Filtering vSphere API Requests

I got an interesting question on how to find out WSDL files are used by vSphere Web Services at the VI Java API forum. After some clarification, it turns out the questioner just wanted to know what methods are called, so that the proxy between client and vCenter server can decide whether it should be allowed to go through.

Although a rare use case, but it’s a valid and sophisticated one. In general, you can use vSphere built in feature for security, for example, assign permissions to a specific role. Still every request reaches the server. With proxy approach, you can filter out some requests before it reaches the vCenter.

Lost VMs or Containers? Too Many Consoles? Too Slow GUI? Time to learn how to "Google" and manage your VMware and clouds in a fast and secure HTML5 App.

But do you need the WSDL for that? The answer is no. The WSDL is for defining interfaces. It includes schemas of all the requests and responses, and their parameters/return types. Definitely it helps to understand the messages on the wire during the development time.

In the runtime, you don’t need WSDL anymore. Your code can inspect the SOAP request for the method names. Based on this information and your policy, you can decide whether to let it go through or not. It should be fairly straight-forward.

To make it a bit more sophisticated, you can also decide what user’s which methods can pass through or not. For that, you need to track the http session cookies used for tracking a particular user. Check this article for details.

This entry was posted in vSphere API and tagged , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


    My company has created products like vSearch ("Super vCenter"), vijavaNG APIs, EAM APIs, ICE tool. We also help clients with virtualization and cloud computing on customized development, training. Should you, or someone you know, need these products and services, please feel free to contact me: steve __AT__

    Me: Steve Jin, VMware vExpert who authored the VMware VI and vSphere SDK by Prentice Hall, and created the de factor open source vSphere Java API while working at VMware engineering. Companies like Cisco, EMC, NetApp, HP, Dell, VMware, are among the users of the API and other tools I developed for their products, internal IT orchestration, and test automation.