'[jira] Commented: (AXIS2C-1484) Allow servers to bind to custom'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       axis-c-dev
Subject:    [jira] Commented: (AXIS2C-1484) Allow servers to bind to custom
From:       "Damitha Kumarage (JIRA)" <jira () apache ! org>
Date:       2010-07-15 13:31:50
Message-ID: 15380903.395661279200710302.JavaMail.jira () thor
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/AXIS2C-1484?page=com.atlassian.jira.plugin \
.system.issuetabpanels:comment-tabpanel&focusedCommentId=12888795#action_12888795 ] 

Damitha Kumarage commented on AXIS2C-1484:
------------------------------------------

Thanks for the patch which seems to be good.

It is ok to add this under core.receivers

Yes the header files are exposed as API. 
I think it is better to add a new function instead of changing the api of an existing \
function and then make the exisitng one deprecated for the next release. So
axutil_network_handler_create_server_socket  should change to
axutil_network_handler_create_server_socket_with_address

and 
axis2_http_svr_thread_create changes to
axis2_http_svr_thread_create_with_address.

Adding new function axis2_http_server_set_addr won't be a problem

I think passing an argument to server when starting would be the better solution
So I prefer adding  
axis2_http_server_create_with_addr .

Thanks,
Damitha

> Allow servers to bind to custom address only instead of INADDR_ANY
> ------------------------------------------------------------------
> 
> Key: AXIS2C-1484
> URL: https://issues.apache.org/jira/browse/AXIS2C-1484
> Project: Axis2-C
> Issue Type: New Feature
> Components: core/receivers
> Affects Versions: 1.6.0
> Reporter: Thomas Gentsch
> Attachments: patches.tar.gz
> 
> 
> Hi all!
> I have implemented this without major problems but have a few questions
> first:
> Process:
> - I'd open a jira entry in axis2c, describe the initial use case + the 
> solution, attach the patches
> - now, which area is most appropriate? I looked at the existing ones 
> and thought about "core.receivers" as it applies to http, tcp, ...?
> 
> - I guess, the Axis2c dev mailing list is more appropriate ... ?
> Design + Implementation:
> - we have to extend axutil_network_handler_create_server_socket()
> which is being called (what I have found)
> axis2_http_server_start()
> axis2_http_svr_thread_create()
> axutil_network_handler_create_server_socket()
> (same for TCP and in addition there is one more reference 
> in ./tools/tcpmon/src/session.c)
> - Now, normally I'd follow the goal to keep exposed APIs unchanged if 
> possible - the APIs we'd need to change in any case are
> - axutil_network_handler_create_server_socket()
> - axis2_http_svr_thread_create()
> Question: Are these exposed and/or used by API programmers?
> - Second, how to configure the listen address?
> Ideally, I'd like to do it the same was as the server port:
> - by API, e.g. axis2_http_server_create() and/or
> - by axis2.xml
> - The axis2.xml-way is not a problem, but regarding the API-way I 
> have another question:
> - we must not to change the existing axis2_http_server_create*() 
> interfaces
> - therefore the only way would be to add 2 more calls, e.g.
> axis2_http_server_create_with_addr(env, repo, addr, port)
> which makes then 4 on them -> not very nice
> - Alternatively, what I have done now, is to add a function
> axis2_http_server_set_addr(transpRecv, addr, env)
> which, if not called, retains the current behavior. If called 
> right after axis2_http_server_create() and before 
> axis2_transport_receiver_start(), it does the trick
> - Now, which one do you believe is better?
> Example:
> server = axis2_http_server_create(env, repo, port);
> axis2_http_server_set_addr(server, "127.0.0.1", env);
> axis2_transport_receiver_start(server, env);
> Patch files are attached for a first review :-)
> I have done it for HTTP only in a first attempt, but TCP would be
> exactly the same.
> Finally, in network_handler.c are a few other functions which I saw also
> bind to hard-coded INADDR_ANY - however I did not check, where they are
> called from ...
> Rgds,
> tge
> PS: Yes, the use case is that I want to have the chance to restrict
> access to my SOAP server to local clients only (in a configurable way).
> A user of my app may want this ...
> On Mon, 2010-06-14 at 15:18 +0530, Damitha Kumarage wrote:
> > Thomas Gentsch wrote:
> > > Hi Damitha,
> > > 
> > > many thx for your fast reply! Also, when re-reading my posting, it
> > > sounded a bit like a complaint - this was not my intention, sorry for
> > > that!
> > > 
> > > Technically, yes, this would be for security reasons, to protect a
> > > server from remote access entirely.
> > > 
> > This means you have a use case  where you use the server internally 
> > entirely?
> > > The advantages I see
> > > - very simple config + implementation (extending
> > > axutil_network_handler_create_server_socket should be no major problem,
> > > however I did not look at the calling code yet ... :-)
> > > - all config is in my own hands whereas setting up a firewall I have to
> > > ask other people (-> also a risk of breaking something)
> > > 
> > > If I can formulate a wish, I'd prefer a way to set this programmatically
> > > similar to the port in axis2_http_server_create_*() but probably
> > > axis2.xml would be a nice place too (like "port").
> > > 
> > I think it is better to pass a server start parameter like -i (run 
> > server internally) to do that.
> > > If you feel, this would help, I'm happy to contribute.
> > > 
> > Please send a patch.
> > Thanks,
> > Damitha
> > > Many thx + best regards,
> > > tge
> > > 
> > > On Mon, 2010-06-14 at 09:24 +0530, Damitha Kumarage wrote:
> > > 
> > > > Thomas Gentsch wrote:
> > > > 
> > > > > Hello there,
> > > > > 
> > > > > I was trying to find out whether there is any way to set up a SOAP
> > > > > server to listen only at 127.0.0.1 instead of * but could not find any
> > > > > to do this.
> > > > > Even worse, looking at the source in
> > > > > axutil_network_handler_create_server_socket() which appears to be the
> > > > > place, where this would happen, it seems as is this is not possible at
> > > > > all.
> > > > > 
> > > > > 
> > > > The simple reason you need your server only listen to 127.0.0.1 must be 
> > > > security.
> > > > But you can configure firewall to prevent access to port  on all IPs 
> > > > other than 127.0.0.1.
> > > > If this option is necessary we can implement it in 
> > > > axutil_network_handler_create_server_socket()
> > > > as you suggested.
> > > > 
> > > > Thanks,
> > > > Damitha
> > > > 
> > > > > Am I missing something? If this is really the case, are there any plans
> > > > > to add this?
> > > > > 
> > > > > Many thx + regards,
> > > > > tge

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic