Enabling web services in Sakai and securing them

An often underused feature of Sakai are the web services. They allow you to perform remote administration of Sakai and are scriptable from just about every language that supports SOAP. You can do anything with the web services, any API that Sakai uses can also be used via the web services. They ship by default, you just need to enable them and start integrating!

Enable the web services

Add this to sakai.properties:
webservices.allowlogin=true

Secure the web services

In Sakai 2.4.x and 2.5.x, the IP filtering needs to be done in in Tomcat via the RemoteAddrValve, or Apache via mod_access.
http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html
http://httpd.apache.org/docs/1.3/mod/mod_access.html

For Tomcat, heres the procedure to filter access by IP addresses for the web services:

  1. cd SAKAI-SRC/webservices/axis/src/webapp/
  2. Create a META-INF directory, and a context.xml in that directory.
  3. In context.xml, put this, customised for your environment:
<?xml version="1.0" encoding="UTF-8"?><Context><Valve className="org.apache.catalina.valves.RemoteAddrValve"allow="127\.0\.0\.1,123\.45\.678\.90"deny=""/><Valve className="org.apache.catalina.valves.AccessLogValve"prefix="webservices." suffix=".log"pattern="common"/></Context>

This will also enable logging via the AccessLogValve.

Now mvn clean install sakai:deploy the web services project.

In 2.6.x, filtering is built in and achieved via the following in sakai.properties:

webservices.allow=localhost,127\.0\.0\.1,192\.168\.[0-9.]+,domain\.somewhere\.ac\.uk,123\.45\.678\.90

Note that for both examples you need to escape the dots via a backslash for the list of addresses.

In 2.6.x+ you can also log authorised and denied attempts via:

webservices.log-allowed=true
webservices.log-denied=true

Once setup, start Tomcat and visit https://your.sakai.server/sakai-axis/SakaiScript.jws?wsdl and you’ll see the list of services supported. I recommend using Mac SOAP Client which gives you a neat GUI to load, browse and run the web services:

For more info about the web services in Sakai and how to use them, including sample code, see the Web Services space on Confluence.

Advertisements

2 thoughts on “Enabling web services in Sakai and securing them

  1. ADDENDUM: You should also run your webservices over SSL so that the data you send is not sent in plain text. There are many resources available on the web for setting up SSL with Tomcat or Apache.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s