org.springframework.ws.soap.security

Class AbstractWsSecurityInterceptor

java.lang.Object

org.springframework.ws.soap.security.AbstractWsSecurityInterceptor

All Implemented Interfaces:

ClientInterceptor, EndpointInterceptor, SoapEndpointInterceptor

Direct Known Subclasses:

Wss4jSecurityInterceptor, Wss4jSecurityInterceptor, XwsSecurityInterceptor

public abstract class AbstractWsSecurityInterceptor
extends Object
implements SoapEndpointInterceptor, ClientInterceptor

Interceptor base class for interceptors that handle WS-Security. Can be used on the server side, registered in a endpoint mapping; or on the client side, on the web service template.

Subclasses of this base class can be configured to secure incoming and secure outgoing messages. By default, both are on.

Since:

1.0.0

Author:

Arjen Poutsma

Field Summary

Fields

Modifier and Type	Field and Description
protected org.apache.commons.logging.Log	logger Logger available to subclasses.
protected static QName	WS_SECURITY_NAME

Constructor Summary

Constructors

Constructor and Description
AbstractWsSecurityInterceptor()

Method Summary

Modifier and Type	Method and Description
void	afterCompletion(MessageContext messageContext, Exception ex) Callback after completion of request and response (fault) processing.
void	afterCompletion(MessageContext messageContext, Object endpoint, Exception ex) Callback after completion of request and response (fault) processing.
protected abstract void	cleanUp()
boolean	handleFault(MessageContext messageContext) Returns true, i.e.
boolean	handleFault(MessageContext messageContext, Object endpoint) Returns true, i.e.
protected boolean	handleFaultException(WsSecurityFaultException ex, MessageContext messageContext) Handles a fault exception.Default implementation logs the given exception, and creates a SOAP Fault with the properties of the given exception, and returns false.
boolean	handleRequest(MessageContext messageContext) Secures a client-side outgoing request.
boolean	handleRequest(MessageContext messageContext, Object endpoint) Validates a server-side incoming request.
boolean	handleResponse(MessageContext messageContext) Validates a client-side incoming response.
boolean	handleResponse(MessageContext messageContext, Object endpoint) Secures a server-side outgoing response.
protected boolean	handleSecurementException(WsSecuritySecurementException ex, MessageContext messageContext) Handles an securement exception.
protected boolean	handleValidationException(WsSecurityValidationException ex, MessageContext messageContext) Handles an invalid SOAP message.
protected abstract void	secureMessage(SoapMessage soapMessage, MessageContext messageContext) Abstract template method.
void	setExceptionResolver(EndpointExceptionResolver exceptionResolver) Provide an EndpointExceptionResolver for resolving validation exceptions.
void	setSecureRequest(boolean secureRequest) Indicates whether client-side outgoing requests are to be secured.
void	setSecureResponse(boolean secureResponse) Indicates whether server-side outgoing responses are to be secured.
void	setSkipValidationIfNoHeaderPresent(boolean skipValidationIfNoHeaderPresent) Allows skipping validation if no security header is present.
void	setValidateRequest(boolean validateRequest) Indicates whether server-side incoming request are to be validated.
void	setValidateResponse(boolean validateResponse) Indicates whether client-side incoming responses are to be validated.
boolean	understands(SoapHeaderElement headerElement) Given a SoapHeaderElement, return whether or not this SoapEndpointInterceptor understands it.
protected abstract void	validateMessage(SoapMessage soapMessage, MessageContext messageContext) Abstract template method.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected final org.apache.commons.logging.Log logger

Logger available to subclasses.

WS_SECURITY_NAME

protected static final QName WS_SECURITY_NAME

Constructor Detail

AbstractWsSecurityInterceptor

public AbstractWsSecurityInterceptor()

Method Detail

setValidateRequest

public void setValidateRequest(boolean validateRequest)

Indicates whether server-side incoming request are to be validated. Defaults to true.

setSecureResponse

public void setSecureResponse(boolean secureResponse)

Indicates whether server-side outgoing responses are to be secured. Defaults to true.

setSecureRequest

public void setSecureRequest(boolean secureRequest)

Indicates whether client-side outgoing requests are to be secured. Defaults to true.

setValidateResponse

public void setValidateResponse(boolean validateResponse)

Indicates whether client-side incoming responses are to be validated. Defaults to true.

setExceptionResolver

public void setExceptionResolver(EndpointExceptionResolver exceptionResolver)

Provide an EndpointExceptionResolver for resolving validation exceptions.

setSkipValidationIfNoHeaderPresent

public void setSkipValidationIfNoHeaderPresent(boolean skipValidationIfNoHeaderPresent)

Allows skipping validation if no security header is present.

handleRequest

public final boolean handleRequest(MessageContext messageContext,
                                   Object endpoint)
                            throws Exception

Validates a server-side incoming request. Delegates to validateMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext) if the validateRequest property is true.

Specified by:

handleRequest in interface EndpointInterceptor

Parameters:

messageContext - the message context, containing the request to be validated

endpoint - chosen endpoint to invoke

Returns:

true if the request was valid; false otherwise.

Throws:

Exception - in case of errors

See Also:

validateMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)

handleResponse

public final boolean handleResponse(MessageContext messageContext,
                                    Object endpoint)
                             throws Exception

Secures a server-side outgoing response. Delegates to secureMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext) if the secureResponse property is true.

Specified by:

handleResponse in interface EndpointInterceptor

Parameters:

messageContext - the message context, containing the response to be secured

endpoint - chosen endpoint to invoke

Returns:

true if the response was secured; false otherwise.

