Hi Martin! Thanks for your reply. Please see responses below:
________________________________
From: Martin Gainty [mailto:mgainty_at_hotmail.com]
> if virtual-server is the way you want to apporach
> we will need to have at least one Listener we have one IP:port for each Listener
> (or At least one Listener with a default virtual-server)
>
> with virtual-server we would need to add
> 1)
> allowRemoteAddress for the SOAPServer
Accoring to
https://glassfish.java.net/docs/4.0/reference-manual.pdf, allowRemoteAddress controls allowed IP addresses for connecting clients. I don't understand how that is related to this situation. Could you please explain?
> 2)a Redirect property
> http://docs.oracle.com/cd/E19776-01/820-4507/abhfg/index.html
That link times out for me, but I don't understand what redirects have to do with my situation. Are you saying that I'll have have both apps accessible on both ports and then manually issue redirects if someone tries to access the UI webapp on the "wrong" port?
> 3)possible custom authRealm defined in web.xml
> authRealm..i dont know these params for your particular SOAPServer config
I have a custom authRealm config - once again not sure what this has to do with restricting the web-app to only be accessible on one port.
> Here is the doc for
> "redirect to a Different Host"
> (snip)
What do redirects have to do with this? We have a web app accessible on the internal private network for staff, and it is currently available on port 8080 (with an apache reverse proxy in front). We are adding a new web-app which contains some SOAP services which will be accessed by another system which lives in a DMZ. We would like to open up a specific port for that client system to make the soap calls on, but only allow it to access the web services but not the main application.
Internal browser-based web clients will continue to connect to the main web app on the default http listener port. The SOAP client will be configured to connect to the specific port that we give it. Where does the redirect come in?
> Does this answer your question?
No :). I still don't know how to make sure that our main web-app is not accessible on the second port. At this stage I'm wondering if we should just proxy the SOAP requests through apache as well and implement the logic there. I'm just surprised that this doesn't seem to be possible in Glassfish - I would have thought that making a particular web-app available on a particular port would be a bit of a no-brainer - is this scenario really that uncommon?
Thanks
Tom