How to Disable Web Service WSDL Metadata in Verastream Host Integrator

  • 7021311
  • 09-Jun-2014
  • 12-Mar-2018

Environment

Verastream Host Integrator version 7.6 SP1 or higher

Situation

All deployed models and pools have web services for accessing table procedures and other features via SOAP/REST. By default, the WSDL metadata is discover-able with a web browser. To enhance security of your Verastream Host Integrator (VHI) web services, you may wish to disable the discover-ability of WSDL metadata, but leave the web services otherwise operational. This technical note describes how to make this server configuration change.

Note: To separately enable user authentication and authorization security features for accessing web services, see KB 7021314.

Resolution

Procedure

In Verastream Host Integrator version 7.6.47 or higher, to change the discoverability of web service WSDLs, complete the following steps:

  1. Deploy models and/or pools to the session server as usual (using Design Tool or activatemodel command line deployment utility).
  2. It is recommended that you stop the session server service as described in KB 7021352. This step avoids the possibility of configuration write conflicts.
  3. Edit the %VHI_ROOT%/sesssrvr/services/ws/META-INF/plugin-cfg.xml file (where %VHI_ROOT% is typically C:\Program Files\Attachmate\Verastream\HostIntegrator on Windows, or /opt/attachmate/verastream/hostintegrator on Linux/UNIX).

Note: Use caution when editing this file. It is recommended that you make a backup copy of your plugin-cfg.xml file before editing.

  1. After the comment line, add the desired entry key(s):
    • To change the setting for the entire server (all models and pools):
<entry key="publishMetadataEnabled">false</entry>
    • To override the server configuration for a specific model (replace modelname with your model name):
<entry key="model.modelname.publishMetadataEnabled">false</entry>
    • To override the server configuration for a specific pool (replace poolname with your pool name):
<entry key="session.poolname.publishMetadataEnabled">false</entry>

Example:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
<properties>
    <comment>com.attachmate.vhi.ws.VhiPluginConfigImpl</comment>
    <entry key="publishMetadataEnabled">false</entry>
</properties>

  1. Save the modified plugin-cfg.xml file.
  2. Restart the session server as described in KB 7021352.

Results

After completing the above procedure, the following behavior is observed:

  • When you access the list of web services at http://<vhiserver>:9680 or https://<vhiserver>:9681, the WSDL link is no longer listed.
  • If you attempt to use the original WSDL URL (ending with "?wsdl"), it will display an error: "Access is disabled by the administrator."
  • After a model and/or pool is re-deployed from Design Tool, clicking the Test button (to open the WSDL URL) will display an error: "Access is disabled by the administrator."

Additional Information

Legacy KB ID

This document was originally published as Attachmate Technical Note 10156.