Throws:

Exception - in case of errors

See Also:

secureMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)

handleFault

public boolean handleFault(MessageContext messageContext,
                           Object endpoint)
                    throws Exception

Returns true, i.e. fault responses are not secured.

Specified by:

handleFault in interface EndpointInterceptor

Parameters:

messageContext - contains both request and response messages, the response should contains a Fault

endpoint - chosen endpoint to invoke

Returns:

true to continue processing of the response interceptor chain; false to indicate blocking of the response handler chain.

Throws:

Exception

afterCompletion

public void afterCompletion(MessageContext messageContext,
                            Object endpoint,
                            Exception ex)

Description copied from interface: EndpointInterceptor

Callback after completion of request and response (fault) processing. Will be called on any outcome of endpoint invocation, thus allows for proper resource cleanup.

Note: Will only be called if this interceptor's EndpointInterceptor.handleRequest(org.springframework.ws.context.MessageContext, java.lang.Object) method has successfully completed.

As with the EndpointInterceptor.handleResponse(org.springframework.ws.context.MessageContext, java.lang.Object) method, the method will be invoked on each interceptor in the chain in reverse order, so the first interceptor will be the last to be invoked.

Specified by:

afterCompletion in interface EndpointInterceptor

Parameters:

messageContext - contains both request and response messages, the response should contains a Fault

endpoint - chosen endpoint to invoke

ex - exception thrown on handler execution, if any

understands

public boolean understands(SoapHeaderElement headerElement)

Description copied from interface: SoapEndpointInterceptor

Given a SoapHeaderElement, return whether or not this SoapEndpointInterceptor understands it.

Specified by:

understands in interface SoapEndpointInterceptor

Parameters:

headerElement - the header

Returns:

true if understood, false otherwise

handleRequest

public final boolean handleRequest(MessageContext messageContext)
                            throws WebServiceClientException

Secures a client-side outgoing request. Delegates to secureMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext) if the secureRequest property is true.

Specified by:

handleRequest in interface ClientInterceptor

Parameters:

messageContext - the message context, containing the request to be secured

Returns:

true if the response was secured; false otherwise.

Throws:

Exception - in case of errors

WebServiceClientException - in case of errors

See Also:

secureMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)

handleResponse

public final boolean handleResponse(MessageContext messageContext)
                             throws WebServiceClientException

Validates a client-side incoming response. Delegates to validateMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext) if the validateResponse property is true.

Specified by:

handleResponse in interface ClientInterceptor

Parameters:

messageContext - the message context, containing the response to be validated

Returns:

true if the request was valid; false otherwise.

Throws:

Exception - in case of errors

WebServiceClientException - in case of errors

See Also:

validateMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)

handleFault

public boolean handleFault(MessageContext messageContext)
                    throws WebServiceClientException

Returns true, i.e. fault responses are not validated.

Specified by:

handleFault in interface ClientInterceptor

Parameters:

messageContext - contains the outgoing request message

Returns:

true to continue processing of the request interceptors; false to indicate blocking of the request endpoint chain

Throws:

WebServiceClientException - in case of errors

See Also:

MessageContext.getResponse(), FaultAwareWebServiceMessage.hasFault()

afterCompletion

public void afterCompletion(MessageContext messageContext,
                            Exception ex)
                     throws WebServiceClientException

Description copied from interface: ClientInterceptor

Callback after completion of request and response (fault) processing. Will be called on any outcome, thus allows for proper resource cleanup.

Note: Will only be called if this interceptor's ClientInterceptor.handleRequest(org.springframework.ws.context.MessageContext) method has successfully completed.

Specified by:

afterCompletion in interface ClientInterceptor

Parameters:

messageContext - contains both request and response messages, the response should contains a Fault

ex - exception thrown on handler execution, if any

Throws:

WebServiceClientException - in case of errors

handleSecurementException

protected boolean handleSecurementException(WsSecuritySecurementException ex,
                                            MessageContext messageContext)

Handles an securement exception. Default implementation logs the given exception, and returns false.

Parameters:

ex - the validation exception

messageContext - the message context

Returns:

true to continue processing the message, false (the default) otherwise

handleValidationException

protected boolean handleValidationException(WsSecurityValidationException ex,
                                            MessageContext messageContext)

Handles an invalid SOAP message. Default implementation logs the given exception, delegates to the set exceptionResolver if any, or creates a SOAP 1.1 Client or SOAP 1.2 Sender Fault with the exception message as fault string, and returns false.

Parameters:

ex - the validation exception

messageContext - the message context

Returns:

true to continue processing the message, false (the default) otherwise

handleFaultException

protected boolean handleFaultException(WsSecurityFaultException ex,
                                       MessageContext messageContext)

Handles a fault exception.Default implementation logs the given exception, and creates a SOAP Fault with the properties of the given exception, and returns false.

Parameters:

ex - the validation exception

messageContext - the message context

Returns:

true to continue processing the message, false (the default) otherwise

validateMessage

protected abstract void validateMessage(SoapMessage soapMessage,
                                        MessageContext messageContext)
                                 throws WsSecurityValidationException

Abstract template method. Subclasses are required to validate the request contained in the given SoapMessage, and replace the original request with the validated version.

Parameters:

soapMessage - the soap message to validate

Throws:

WsSecurityValidationException - in case of validation errors

secureMessage

protected abstract void secureMessage(SoapMessage soapMessage,
                                      MessageContext messageContext)
                               throws WsSecuritySecurementException

Abstract template method. Subclasses are required to secure the response contained in the given SoapMessage, and replace the original response with the secured version.

Parameters:

soapMessage - the soap message to secure

Throws:

WsSecuritySecurementException - in case of securement errors

cleanUp

protected abstract void cleanUp()