Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Custom (WSDL?) Interface for clients  RSS feed

 
Aneesh Barthakur
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
So I have a web service which has say 4 methods. + a login +a logout method. When the client first encounters my webservice I want only the login method to be exposed. Thereafter, based on the login info, I want the set of methods(or operations) specific to the client say method 1,3 and 5, exposed. But since I'll be passing the requests on to a controller, I'd like all the requests to direct to a single implementing class, where I will do the processing. BTW I am creating a SOAP based web service using the JAX WS Provider Interface and deploying it on Tomcat.

Well, this has been asked of me, or to put it in my boss's words, generate a "dynamic WSDL". I'm not sure what he means, or if it is possible, but above is the gist of what is required. Can anyone give me any ideas? I'm pretty new at this and frankly I'm stumped. :P
 
Radhakrishna Sharma Gorenta
Ranch Hand
Posts: 63
Google App Engine Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Start dive into SOAP Web services world. There are 2 approaches, Code first and Contract(WSDL) first. The best practice is to develop SOAP web services using Contract first approach.
As per your question, you want to have a dynamic WSDL. What do you mean by that? Do you want to generate WSDL per every request from web service client? That's really really bad approach, because after doing every login, the WSDL need to be changed and deployed on the fly.. If you want your web service operations usable only by logged in users, try providing WS-Security.
 
Aneesh Barthakur
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Radhakrishna,

What do you mean by that? Do you want to generate WSDL per every request from web service client? That's really really bad approach, because after doing every login, the WSDL need to be changed and deployed on the fly..


Yes, that's what I was planning to do. The WSDL will need only minor edits based on the permissions of the client. Why is this a really bad approach?(Overhead?)

If you want your web service operations usable only by logged in users, try providing WS-Security.

No, the idea is not even to let my web service operations be VISIBLE to unauthorized clients, and only make those web operations visible which they do have authorization for. I don't think WS-Security will be helpful here.

Any more ideas?
 
Radhakrishna Sharma Gorenta
Ranch Hand
Posts: 63
Google App Engine Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok, It's a bad approach, because if your requirement is to change the WSDL, after every client request, your new WSDL(with allowed operations) need to be published. Here you need to think of publishing your new WSDL, after a client request is processed. If your client is accessing the WSDL say "http://abc.com/myservice?wsdl", then on the same address it is impossible to publish the WSDL, unless the application is re-deployed or server is re-started.
However you can use the EndPoin.publish("http://abc.com/myservice?wsdl"), through code, but when the port is already in use, it will throw exception.

Best solution is to write separate the WSDLs based on the operations to be exposed. Then your client should get the secured WSDL's URI, only when the first call is success. That means the first web servce call response will also contains the other WSDL's URI based on the user role.
 
Aneesh Barthakur
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, incidentally that was my initial idea, but my boss wants a lot of permutations and combinations, so not possible to have a large no. of secured WSDLs.

So what I finally came up with is intercepting the GET request for the WSDL and sending back my own custom WSDL as an HTTP response. So I'm effectively "masking" the published WSDL. I do think this is what programmers (too new to call myself one) call a "hack". At the very least, its distasteful. :P
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!