DX NetOps

  • 1.  restrict rest access

    Posted 12-21-2017 10:26 AM

    Is there a way to disable access to the REST interface on a specific OneClick?


    We have a set of OneClick servers that are dedicated to REST access.  People are supposed to use those for submitting their REST queries.  However, our community has discovered that all OneClicks support these calls, so we are seeing them submit their REST queries against our OneClick servers that are supposed to be for general user access (WebClient/OneClick).  I suspect we also have some that are hitting our SRM servers as well.  I would like to be able to disable REST on the WebClient/OneClick/SRM servers or limit the accounts that can submit REST calls on those systems.


    Is there a way to restrict access on specific servers?

  • 2.  Re: restrict rest access

    Posted 12-21-2017 02:52 PM

    Hey Bill,


    I would simply disable REST on those servers entirely:


    To disable the RESTful url you can delete the



    It would also be a good idea to modify the web.xml to remove the servlet definitions


        <servlet-name>ApacheCXF JAX-RS</servlet-name>
























        <servlet-name>RESTful Web Services registration servlet</servlet-name>







            RESTfulWebServices@RESTFULWEBSERVICES@RESTful Web Services@off;






    Hope that helps.  I am not aware of anyway to restrict it other than disable it.

    Though there may be a way to do it.

  • 3.  Re: restrict rest access

    Posted 12-21-2017 05:42 PM

    Thank you.  This is perfect.  For our situation, we would want to disable the REST on those systems where we want to restrict it's usage.  This fits our need perfectly.

  • 4.  Re: restrict rest access

    Posted 12-22-2017 08:44 AM


    It was after I started chatting with Roger that I realized why you guys had asked…makes sense!  


    Happy Holidays Bill!

  • 5.  RE: restrict rest access

    Posted 07-22-2019 05:27 AM
    Sorry that i bring up that old thread again.

    There is no way to controll which users on a server are able to access the RESTful API, isn't there?

    I totally want users to use the API, if it helps them. But i don't want to allow any user to use the API.
    For API access, i want to have some sort of "service users", and all the others should use OneClick Clients, but have no API access at all.



  • 6.  RE: restrict rest access

    Posted 08-16-2019 09:32 AM
    This seems very reasonable.

  • 7.  RE: restrict rest access

    Posted 01-20-2020 08:45 AM
    Please vote here:


    Solution Architect
    DICOS GmbH Kommunikationssysteme