Class InboundWSSec


  • public class InboundWSSec
    extends Object
    Inbound Streaming-WebService-Security An instance of this class can be retrieved over the WSSec class
    • Field Detail

      • LOG

        protected static final transient org.slf4j.Logger LOG
    • Constructor Detail

      • InboundWSSec

        public InboundWSSec​(WSSSecurityProperties securityProperties,
                            boolean initiator,
                            boolean returnSecurityError)
    • Method Detail

      • processInMessage

        public XMLStreamReader processInMessage​(XMLStreamReader xmlStreamReader)
                                         throws XMLStreamException,
                                                WSSecurityException
        Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

        This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing

        Parameters:
        xmlStreamReader - The original XMLStreamReader
        Returns:
        A new XMLStreamReader which does transparently the security processing.
        Throws:
        XMLStreamException - thrown when a streaming error occurs
        WSSecurityException
      • processInMessage

        public XMLStreamReader processInMessage​(XMLStreamReader xmlStreamReader,
                                                List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents)
                                         throws XMLStreamException,
                                                WSSecurityException
        Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

        This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing

        Parameters:
        xmlStreamReader - The original XMLStreamReader
        Returns:
        A new XMLStreamReader which does transparently the security processing.
        Throws:
        XMLStreamException - thrown when a streaming error occurs
        WSSecurityException
      • processInMessage

        public XMLStreamReader processInMessage​(XMLStreamReader xmlStreamReader,
                                                List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents,
                                                org.apache.xml.security.stax.securityEvent.SecurityEventListener securityEventListener)
                                         throws XMLStreamException,
                                                WSSecurityException
        Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

        This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing

        Parameters:
        xmlStreamReader - The original XMLStreamReader
        securityEventListener - A SecurityEventListener to receive security-relevant events.
        Returns:
        A new XMLStreamReader which does transparently the security processing.
        Throws:
        XMLStreamException - thrown when a streaming error occurs
        WSSecurityException
      • processInMessage

        public XMLStreamReader processInMessage​(XMLStreamReader xmlStreamReader,
                                                List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents,
                                                List<org.apache.xml.security.stax.securityEvent.SecurityEventListener> securityEventListeners)
                                         throws XMLStreamException,
                                                WSSecurityException
        Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

        This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing

        Parameters:
        xmlStreamReader - The original XMLStreamReader
        securityEventListeners - A list of SecurityEventListeners to receive security-relevant events.
        Returns:
        A new XMLStreamReader which does transparently the security processing.
        Throws:
        XMLStreamException - thrown when a streaming error occurs
        WSSecurityException