Hi All,

    I have a couple of questions which are related ...

I have a real time job that is exposed as a web service.

1. Is there a way in which i can disable admin level operations from being published in the WSDL?

In CMS I not only see my custom web service but also see a bunch of jobs like “Delete_Repo_Objects” automatically published in the WSDL. If i try to delete these from the WSDL I get an error message saying “The selected action is not applicable to EPO_OP_ADMIN:_NAME:Delete_Repo_Objects.”

2. I need to authenticate the incoming web service call using user name and password. If i enable session security for the objects then it has to be a admin level user.(According to the documentation) Which means the consumer can also perform admin level operations like deleting repository objects as these operations are also exposed to the end user.

What is the best way to secure the real time job as web service in this case?

I am on designer version 12.2.0.0

Thanks
Reddy

reddyb (BOB member since 2013-12-18)

Have you found any thing else regarding securing the WSDL security? I see that in newer versions we can create custom WSDL labels, but that doesn’t stop a user from removing the label and running any service.

brudosm (BOB member since 2014-12-12)