FAQ: Retrieving a WSDL from a Sentry WSDL Policy

A WSDL Policy in Sentry defines the URI endpoint that the client applications will use to communicate with the services you are protecting with Sentry.

As part of the security Sentry provides, the client will never have access to the application server hosting your web services - the client will access Sentry and Sentry will communicate with the application server. Therefore, the Sentry administrator will need to provide a WSDL that contains the Sentry endpoint to the clients. The WSDL file contains the IP, port number, and full path information that the client uses when sending a request.

This post will describe the multiple ways in which the Sentry administrator can provide the correct WSDL to the clients.

1. URI WSDL Retrieval: There is an option on the Virtual Directory page of the WSDL Policy in Sentry named "Enable WSDL Access". If this option is enabled, Sentry will serve the WSDL to any client that connects with an HTTP GET using the full request URI with the addition of the ?WSDL syntax.

For instance, to obtain the WSDL for a service with the virtual URI:
http://10.1.2.3:80/qaservice/qaservice.asmx

The following URI can be used:
http://10.1.2.3:80/qaservice/qaservice.asmx?WSDL

Note that a web browser can be used to retrieve the WSDL via URI or a web services testing client tool such as SOAPSonar can retrieve and parse a WSDL via URI or file.

2. Manual WSDL Export: When viewing a WSDL Policy, there is an "Export WSDL" button on the top right of the page. This feature allows the administrator to download a WSDL file manually, while choosing to include all operations or operations based on ACLs (access control lists). This allows the admin to provide different WSDL files (with different operations defined) to different clients.

3. Publish the WSDL: When viewing a WSDL Policy, there is a "Publish WSDL" button on the top right of the page. This feature allows the admin to publish the WSDL to a UDDI directory while adding specific information about the business and service. This feature also includes an option to publish all operations or operations based on ACLs.


No matter how the client retrieves the WSDL generated by Sentry, the endpoint will point to the Virtual URI as shown when viewing a WSDL Policy. The Virtual URI consists of the IP and port of the HTTP listener policy and the virtual path specified on the Virtual Directory page of the WSDL Policy.

0 Comments

Article is closed for comments.