVLET_REQUEST);
//control access by IP inside the web service code
if (!(req.getRemoteAddr().equals(IP)))
result = "ACCESS DENIED";
else
String result = bean.executeSomeProcess(data);
return result
}
}
The web service is protected by IP access as you can see. But the web service has public access, even if you do not obtain information only an "ACCESS DENIED", you can consume it.
I would like to know if is possible to configure the web service in their own webapp xml files configuration (WEB-INF/sun-jaxws.xml, web.xml, META-IN/context.xml, or anything..) the same protecction IP access, which rejects automatically any access to the web service that is not the same authorized IP, and nobody can even consume the web service.
Edit: adding info:
What I really need to to know if i can configure the web.xml file for JAX-RS filters and get an IP protecction access.
Thank you.
As Easy as adding a filter in web.xml