Axis2 - Information Leakage Prevention

118 views Asked by At

What is the easiest way to either configure Axis2 or extend the message listener to PREVENT any and all information regarding system from returning to the calling client?

An example of what I'm trying to prevent is as follows: Someone sends an improper soap request with some weird stuff in the header and the server responds:

HTTP/1.1 500 Internal Server Error
Date: Wed, 19 Nov 2014 13:12:34 GMT
Server: Apache
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Oracle Corporation/1.7)
Connection: close
Content-Length: 465
Content-Type: text/xml;charset=utf-8
... 
<faultstring>javax.xml.stream.XMLStreamException: DOCTYPE is not allowed</faultstring>

What is the best way to prevent all of that information from being delivered back to the client? The glassfish messages can be turned off in GlassFish as answered below. I should have been more specific I want to set it up so that any and all exceptions never reach the client. I want to somehow force axis2 to use a generic message instead of returning an Exception. Is it possible to do this with Axis2?

1

There are 1 answers

1
SPoint On BEST ANSWER

You can add a

-Dproduct.name="".

in your JVM Option for suppressing the X-Powered-By