|
Last modified: 28 Dec 2007
WARNING: This documentation covers Parallels H-Sphere versions up to 3.1. For the latest up-to-date Parallels H-Sphere documentation, please proceed to the
official Parallels site.
In order to tighten H-Sphere XML API security, the
psoft.hsphere.axis.AxisAccessFilter class is created,
implementing the javax.servlet.Filter interface.
This filter allows to check incoming request to a certain servlet to match some condition
BEFORE passing it to the servlet, and allows to wrap/change request/response.
When the filter is turned on, the following lines are added into the <web-app> tag
in the ~cpanel/hsphere/WEB-INF/web.xml file:
<filter>
<filter-name>axis_access_filter</filter-name>
<filter-class>psoft.hsphere.axis.AxisAccessFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>axis_access_filter</filter-name>
<servlet-name>AxisServletName</servlet-name>
</filter-mapping>
where AxisServletName is Axis servlet name (usually, AxisServlet) and
axis_access_filter is the filter's name.
Granting SOAP Access from Remote IPs
AxisAccessFilter checks if remote IP address of incoming request is specified in the
~cpanel/shiva/psoft_config/allow_access.properties file.
If this IP is in the file, the request will be passed to Axis servlet.
Otherwise the response will return the 403 error.
If the file does not exist, SOAP access is blocked for all IPs.
allow_access.properties has the following format:
a) To set the list of IPs (semicolon-separated):
ACCESS_ALLOW = ip1;ip2;ip3;...
b) To grant SOAP access from all IPs:
ACCESS_ALLOW = ALL
|
