org.springframework.ws.soap.security.xwss

Class XwsSecurityInterceptor

java.lang.Object

org.springframework.ws.soap.security.AbstractWsSecurityInterceptor

org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, ClientInterceptor, EndpointInterceptor, SoapEndpointInterceptor

public class XwsSecurityInterceptor
extends AbstractWsSecurityInterceptor
implements org.springframework.beans.factory.InitializingBean

WS-Security endpoint interceptor that is based on Sun's XML and Web Services Security package (XWSS). This WS-Security implementation is part of the Java Web Services Developer Pack (Java WSDP).

This interceptor needs a CallbackHandler to operate. This handler is used to retrieve certificates, private keys, validate user credentials, etc. Refer to the XWSS Javadoc to learn more about the specific Callbacks fired by XWSS. You can also set multiple handlers, each of which will be used in turn.

Additionally, you must define a XWSS policy file by setting policyConfiguration property. The format of the policy file is documented in the Java Web Services Tutorial.

Note that this interceptor depends on SAAJ, and thus requires SaajSoapMessages to operate. This means that you must use a SaajSoapMessageFactory to create the SOAP messages.

Since:

1.0.0

Author:

Arjen Poutsma

See Also:

setCallbackHandler(javax.security.auth.callback.CallbackHandler), setPolicyConfiguration(org.springframework.core.io.Resource), XWSSCallback, SaajSoapMessageFactory, XWSS

Field Summary

Fields inherited from class org.springframework.ws.soap.security.AbstractWsSecurityInterceptor

logger, WS_SECURITY_NAME

Constructor Summary

Constructors

Constructor and Description
XwsSecurityInterceptor()

Method Summary

Modifier and Type	Method and Description
void	afterPropertiesSet()
protected void	cleanUp()
protected void	secureMessage(SoapMessage soapMessage, MessageContext messageContext) Secures the given SoapMessage message in accordance with the defined security policy.
void	setCallbackHandler(CallbackHandler callbackHandler) Sets the handler to resolve XWSS callbacks.
void	setCallbackHandlers(CallbackHandler[] callbackHandler) Sets the handlers to resolve XWSS callbacks.
void	setPolicyConfiguration(org.springframework.core.io.Resource policyConfiguration) Sets the policy configuration to use for XWSS.
protected void	validateMessage(SoapMessage soapMessage, MessageContext messageContext) Validates the given SoapMessage message in accordance with the defined security policy.

Methods inherited from class org.springframework.ws.soap.security.AbstractWsSecurityInterceptor

afterCompletion, afterCompletion, handleFault, handleFault, handleFaultException, handleRequest, handleRequest, handleResponse, handleResponse, handleSecurementException, handleValidationException, setExceptionResolver, setSecureRequest, setSecureResponse, setSkipValidationIfNoHeaderPresent, setValidateRequest, setValidateResponse, understands

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

XwsSecurityInterceptor

public XwsSecurityInterceptor()

Method Detail

setCallbackHandler

public void setCallbackHandler(CallbackHandler callbackHandler)

Sets the handler to resolve XWSS callbacks. Setting either this propery, or callbackHandlers, is required.

See Also:

XWSSCallback, setCallbackHandlers(javax.security.auth.callback.CallbackHandler[])

setCallbackHandlers

public void setCallbackHandlers(CallbackHandler[] callbackHandler)

Sets the handlers to resolve XWSS callbacks. Setting either this propery, or callbackHandlers, is required.

See Also:

XWSSCallback, setCallbackHandler(javax.security.auth.callback.CallbackHandler)

setPolicyConfiguration

public void setPolicyConfiguration(org.springframework.core.io.Resource policyConfiguration)

Sets the policy configuration to use for XWSS. Required.

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Throws:

Exception

secureMessage

protected void secureMessage(SoapMessage soapMessage,
                             MessageContext messageContext)
                      throws XwsSecuritySecurementException

Secures the given SoapMessage message in accordance with the defined security policy.

Specified by:

secureMessage in class AbstractWsSecurityInterceptor

Parameters:

soapMessage - the message to be secured

Throws:

XwsSecuritySecurementException - in case of errors

IllegalArgumentException - when soapMessage is not a SaajSoapMessage

validateMessage

protected void validateMessage(SoapMessage soapMessage,
                               MessageContext messageContext)
                        throws WsSecurityValidationException

Validates the given SoapMessage message in accordance with the defined security policy.

Specified by:

validateMessage in class AbstractWsSecurityInterceptor

Parameters:

soapMessage - the message to be validated

Throws:

XwsSecurityValidationException - in case of errors

IllegalArgumentException - when soapMessage is not a SaajSoapMessage

WsSecurityValidationException - in case of validation errors

cleanUp

protected void cleanUp()

Specified by:

cleanUp in class AbstractWsSecurityInterceptor