Integration Server admin port deny by default

Hello, I am using webMethods 10.5 version. Wanted to understand what would be an ideal way to achieve this requirement.
I have set primary port Access mode as deny by default because there are lot of services to be denied. Now in order to do admin related activities I have to add few wm services to the allow list. Say I need all of the services within wm.EDIINT* in allow list except for the below 2 services.

wm.EDIINT.util:readFromFile
wm.EDIINT.util:saveStreamToFile

Is there a way I can add wm.EDIINT.util to allow list and deny only the above 2 services?

Hi @naveen.palani ,
As far as I know, you can add folders or services to allow list while the port Access Mode is set to deny by default. Regular expression support is limited, I do not think you can exclude specific services /folders here.
However you can add multiple services at the same time by using the option on the right side of the page and select an ACL which would list all services and then you can choose.
As the admin guide mentions, Reverb


a. In the Select an ACL list, select the ACL used as the execute ACL for the elements for which you want to allow access.

Integration Server Administrator displays and selects all of the elements that use the selected ACL as the execute ACL.

b. To add all of the selected items to the allow list on the left side of the page, click Append Selected.

Integration Server appends the selected entries to the existing list.

c. If you do not want to add all of the items to the allow list, deselect the ones you do not want. To deselect multiple items, press the CTRL key while deselecting. To add the remaining items to the list of allowed services for the port, click Append Selected.

Integration Server appends the selected entries to the existing list.

Hope that helps,
NP

1 Like

I just want to point out – you only need to allow top-level services that are being invoked through the port, not any underlying services. I use AS2 communications, and the only WmEDIINT package service on my port’s allow list is wm.EDIINT:receive. I don’t know your use case, but having every wm.EDIINT.* service (but two) seems like overkill.

3 Likes

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.