public abstract class AbstractWsSecurityInterceptor extends Object implements SoapEndpointInterceptor, ClientInterceptor
endpoint mapping; or on the client side, on the web service template.
 Subclasses of this base class can be configured to secure incoming and secure outgoing messages. By default, both are on.
| Modifier and Type | Field and Description | 
|---|---|
| protected org.apache.commons.logging.Log | loggerLogger available to subclasses. | 
| protected static QName | WS_SECURITY_NAME | 
| Constructor and Description | 
|---|
| AbstractWsSecurityInterceptor() | 
| Modifier and Type | Method and Description | 
|---|---|
| void | afterCompletion(MessageContext messageContext,
               Exception ex)Callback after completion of request and response (fault) processing. | 
| void | afterCompletion(MessageContext messageContext,
               Object endpoint,
               Exception ex)Callback after completion of request and response (fault) processing. | 
| protected abstract void | cleanUp() | 
| boolean | handleFault(MessageContext messageContext)Returns  true, i.e. | 
| boolean | handleFault(MessageContext messageContext,
           Object endpoint)Returns  true, i.e. | 
| protected boolean | handleFaultException(WsSecurityFaultException ex,
                    MessageContext messageContext)Handles a fault exception.Default implementation logs the given exception, and creates a SOAP Fault with the
 properties of the given exception, and returns  false. | 
| boolean | handleRequest(MessageContext messageContext)Secures a client-side outgoing request. | 
| boolean | handleRequest(MessageContext messageContext,
             Object endpoint)Validates a server-side incoming request. | 
| boolean | handleResponse(MessageContext messageContext)Validates a client-side incoming response. | 
| boolean | handleResponse(MessageContext messageContext,
              Object endpoint)Secures a server-side outgoing response. | 
| protected boolean | handleSecurementException(WsSecuritySecurementException ex,
                         MessageContext messageContext)Handles an securement exception. | 
| protected boolean | handleValidationException(WsSecurityValidationException ex,
                         MessageContext messageContext)Handles an invalid SOAP message. | 
| protected abstract void | secureMessage(SoapMessage soapMessage,
             MessageContext messageContext)Abstract template method. | 
| void | setExceptionResolver(EndpointExceptionResolver exceptionResolver)Provide an  EndpointExceptionResolverfor resolving validation exceptions. | 
| void | setSecureRequest(boolean secureRequest)Indicates whether client-side outgoing requests are to be secured. | 
| void | setSecureResponse(boolean secureResponse)Indicates whether server-side outgoing responses are to be secured. | 
| void | setSkipValidationIfNoHeaderPresent(boolean skipValidationIfNoHeaderPresent)Allows skipping validation if no security header is present. | 
| void | setValidateRequest(boolean validateRequest)Indicates whether server-side incoming request are to be validated. | 
| void | setValidateResponse(boolean validateResponse)Indicates whether client-side incoming responses are to be validated. | 
| boolean | understands(SoapHeaderElement headerElement)Given a  SoapHeaderElement, return whether or not thisSoapEndpointInterceptorunderstands it. | 
| protected abstract void | validateMessage(SoapMessage soapMessage,
               MessageContext messageContext)Abstract template method. | 
protected final org.apache.commons.logging.Log logger
protected static final QName WS_SECURITY_NAME
public void setValidateRequest(boolean validateRequest)
true.public void setSecureResponse(boolean secureResponse)
true.public void setSecureRequest(boolean secureRequest)
true.public void setValidateResponse(boolean validateResponse)
true.public void setExceptionResolver(EndpointExceptionResolver exceptionResolver)
EndpointExceptionResolver for resolving validation exceptions.public void setSkipValidationIfNoHeaderPresent(boolean skipValidationIfNoHeaderPresent)
public final boolean handleRequest(MessageContext messageContext, Object endpoint) throws Exception
validateMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)
 if the validateRequest property is true.handleRequest in interface EndpointInterceptormessageContext - the message context, containing the request to be validatedendpoint - chosen endpoint to invoketrue if the request was valid; false otherwise.Exception - in case of errorsvalidateMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)public final boolean handleResponse(MessageContext messageContext, Object endpoint) throws Exception
secureMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)
 if the secureResponse property is true.handleResponse in interface EndpointInterceptormessageContext - the message context, containing the response to be securedendpoint - chosen endpoint to invoketrue if the response was secured; false otherwise.Exception - in case of errorssecureMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)public boolean handleFault(MessageContext messageContext, Object endpoint) throws Exception
true, i.e. fault responses are not secured.handleFault in interface EndpointInterceptormessageContext - contains both request and response messages, the response should contains a Faultendpoint - chosen endpoint to invoketrue to continue processing of the response interceptor chain; false to indicate
                   blocking of the response handler chain.Exceptionpublic void afterCompletion(MessageContext messageContext, Object endpoint, Exception ex)
EndpointInterceptorNote: Will only be called if this interceptor's EndpointInterceptor.handleRequest(org.springframework.ws.context.MessageContext, java.lang.Object)  method has successfully completed.
