Parallels H-Sphere Documentation Developer Guide H-Sphere XML API Reference

 

H-Sphere XML API Security Settings

(version 2.4 and up)
 
 

Related Docs:   H-Sphere XML API Reference

Last modified: 28 Dec 2007

 

WARNING: This documentation covers Parallels H-Sphere versions up to 3.1. For the latest up-to-date Parallels H-Sphere documentation, please proceed to the official Parallels site.

In order to tighten H-Sphere XML API security, the psoft.hsphere.axis.AxisAccessFilter class is created, implementing the javax.servlet.Filter interface. This filter allows to check incoming request to a certain servlet to match some condition BEFORE passing it to the servlet, and allows to wrap/change request/response.

When the filter is turned on, the following lines are added into the <web-app> tag in the ~cpanel/hsphere/WEB-INF/web.xml file:

<filter>
    <filter-name>axis_access_filter</filter-name>
    <filter-class>psoft.hsphere.axis.AxisAccessFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>axis_access_filter</filter-name>
    <servlet-name>AxisServletName</servlet-name>
</filter-mapping>

where AxisServletName is Axis servlet name (usually, AxisServlet) and axis_access_filter is the filter's name.

 

Granting SOAP Access from Remote IPs

AxisAccessFilter checks if remote IP address of incoming request is specified in the ~cpanel/shiva/psoft_config/allow_access.properties file. If this IP is in the file, the request will be passed to Axis servlet. Otherwise the response will return the 403 error.

If the file does not exist, SOAP access is blocked for all IPs.

allow_access.properties has the following format:

a) To set the list of IPs (semicolon-separated):

ACCESS_ALLOW = ip1;ip2;ip3;...

b) To grant SOAP access from all IPs:

ACCESS_ALLOW = ALL


Related Docs:   H-Sphere XML API Reference



© Copyright 2017. Parallels Holdings. All rights reserved.