Create a way to filter endpoint URL [SWS-899]

[gregturn]

Daniel Conde Diehl opened SWS-899 and commented

In the configuration of MessageDispatcherServlet
there is no way to restrict the endpoint access.

The problem is that I want to create security-constraint for the Actual Service calls, but have my WSDLs open.

I have this on web.xml:
<servlet>
<servlet-name>spring-ws</servlet-name>
<servlet-class>org.springframework.ws.transport.http.MessageDispatcherServlet</servlet-class>
...
</servlet>
<servlet-mapping>
<servlet-name>spring-ws</servlet-name>
<url-pattern>/services/*</url-pattern>

<security-constraint>
	<web-resource-collection>
		<web-resource-name>Unsecured</web-resource-name>
		<url-pattern>/services/test.wsdl</url-pattern>
	</web-resource-collection>
	<user-data-constraint>
		<transport-guarantee>NONE</transport-guarantee>
	</user-data-constraint>
</security-constraint>
-->
<security-constraint>
	<web-resource-collection>
		<web-resource-name>HttpAuth</web-resource-name>
		<url-pattern>/services/*</url-pattern>
	</web-resource-collection>
	<auth-constraint>
		<role-name>ws-user</role-name>
	</auth-constraint>
	<user-data-constraint>
		<transport-guarantee>INTEGRAL</transport-guarantee>
	</user-data-constraint>
	
</security-constraint>
<login-config>
	<auth-method>BASIC</auth-method>
	<realm-name>myrealm</realm-name>
</login-config>
<security-role>
	<role-name>ws-user</role-name>
</security-role>

But when I use my client using endpoint http://myserver/myapp/services/test.wsdl, MessageDispatcher does not filter that it is a wsdl Call, and still executes my Endpoint Method.

I would expect only returning the wsdl in this URL call.

---

Affects: 2.2.1