Hi,
I developed a plugin about vcenter web client and i deployed it to vCenter server. I can invoke the interface directly through the restclient tool。
and web.xml was configed SessionManagementFilter
ex:
<filter>
<filter-name>sessionManagementFilter</filter-name>
<filter-class>com.vmware.vise.security.SessionManagementFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sessionManagementFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I do not know what happened,why person who is not authorized can invoke the interface.
sdk version :vimclients-public-sdk-6.0.0.3633101
vSphere Web Client Version 6.0.0 Build 3617395
plugin develop by html , javascript and java.
So this is a serious problem 。