On this Page

    Script security


    Note, as of version 1.3.5 security is disabled by default.

     See [Default-]DocOriginWs.ini and cmdDefault.

    As of version 1.3.1, you can restrict which scripts can be run by each specific Tomcat user.

    Security is controlled by the $E/Default-WsSecurity.ini and $E/Default-WsSecurity.wjs files and their usual overrides. On each web service call the WsSecurity.wjs file reads the WsSecurity.ini file and makes the decision of whether to allow or deny access.

    By default, all scripts are allowed.

    You can add restrictions by putting the WsSecurity.ini file into the $U/Overrides folder and adding lines identifying script names and allowed user names. See the examples in $E/Default-WsSecurity.ini.

    If the script decides that access is denied, the http response headers provided by the web service will contain a non-zero do.exitCode and the do.property.message will be "access denied".

    More advanced requirements may require overriding $E/Default-WsSecurity.wjs with your own script and implementing security in any preferred way.