0 Replies Latest reply on Nov 13, 2018 2:28 AM by Qu Vad

    Secure WS endpoint for methods TRACE, HEAD, DELETE, CONNECT, OPTIONS, PUT

    Qu Vad Newbie

      Hi Dev,

       

      after migration from EAP 6.4 to EAP 7.1 I notice the following message in server log:

       

      09:39:48,847 WARN  [io.undertow.servlet] (ServerService Thread Pool -- 92) UT015020: Path /HeatManager is secured for some HTTP methods, however it is not secured for [TRACE, HEAD, DELETE, CONNECT, OPTIONS, PUT]

      09:39:48,848 INFO  [org.wildfly.extension.undertow] (ServerService Thread Pool -- 92) WFLYUT0021: Web-Kontext registriert: "/heat-ws" für Server "default-server"

       

      HeatManager is a webservice declared in java class as

       

      @WebService(name = "HeatManager", targetNamespace = Configuration.WEBSERVICE_NAMESPACE + "HeatManager", portName = "HeatManagerSOAP")

       

      and in jboss-webservices.xml as

       

      <context-root>heat-ws</context-root>

      <port-component>

      <ejb-name>HeatManagerImpl</ejb-name>

      <auth-method>BASIC</auth-method>

      <transport-guarantee>NONE</transport-guarantee>

      <secure-wsdl-access>true</secure-wsdl-access>

      </port-component>

       

      How can I secure all these methods for my endpoint?