Anonymous logon for SOAP Adapter

I would like to present a new way of accessing the SOAP Adapter with anonymous logon without changing the adapter configuration itself or without using any kind of header rewriting.

With the use of a simple servlet deployed in a webapp it is possible to do cross context dispatching – with this little “trick” anonymous logon for the SOAP Adapter is possible – but be aware of security – you need to extend this simple example to control access

Servlet source code


import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class AnonymousSoapServlet extends HttpServlet {
   
    private static final long serialVersionUID = 1L;
    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        getServletContext().getContext("/XISOAPAdapter").getRequestDispatcher("/MessageServlet").forward(req, resp);
    }
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        getServletContext().getContext("/XISOAPAdapter").getRequestDispatcher("/MessageServlet").forward(req, resp);
    }
}

2 Comments

You must be Logged on to comment or reply to a post.

Former Member

October 30, 2015 at 11:15 am

Hi Frank,

Clever.

But what is the full URL for invoking the anonymous Servlet and how does it identify the interface. Because the traditional SOAP URL has the interface namespace, etc.

Should the anonymous servlet also be called with all the query String applicable to standard SOAP sender.

Thanks.

Regards,

Sudharshan N A

Former Member

October 30, 2015 at 12:13 pm

Hi,

Tested it and got it working.

Once again, very clever trick.

Thanks.

Regards,

Sudharshan N A

Anonymous logon for SOAP Adapter

Assigned Tags