Filtering vSphere API Requests
I got an interesting question on how to find out WSDL files are used by vSphere Web Services at the VI Java API forum. After some clarification, it turns out the questioner just wanted to know what methods are called, so that the proxy between client and vCenter server can decide whether it should be allowed to go through.
Although a rare use case, but it’s a valid and sophisticated one. In general, you can use vSphere built in feature for security, for example, assign permissions to a specific role. Still every request reaches the server. With proxy approach, you can filter out some requests before it reaches the vCenter.
Lost VMs or Containers? Too Many Consoles? Too Slow GUI? Time to learn how to "Google" and manage your VMware and clouds in a fast and secure HTML5 App.
But do you need the WSDL for that? The answer is no. The WSDL is for defining interfaces. It includes schemas of all the requests and responses, and their parameters/return types. Definitely it helps to understand the messages on the wire during the development time.
In the runtime, you don’t need WSDL anymore. Your code can inspect the SOAP request for the method names. Based on this information and your policy, you can decide whether to let it go through or not. It should be fairly straight-forward.
To make it a bit more sophisticated, you can also decide what user’s which methods can pass through or not. For that, you need to track the http session cookies used for tracking a particular user. Check this article for details.