All deployed models and pools have web services for accessing table procedures and other features via SOAP/REST. By default, the WSDL metadata is discover-able with a web browser. To enhance security of your Verastream Host Integrator (VHI) web services, you may wish to disable the discover-ability of WSDL metadata, but leave the web services otherwise operational. This technical note describes how to make this server configuration change.
Note: To separately enable user authentication and authorization security features for accessing web services, see KB 7021314.
In Verastream Host Integrator version 7.6.47 or higher, to change the discoverability of web service WSDLs, complete the following steps:
- Deploy models and/or pools to the session server as usual (using Design Tool or activatemodel command line deployment utility).
- It is recommended that you stop the session server service as described in KB 7021352. This step avoids the possibility of configuration write conflicts.
- Edit the %VHI_ROOT%/sesssrvr/services/ws/META-INF/plugin-cfg.xml file (where %VHI_ROOT% is typically C:\Program Files\Attachmate\Verastream\HostIntegrator on Windows, or /opt/attachmate/verastream/hostintegrator on Linux/UNIX).
Note: Use caution when editing this file. It is recommended that you make a backup copy of your plugin-cfg.xml file before editing.
- After the comment line, add the desired entry key(s):
- To change the setting for the entire server (all models and pools):
- To override the server configuration for a specific model (replace modelname with your model name):
- To override the server configuration for a specific pool (replace poolname with your pool name):
- Save the modified plugin-cfg.xml file.
- Restart the session server as described in KB 7021352.
After completing the above procedure, the following behavior is observed:
- When you access the list of web services at http://<vhiserver>:9680 or https://<vhiserver>:9681, the WSDL link is no longer listed.
- If you attempt to use the original WSDL URL (ending with "?wsdl"), it will display an error: "Access is disabled by the administrator."
- After a model and/or pool is re-deployed from Design Tool, clicking the Test button (to open the WSDL URL) will display an error: "Access is disabled by the administrator."