Spring Web Services Framework

org.springframework.ws.soap.security.xwss
Class XwsSecurityInterceptor

java.lang.Object
  extended by org.springframework.ws.soap.security.AbstractWsSecurityInterceptor
      extended by org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor
All Implemented Interfaces:
InitializingBean, ClientInterceptor, EndpointInterceptor, SoapEndpointInterceptor

public class XwsSecurityInterceptor
extends AbstractWsSecurityInterceptor
implements InitializingBean

WS-Security endpoint interceptor that is based on Sun's XML and Web Services Security package (XWSS). This WS-Security implementation is part of the Java Web Services Developer Pack (Java WSDP).

This interceptor needs a CallbackHandler to operate. This handler is used to retrieve certificates, private keys, validate user credentials, etc. Refer to the XWSS Javadoc to learn more about the specific Callbacks fired by XWSS. You can also set multiple handlers, each of which will be used in turn.

Additionally, you must define a XWSS policy file by setting policyConfiguration property. The format of the policy file is documented in the Java Web Services Tutorial.

Note that this interceptor depends on SAAJ, and thus requires SaajSoapMessages to operate. This means that you must use a SaajSoapMessageFactory to create the SOAP messages.

Since:
1.0.0
Author:
Arjen Poutsma
See Also:
setCallbackHandler(javax.security.auth.callback.CallbackHandler), setPolicyConfiguration(org.springframework.core.io.Resource), XWSSCallback, SaajSoapMessageFactory, XWSS

Field Summary
 
Fields inherited from class org.springframework.ws.soap.security.AbstractWsSecurityInterceptor
logger, WS_SECURITY_NAME
 
Constructor Summary
XwsSecurityInterceptor()
           
 
Method Summary
 void afterPropertiesSet()
           
protected  void cleanUp()
           
protected  void secureMessage(SoapMessage soapMessage, MessageContext messageContext)
          Secures the given SoapMessage message in accordance with the defined security policy.
 void setCallbackHandler(CallbackHandler callbackHandler)
          Sets the handler to resolve XWSS callbacks.
 void setCallbackHandlers(CallbackHandler[] callbackHandler)
          Sets the handlers to resolve XWSS callbacks.
 void setPolicyConfiguration(Resource policyConfiguration)
          Sets the policy configuration to use for XWSS.
protected  void validateMessage(SoapMessage soapMessage, MessageContext messageContext)
          Validates the given SoapMessage message in accordance with the defined security policy.
 
Methods inherited from class org.springframework.ws.soap.security.AbstractWsSecurityInterceptor
handleFault, handleFault, handleFaultException, handleRequest, handleRequest, handleResponse, handleResponse, handleSecurementException, handleValidationException, setExceptionResolver, setSecureRequest, setSecureResponse, setValidateRequest, setValidateResponse, understands
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

XwsSecurityInterceptor

public XwsSecurityInterceptor()
Method Detail

setCallbackHandler

public void setCallbackHandler(CallbackHandler callbackHandler)
Sets the handler to resolve XWSS callbacks. Setting either this propery, or callbackHandlers, is required.

See Also:
XWSSCallback, setCallbackHandlers(javax.security.auth.callback.CallbackHandler[])

setCallbackHandlers

public void setCallbackHandlers(CallbackHandler[] callbackHandler)
Sets the handlers to resolve XWSS callbacks. Setting either this propery, or callbackHandlers, is required.

See Also:
XWSSCallback, setCallbackHandler(javax.security.auth.callback.CallbackHandler)

setPolicyConfiguration

public void setPolicyConfiguration(Resource policyConfiguration)
Sets the policy configuration to use for XWSS. Required.


afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Specified by:
afterPropertiesSet in interface InitializingBean
Throws:
Exception

secureMessage

protected void secureMessage(SoapMessage soapMessage,
                             MessageContext messageContext)
                      throws XwsSecuritySecurementException
Secures the given SoapMessage message in accordance with the defined security policy.

Specified by:
secureMessage in class AbstractWsSecurityInterceptor
Parameters:
soapMessage - the message to be secured
Throws:
XwsSecuritySecurementException - in case of errors
IllegalArgumentException - when soapMessage is not a SaajSoapMessage

validateMessage

protected void validateMessage(SoapMessage soapMessage,
                               MessageContext messageContext)
                        throws WsSecurityValidationException
Validates the given SoapMessage message in accordance with the defined security policy.

Specified by:
validateMessage in class AbstractWsSecurityInterceptor
Parameters:
soapMessage - the message to be validated
Throws:
XwsSecurityValidationException - in case of errors
IllegalArgumentException - when soapMessage is not a SaajSoapMessage
WsSecurityValidationException - in case of validation errors

cleanUp

protected void cleanUp()
Specified by:
cleanUp in class AbstractWsSecurityInterceptor

Spring Web Services Framework

Copyright © 2005-2010 The Spring Web Services Framework. All Rights Reserved.