Package org.apache.wss4j.stax.setup

Class InboundWSSec

  • public class InboundWSSec
extends Object
    Inbound Streaming-WebService-Security An instance of this class can be retrieved over the WSSec class

    • Field Detail

      • LOG

        protected static final transient org.slf4j.Logger LOG

    • Constructor Detail

      • InboundWSSec

        public InboundWSSec​(WSSSecurityProperties securityProperties,
                    boolean initiator,
                    boolean returnSecurityError)

    • Method Detail

      • processInMessage

        public XMLStreamReader processInMessage​(XMLStreamReader xmlStreamReader)
                                 throws XMLStreamException,
                                        WSSecurityException
        Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

        This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing

        Parameters:
        xmlStreamReader - The original XMLStreamReader
        Returns:
        A new XMLStreamReader which does transparently the security processing.
        Throws:
        XMLStreamException - thrown when a streaming error occurs
        WSSecurityException

      • processInMessage

        public XMLStreamReader processInMessage​(XMLStreamReader xmlStreamReader,
                                        List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents)
                                 throws XMLStreamException,
                                        WSSecurityException
        Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

        This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing

        Parameters:
        xmlStreamReader - The original XMLStreamReader
        Returns:
        A new XMLStreamReader which does transparently the security processing.
        Throws:
        XMLStreamException - thrown when a streaming error occurs
        WSSecurityException

      • processInMessage

        public XMLStreamReader processInMessage​(XMLStreamReader xmlStreamReader,
                                        List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents,
                                        org.apache.xml.security.stax.securityEvent.SecurityEventListener securityEventListener)
                                 throws XMLStreamException,
                                        WSSecurityException
        Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

        This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing

        Parameters:
        xmlStreamReader - The original XMLStreamReader
        securityEventListener - A SecurityEventListener to receive security-relevant events.
        Returns:
        A new XMLStreamReader which does transparently the security processing.
        Throws:
        XMLStreamException - thrown when a streaming error occurs
        WSSecurityException

      • processInMessage

        public XMLStreamReader processInMessage​(XMLStreamReader xmlStreamReader,
                                        List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents,
                                        List<org.apache.xml.security.stax.securityEvent.SecurityEventListener> securityEventListeners)
                                 throws XMLStreamException,
                                        WSSecurityException
        Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

        This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing

        Parameters:
        xmlStreamReader - The original XMLStreamReader
        securityEventListeners - A list of SecurityEventListeners to receive security-relevant events.
        Returns:
        A new XMLStreamReader which does transparently the security processing.
        Throws:
        XMLStreamException - thrown when a streaming error occurs
        WSSecurityException