Trying to not let CXF show JAX-RS WADL documentation

Solution In Progress - Updated -

Environment

JBoss Fuse 6.1

Issue

We are trying to lockdown our production environment and if we allow "/cxf" it can show the WADL documentation.

We have tried to utilize ServletController#init but have discovered that it resets on restart which is bad for a production environment.

Is there a way to make it persistent through restarts? Or is there a workaround we could place in apache-httpd server to block "/cxf" but allow "/cxf/blah"?

Resolution

There was an option added to disable the WADL document display. For more detail, please take a look at this JIRA:
https://issues.apache.org/jira/browse/CXF-3553
It added an option called "ignoreRequest" and here is how to use it:

<bean id="wadlGenerator" class="org.apache.cxf.jaxrs.model.wadl.WadlGenerator">
    <property name="ignoreRequests" value="true" />
</bean>

And then reference this bean on your providers:

 <jaxrs:providers>
 ...
     <ref bean="wadlGenerator" />
 </jaxrs:providers>

Alternatively, you can try to use apache-httpd server http.conf configure file to control access to public while allowing internal:

<Location ~ "(/cxf$|cxf/$)">
      Order deny,allow
      Deny from all
      Allow from 1.1.1.1 2.2.2.2
</Location>

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.