Secure WS endpoint for methods TRACE, HEAD, DELETE, CONNECT, OPTIONS, PUT

quvad Nov 13, 2018 2:28 AM

Hi Dev,

after migration from EAP 6.4 to EAP 7.1 I notice the following message in server log:

09:39:48,847 WARN [io.undertow.servlet] (ServerService Thread Pool -- 92) UT015020: Path /HeatManager is secured for some HTTP methods, however it is not secured for [TRACE, HEAD, DELETE, CONNECT, OPTIONS, PUT]

09:39:48,848 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 92) WFLYUT0021: Web-Kontext registriert: "/heat-ws" für Server "default-server"

HeatManager is a webservice declared in java class as

@WebService(name = "HeatManager", targetNamespace = Configuration.WEBSERVICE_NAMESPACE + "HeatManager", portName = "HeatManagerSOAP")

and in jboss-webservices.xml as

<context-root>heat-ws</context-root>

<port-component>

<ejb-name>HeatManagerImpl</ejb-name>

<auth-method>BASIC</auth-method>

<transport-guarantee>NONE</transport-guarantee>

<secure-wsdl-access>true</secure-wsdl-access>

</port-component>

How can I secure all these methods for my endpoint?