Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.ws.soap.security
Class AbstractWsSecurityInterceptor

java.lang.Object
  extended by org.springframework.ws.soap.security.AbstractWsSecurityInterceptor
All Implemented Interfaces:
org.springframework.ws.client.support.interceptor.ClientInterceptor, org.springframework.ws.server.EndpointInterceptor, org.springframework.ws.soap.server.SoapEndpointInterceptor
Direct Known Subclasses:
Wss4jSecurityInterceptor, XwsSecurityInterceptor
public abstract class AbstractWsSecurityInterceptor
extends Object
implements org.springframework.ws.soap.server.SoapEndpointInterceptor, org.springframework.ws.client.support.interceptor.ClientInterceptor

Interceptor base class for interceptors that handle WS-Security. Can be used on the server side, registered in a endpoint mapping; or on the client side, on the web service template.

Subclasses of this base class can be configured to secure incoming and secure outgoing messages. By default, both are on.

Since:
1.0.0
Author:
Arjen Poutsma

Field Summary
protected  org.apache.commons.logging.Log logger
          Logger available to subclasses.
protected static javax.xml.namespace.QName WS_SECURITY_NAME
           
 
Constructor Summary
AbstractWsSecurityInterceptor()
           
 
Method Summary
protected abstract  void cleanUp()
           
 boolean handleFault(org.springframework.ws.context.MessageContext messageContext)
          Returns true, i.e.
 boolean handleFault(org.springframework.ws.context.MessageContext messageContext, Object endpoint)
          Returns true, i.e.
protected  boolean handleFaultException(WsSecurityFaultException ex, org.springframework.ws.context.MessageContext messageContext)
          Handles a fault exception.Default implementation logs the given exception, and creates a SOAP Fault with the properties of the given exception, and returns false.
 boolean handleRequest(org.springframework.ws.context.MessageContext messageContext)
          Secures a client-side outgoing request.
 boolean handleRequest(org.springframework.ws.context.MessageContext messageContext, Object endpoint)
          Validates a server-side incoming request.
 boolean handleResponse(org.springframework.ws.context.MessageContext messageContext)
          Validates a client-side incoming response.
 boolean handleResponse(org.springframework.ws.context.MessageContext messageContext, Object endpoint)
          Secures a server-side outgoing response.
protected  boolean handleSecurementException(WsSecuritySecurementException ex, org.springframework.ws.context.MessageContext messageContext)
          Handles an securement exception.
protected  boolean handleValidationException(WsSecurityValidationException ex, org.springframework.ws.context.MessageContext messageContext)
          Handles an invalid SOAP message.
protected abstract  void secureMessage(org.springframework.ws.soap.SoapMessage soapMessage, org.springframework.ws.context.MessageContext messageContext)
          Abstract template method.
 void setExceptionResolver(org.springframework.ws.server.EndpointExceptionResolver exceptionResolver)
          Provide an EndpointExceptionResolver for resolving validation exceptions.
 void setSecureRequest(boolean secureRequest)
          Indicates whether client-side outgoing requests are to be secured.
 void setSecureResponse(boolean secureResponse)
          Indicates whether server-side outgoing responses are to be secured.
 void setValidateRequest(boolean validateRequest)
          Indicates whether server-side incoming request are to be validated.
 void setValidateResponse(boolean validateResponse)
          Indicates whether client-side incoming responses are to be validated.
 boolean understands(org.springframework.ws.soap.SoapHeaderElement headerElement)
           
protected abstract  void validateMessage(org.springframework.ws.soap.SoapMessage soapMessage, org.springframework.ws.context.MessageContext messageContext)
          Abstract template method.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logger

protected final org.apache.commons.logging.Log logger
Logger available to subclasses.

WS_SECURITY_NAME

protected static final javax.xml.namespace.QName WS_SECURITY_NAME
Constructor Detail

AbstractWsSecurityInterceptor

public AbstractWsSecurityInterceptor()
Method Detail

setValidateRequest

public void setValidateRequest(boolean validateRequest)
Indicates whether server-side incoming request are to be validated. Defaults to true.

setSecureResponse

public void setSecureResponse(boolean secureResponse)
Indicates whether server-side outgoing responses are to be secured. Defaults to true.

setSecureRequest

public void setSecureRequest(boolean secureRequest)
Indicates whether client-side outgoing requests are to be secured. Defaults to true.

setValidateResponse

public void setValidateResponse(boolean validateResponse)
Indicates whether client-side incoming responses are to be validated. Defaults to true.

setExceptionResolver

public void setExceptionResolver(org.springframework.ws.server.EndpointExceptionResolver exceptionResolver)
Provide an EndpointExceptionResolver for resolving validation exceptions.

handleRequest

public final boolean handleRequest(org.springframework.ws.context.MessageContext messageContext,
                                   Object endpoint)
                            throws Exception
Validates a server-side incoming request. Delegates to validateMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext) if the validateRequest property is true.

Specified by:
handleRequest in interface org.springframework.ws.server.EndpointInterceptor
Parameters:
messageContext - the message context, containing the request to be validated
endpoint - chosen endpoint to invoke
Returns:
true if the request was valid; false otherwise.
Throws:
Exception - in case of errors
See Also:
validateMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)

handleResponse

public final boolean handleResponse(org.springframework.ws.context.MessageContext messageContext,
                                    Object endpoint)
                             throws Exception
Secures a server-side outgoing response. Delegates to secureMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext) if the secureResponse property is true.

Specified by:
handleResponse in interface org.springframework.ws.server.EndpointInterceptor
Parameters:
messageContext - the message context, containing the response to be secured
endpoint - chosen endpoint to invoke
Returns:
true if the response was secured; false otherwise.
Throws:
Exception - in case of errors
See Also:
secureMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)

handleFault

public boolean handleFault(org.springframework.ws.context.MessageContext messageContext,
                           Object endpoint)
                    throws Exception
Returns true, i.e. fault responses are not secured.

Specified by:
handleFault in interface org.springframework.ws.server.EndpointInterceptor
Throws:
Exception

understands

public boolean understands(org.springframework.ws.soap.SoapHeaderElement headerElement)
Specified by:
understands in interface org.springframework.ws.soap.server.SoapEndpointInterceptor

handleRequest

public final boolean handleRequest(org.springframework.ws.context.MessageContext messageContext)
                            throws org.springframework.ws.client.WebServiceClientException
Secures a client-side outgoing request. Delegates to secureMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext) if the secureRequest property is true.

Specified by:
handleRequest in interface org.springframework.ws.client.support.interceptor.ClientInterceptor
Parameters:
messageContext - the message context, containing the request to be secured
Returns:
true if the response was secured; false otherwise.
Throws:
Exception - in case of errors
org.springframework.ws.client.WebServiceClientException
See Also:
secureMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)

handleResponse

public final boolean handleResponse(org.springframework.ws.context.MessageContext messageContext)
                             throws org.springframework.ws.client.WebServiceClientException
Validates a client-side incoming response. Delegates to validateMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext) if the validateResponse property is true.

Specified by:
handleResponse in interface org.springframework.ws.client.support.interceptor.ClientInterceptor
Parameters:
messageContext - the message context, containing the response to be validated
Returns:
true if the request was valid; false otherwise.
Throws:
Exception - in case of errors
org.springframework.ws.client.WebServiceClientException
See Also:
validateMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext)

handleFault

public boolean handleFault(org.springframework.ws.context.MessageContext messageContext)
                    throws org.springframework.ws.client.WebServiceClientException
Returns true, i.e. fault responses are not validated.

Specified by:
handleFault in interface org.springframework.ws.client.support.interceptor.ClientInterceptor
Throws:
org.springframework.ws.client.WebServiceClientException

handleSecurementException

protected boolean handleSecurementException(WsSecuritySecurementException ex,
                                            org.springframework.ws.context.MessageContext messageContext)
Handles an securement exception. Default implementation logs the given exception, and returns false.

Parameters:
ex - the validation exception
messageContext - the message context
Returns:
true to continue processing the message, false (the default) otherwise

handleValidationException

protected boolean handleValidationException(WsSecurityValidationException ex,
                                            org.springframework.ws.context.MessageContext messageContext)
Handles an invalid SOAP message. Default implementation logs the given exception, delegates to the set exceptionResolver if any, or creates a SOAP 1.1 Client or SOAP 1.2 Sender Fault with the exception message as fault string, and returns false.

Parameters:
ex - the validation exception
messageContext - the message context
Returns:
true to continue processing the message, false (the default) otherwise

handleFaultException

protected boolean handleFaultException(WsSecurityFaultException ex,
                                       org.springframework.ws.context.MessageContext messageContext)
Handles a fault exception.Default implementation logs the given exception, and creates a SOAP Fault with the properties of the given exception, and returns false.

Parameters:
ex - the validation exception
messageContext - the message context
Returns:
true to continue processing the message, false (the default) otherwise

validateMessage

protected abstract void validateMessage(org.springframework.ws.soap.SoapMessage soapMessage,
                                        org.springframework.ws.context.MessageContext messageContext)
                                 throws WsSecurityValidationException
Abstract template method. Subclasses are required to validate the request contained in the given SoapMessage, and replace the original request with the validated version.

Parameters:
soapMessage - the soap message to validate
Throws:
WsSecurityValidationException - in case of validation errors

secureMessage

protected abstract void secureMessage(org.springframework.ws.soap.SoapMessage soapMessage,
                                      org.springframework.ws.context.MessageContext messageContext)
                               throws WsSecuritySecurementException
Abstract template method. Subclasses are required to secure the response contained in the given SoapMessage, and replace the original response with the secured version.

Parameters:
soapMessage - the soap message to secure
Throws:
WsSecuritySecurementException - in case of securement errors

cleanUp

protected abstract void cleanUp()
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2010. All Rights Reserved.