Package org.apache.wss4j.stax.setup

Class InboundWSSec

java.lang.Object
org.apache.wss4j.stax.setup.InboundWSSec
public class InboundWSSec extends Object
Inbound Streaming-WebService-Security An instance of this class can be retrieved over the WSSec class

  • Field Details

    • LOG

      protected static final transient org.slf4j.Logger LOG

  • Constructor Details

  • Method Details

    • processInMessage

      public XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader) throws XMLStreamException, WSSecurityException
      Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

      This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing

      Parameters:
      xmlStreamReader - The original XMLStreamReader
      Returns:
      A new XMLStreamReader which does transparently the security processing.
      Throws:
      XMLStreamException - thrown when a streaming error occurs
      WSSecurityException

    • processInMessage

      public XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader, List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents) throws XMLStreamException, WSSecurityException
      Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

      This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing

      Parameters:
      xmlStreamReader - The original XMLStreamReader
      Returns:
      A new XMLStreamReader which does transparently the security processing.
      Throws:
      XMLStreamException - thrown when a streaming error occurs
      WSSecurityException

    • processInMessage

      public XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader, List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents, org.apache.xml.security.stax.securityEvent.SecurityEventListener securityEventListener) throws XMLStreamException, WSSecurityException
      Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

      This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing

      Parameters:
      xmlStreamReader - The original XMLStreamReader
      securityEventListener - A SecurityEventListener to receive security-relevant events.
      Returns:
      A new XMLStreamReader which does transparently the security processing.
      Throws:
      XMLStreamException - thrown when a streaming error occurs
      WSSecurityException

    • processInMessage

      public XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader, List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents, List<org.apache.xml.security.stax.securityEvent.SecurityEventListener> securityEventListeners) throws XMLStreamException, WSSecurityException
      Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

      This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing

      Parameters:
      xmlStreamReader - The original XMLStreamReader
      securityEventListeners - A list of SecurityEventListeners to receive security-relevant events.
      Returns:
      A new XMLStreamReader which does transparently the security processing.
      Throws:
      XMLStreamException - thrown when a streaming error occurs
      WSSecurityException