 
As with the EndpointInterceptor.handleResponse(org.springframework.ws.context.MessageContext, java.lang.Object) method, the method will be invoked on each interceptor in the chain in
 reverse order, so the first interceptor will be the last to be invoked.
afterCompletion in interface EndpointInterceptormessageContext - contains both request and response messages, the response should contains a Faultendpoint - chosen endpoint to invokeex - exception thrown on handler execution, if anypublic boolean understands(SoapHeaderElement headerElement)
SoapEndpointInterceptorSoapHeaderElement, return whether or not this SoapEndpointInterceptor understands it.understands in interface SoapEndpointInterceptorheaderElement - the headertrue if understood, false otherwisepublic final boolean handleRequest(MessageContext messageContext) throws WebServiceClientException
secureMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)
 if the secureRequest property is true.handleRequest in interface ClientInterceptormessageContext - the message context, containing the request to be securedtrue if the response was secured; false otherwise.Exception - in case of errorsWebServiceClientException - in case of errorssecureMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)public final boolean handleResponse(MessageContext messageContext) throws WebServiceClientException
validateMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)
 if the validateResponse property is true.handleResponse in interface ClientInterceptormessageContext - the message context, containing the response to be validatedtrue if the request was valid; false otherwise.Exception - in case of errorsWebServiceClientException - in case of errorsvalidateMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)public boolean handleFault(MessageContext messageContext) throws WebServiceClientException
true, i.e. fault responses are not validated.handleFault in interface ClientInterceptormessageContext - contains the outgoing request messagetrue to continue processing of the request interceptors; false to indicate
                   blocking of the request endpoint chainWebServiceClientException - in case of errorsMessageContext.getResponse(), 
FaultAwareWebServiceMessage.hasFault()public void afterCompletion(MessageContext messageContext, Exception ex) throws WebServiceClientException
ClientInterceptorNote: Will only be called if this interceptor's ClientInterceptor.handleRequest(org.springframework.ws.context.MessageContext)  method has successfully completed.
afterCompletion in interface ClientInterceptormessageContext - contains both request and response messages, the response should contains a Faultex - exception thrown on handler execution, if anyWebServiceClientException - in case of errorsprotected boolean handleSecurementException(WsSecuritySecurementException ex, MessageContext messageContext)
false.ex - the validation exceptionmessageContext - the message contexttrue to continue processing the message, false (the default) otherwiseprotected boolean handleValidationException(WsSecurityValidationException ex, MessageContext messageContext)
exceptionResolver if any, or creates a SOAP 1.1 Client or SOAP
 1.2 Sender Fault with the exception message as fault string, and returns false.ex - the validation exceptionmessageContext - the message contexttrue to continue processing the message, false (the default) otherwiseprotected boolean handleFaultException(WsSecurityFaultException ex, MessageContext messageContext)
false.ex - the validation exceptionmessageContext - the message contexttrue to continue processing the message, false (the default) otherwiseprotected abstract void validateMessage(SoapMessage soapMessage, MessageContext messageContext) throws WsSecurityValidationException
SoapMessage, and replace the original request with the validated version.soapMessage - the soap message to validateWsSecurityValidationException - in case of validation errorsprotected abstract void secureMessage(SoapMessage soapMessage, MessageContext messageContext) throws WsSecuritySecurementException
SoapMessage, and replace the original response with the secured version.soapMessage - the soap message to secureWsSecuritySecurementException - in case of securement errorsprotected abstract void cleanUp()