Java WSDL modifies or hides some properties on the web view
Is it possible for TLDR to create an "alias" for the IP address (for example, 0.0.0.0:8080 / services as server_1) or any other attribute on the WSDL content when someone reads it? close:
<entry key="org.apache.cxf.endpoint.private" value="true"/>
For the service list, it remains fully functional but hides the service list
What if so? If not, is there any way to hide it without using @ xmltransient, because if we use it, and from my understanding, the program won't even map this element, so it won't work anymore
I am using spring and Jax - rs to handle soap services
After the ethical hacking test, we are protecting our application. As a result, we expose the service and production IP addresses on the URL
We can hide the list of services from the web view. For example, if we visit http: / / localhost: 8080 / foo / services, we will receive the following text:
No services have been found.
That's good. We do it by following this answer, but it's not in CXF servlet XML file, but in ApplicationContext - {modulename} XML file
Now, if we know or have access to any WSDL path, we can still see the WSDL content (including the production IP address). If we enter:
http://localhost:8080/foo/services/bar?_wsdl
We have a similar definition as follows (I edited it for security reasons):
<application
xmlns="http://wsdl.dev.java.net/2009/02"
xmlns:xs="http://www.w3.org/2001/XMLSchema">
<grammars/>
<resources base="http://localhost:8080/foo/services/bar">
<resource path="/VX">
<resource path="/anotherPath">
<method name="POST">
<request>
<representation mediaType="application/x-www-form-urlencoded">
<param name="someParam" style="query" type="xs:string"/>
</representation>
</request>
<response>
<representation mediaType="application/json">
<param name="anotherParam" style="plain" type="xs:string"/>
</representation>
</response>
</method>
</resource>
</resource>
</resources>
</application>
How can I, for example, edit properties at run time
<resources base="http://localhost:8080/foo/services/bar">
Favorite things
<resources base="SERVER_1">
Well, we know server internally_ What IP address do you have, but those who try to get there don't. in other words, how can I create an alias for the IP address and use it instead of the real IP address?
This is because we have about 10 servers, and each server has a different IP address. If we need to perform some production debugging, we need to know our server, so we want to avoid hiding the entire WSDL content (because I know it can be completed, because the module has this configuration)
I know I can use @ xmltransient annotation, but according to docs:
Therefore, according to my understanding, if I use this annotation on the attribute containing IP address, it will no longer be valid
If this is impossible, what other suggestions would you make to solve this special situation?
We use a top-down approach to create services (that is, we get the WSDL, and we use wsdl2java to create Java objects service interfaces from it)
Solution
TLDR: use DNS to assign a name to your IP address
You have a soap service To use it, you need to know the address of the endpoint So you'll expose it anyway Security through obscurity. Is not recommended
This is where DNS was invented Alias of IP address It is not a good practice to use IP addresses for services Therefore, set DNS (or use host files) to assign a name to each IP address