DX NetOps

Expand all | Collapse all

restrict rest access

  • 1.  restrict rest access

    Posted 12-21-2017 10:26 AM

    Is there a way to disable access to the REST interface on a specific OneClick?

     

    We have a set of OneClick servers that are dedicated to REST access.  People are supposed to use those for submitting their REST queries.  However, our community has discovered that all OneClicks support these calls, so we are seeing them submit their REST queries against our OneClick servers that are supposed to be for general user access (WebClient/OneClick).  I suspect we also have some that are hitting our SRM servers as well.  I would like to be able to disable REST on the WebClient/OneClick/SRM servers or limit the accounts that can submit REST calls on those systems.

     

    Is there a way to restrict access on specific servers?



  • 2.  Re: restrict rest access

    Posted 12-21-2017 02:52 PM

    Hey Bill,

     

    I would simply disable REST on those servers entirely:

     

    To disable the RESTful url you can delete the

    \tomcat\lib\spectrumrest.jar.  

     

    It would also be a good idea to modify the web.xml to remove the servlet definitions

    <servlet>

        <servlet-name>ApacheCXF JAX-RS</servlet-name>

        <servlet-class>

          com.ca.spectrum.restful.servlet.framework.CXFNonSpringJaxrsServlet

        </servlet-class>

        <init-param>

          <param-name>jaxrs.serviceClasses</param-name>

          <param-value>

            com.ca.spectrum.restful.servlet.ActionServlet

            com.ca.spectrum.restful.servlet.AlarmServlet

            com.ca.spectrum.restful.servlet.AssociationServlet

            com.ca.spectrum.restful.servlet.DeviceServlet

            com.ca.spectrum.restful.servlet.LandscapeServlet

            com.ca.spectrum.restful.servlet.ModelServlet

            com.ca.spectrum.restful.servlet.ModelsServlet

            com.ca.spectrum.restful.servlet.SubscriptionServlet

            com.ca.spectrum.restful.servlet.AttributeServlet

            com.ca.spectrum.restful.servlet.TestNotificationServlet

            com.ca.spectrum.restful.servlet.ConnectivityServlet

            com.ca.spectrum.restful.servlet.EventServlet

          </param-value>

        </init-param>

        <load-on-startup>100</load-on-startup>

      </servlet>

      <servlet>

        <servlet-name>RESTful Web Services registration servlet</servlet-name>

        <servlet-class>

          com.aprisma.spectrum.app.web.servlet.RegistrationServlet

        </servlet-class>

        <init-param>

          <param-name>com.aprisma.spectrum.debug.modules</param-name>

          <param-value>

            RESTfulWebServices@RESTFULWEBSERVICES@RESTful Web Services@off;

          </param-value>

        </init-param>

        <load-on-startup>2</load-on-startup>

      </servlet>

     

    Hope that helps.  I am not aware of anyway to restrict it other than disable it.

    Though there may be a way to do it.



  • 3.  Re: restrict rest access

    Posted 12-21-2017 05:42 PM

    Thank you.  This is perfect.  For our situation, we would want to disable the REST on those systems where we want to restrict it's usage.  This fits our need perfectly.



  • 4.  Re: restrict rest access

    Posted 12-22-2017 08:44 AM

    Awesome!

    It was after I started chatting with Roger that I realized why you guys had asked…makes sense!  

     

    Happy Holidays Bill!



  • 5.  RE: restrict rest access

    Posted 07-22-2019 05:27 AM
    Sorry that i bring up that old thread again.

    There is no way to controll which users on a server are able to access the RESTful API, isn't there? 

    I totally want users to use the API, if it helps them. But i don't want to allow any user to use the API. 
    For API access, i want to have some sort of "service users", and all the others should use OneClick Clients, but have no API access at all.

    ------------------------------
    Regards

    Marco
    ------------------------------



  • 6.  RE: restrict rest access

    Posted 8 days ago
    This seems very reasonable.