Package org.springframework.ws.soap.security

Class AbstractWsSecurityInterceptor

java.lang.Object
org.springframework.ws.soap.security.AbstractWsSecurityInterceptor
All Implemented Interfaces:
org.springframework.ws.client.support.interceptor.ClientInterceptor, org.springframework.ws.server.EndpointInterceptor, org.springframework.ws.soap.server.SoapEndpointInterceptor
Direct Known Subclasses:
Wss4jSecurityInterceptor
public abstract class AbstractWsSecurityInterceptor extends Object implements org.springframework.ws.soap.server.SoapEndpointInterceptor, org.springframework.ws.client.support.interceptor.ClientInterceptor
Interceptor base class for interceptors that handle WS-Security. Can be used on the server side, registered in a endpoint mapping; or on the client side, on the web service template.

Subclasses of this base class can be configured to secure incoming and secure outgoing messages. By default, both are on.

Since:
1.0.0

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected final org.apache.commons.logging.Log
    logger
    Logger available to subclasses.
    protected static final QName
    WS_SECURITY_NAME
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    AbstractWsSecurityInterceptor()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    afterCompletion(org.springframework.ws.context.MessageContext messageContext, Exception ex)
     
    void
    afterCompletion(org.springframework.ws.context.MessageContext messageContext, Object endpoint, Exception ex)
     
    protected abstract void
    cleanUp()
     
    boolean
    handleFault(org.springframework.ws.context.MessageContext messageContext)
    Returns true, i.e.
    boolean
    handleFault(org.springframework.ws.context.MessageContext messageContext, Object endpoint)
    Returns true, i.e.
    protected boolean
    handleFaultException(WsSecurityFaultException ex, org.springframework.ws.context.MessageContext messageContext)
    Handles a fault exception.Default implementation logs the given exception, and creates a SOAP Fault with the properties of the given exception, and returns false.
    final boolean
    handleRequest(org.springframework.ws.context.MessageContext messageContext)
    Secures a client-side outgoing request.
    final boolean
    handleRequest(org.springframework.ws.context.MessageContext messageContext, Object endpoint)
    Validates a server-side incoming request.
    final boolean
    handleResponse(org.springframework.ws.context.MessageContext messageContext)
    Validates a client-side incoming response.
    final boolean
    handleResponse(org.springframework.ws.context.MessageContext messageContext, Object endpoint)
    Secures a server-side outgoing response.
    protected boolean
    handleSecurementException(WsSecuritySecurementException ex, org.springframework.ws.context.MessageContext messageContext)
    Handles an securement exception.
    protected boolean
    handleValidationException(WsSecurityValidationException ex, org.springframework.ws.context.MessageContext messageContext)
    Handles an invalid SOAP message.
    protected abstract void
    secureMessage(org.springframework.ws.soap.SoapMessage soapMessage, org.springframework.ws.context.MessageContext messageContext)
    Abstract template method.
    void
    setExceptionResolver(org.springframework.ws.server.EndpointExceptionResolver exceptionResolver)
    Provide an EndpointExceptionResolver for resolving validation exceptions.
    void
    setSecureRequest(boolean secureRequest)
    Indicates whether client-side outgoing requests are to be secured.
    void
    setSecureResponse(boolean secureResponse)
    Indicates whether server-side outgoing responses are to be secured.
    void
    setSkipValidationIfNoHeaderPresent(boolean skipValidationIfNoHeaderPresent)
    Allows skipping validation if no security header is present.
    void
    setValidateRequest(boolean validateRequest)
    Indicates whether server-side incoming request are to be validated.
    void
    setValidateResponse(boolean validateResponse)
    Indicates whether client-side incoming responses are to be validated.
    boolean
    understands(org.springframework.ws.soap.SoapHeaderElement headerElement)
     
    protected abstract void
    validateMessage(org.springframework.ws.soap.SoapMessage soapMessage, org.springframework.ws.context.MessageContext messageContext)
    Abstract template method.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • logger

      protected final org.apache.commons.logging.Log logger
      Logger available to subclasses.

    • WS_SECURITY_NAME

      protected static final QName WS_SECURITY_NAME

  • Constructor Details

    • AbstractWsSecurityInterceptor

      public AbstractWsSecurityInterceptor()

  • Method Details

    • setValidateRequest

      public void setValidateRequest(boolean validateRequest)
      Indicates whether server-side incoming request are to be validated. Defaults to true.

    • setSecureResponse

      public void setSecureResponse(boolean secureResponse)
      Indicates whether server-side outgoing responses are to be secured. Defaults to true.

    • setSecureRequest

      public void setSecureRequest(boolean secureRequest)
      Indicates whether client-side outgoing requests are to be secured. Defaults to true.

    • setValidateResponse

      public void setValidateResponse(boolean validateResponse)
      Indicates whether client-side incoming responses are to be validated. Defaults to true.

    • setExceptionResolver

      public void setExceptionResolver(org.springframework.ws.server.EndpointExceptionResolver exceptionResolver)
      Provide an EndpointExceptionResolver for resolving validation exceptions.

    • setSkipValidationIfNoHeaderPresent

      public void setSkipValidationIfNoHeaderPresent(boolean skipValidationIfNoHeaderPresent)
      Allows skipping validation if no security header is present.

    • handleRequest

      public final boolean handleRequest(org.springframework.ws.context.MessageContext messageContext, Object endpoint) throws Exception
      Validates a server-side incoming request. Delegates to validateMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext) if the validateRequest property is true.
      Specified by:
      handleRequest in interface org.springframework.ws.server.EndpointInterceptor
      Parameters:
      messageContext - the message context, containing the request to be validated
      endpoint - chosen endpoint to invoke
      Returns:
      true if the request was valid; false otherwise.
      Throws:
      Exception - in case of errors
      See Also:

    • handleResponse

      public final boolean handleResponse(org.springframework.ws.context.MessageContext messageContext, Object endpoint) throws Exception
      Secures a server-side outgoing response. Delegates to secureMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext) if the secureResponse property is true.
      Specified by:
      handleResponse in interface org.springframework.ws.server.EndpointInterceptor
      Parameters:
      messageContext - the message context, containing the response to be secured
      endpoint - chosen endpoint to invoke
      Returns:
      true if the response was secured; false otherwise.
      Throws:
      Exception - in case of errors
      See Also:

    • handleFault

      public boolean handleFault(org.springframework.ws.context.MessageContext messageContext, Object endpoint) throws Exception
      Returns true, i.e. fault responses are not secured.
      Specified by:
      handleFault in interface org.springframework.ws.server.EndpointInterceptor
      Throws:
      Exception

    • afterCompletion

      public void afterCompletion(org.springframework.ws.context.MessageContext messageContext, Object endpoint, Exception ex)
      Specified by:
      afterCompletion in interface org.springframework.ws.server.EndpointInterceptor

    • understands

      public boolean understands(org.springframework.ws.soap.SoapHeaderElement headerElement)
      Specified by:
      understands in interface org.springframework.ws.soap.server.SoapEndpointInterceptor

    • handleRequest

      public final boolean handleRequest(org.springframework.ws.context.MessageContext messageContext) throws org.springframework.ws.client.WebServiceClientException
      Secures a client-side outgoing request. Delegates to secureMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext) if the secureRequest property is true.
      Specified by:
      handleRequest in interface org.springframework.ws.client.support.interceptor.ClientInterceptor
      Parameters:
      messageContext - the message context, containing the request to be secured
      Returns:
      true if the response was secured; false otherwise.
      Throws:
      org.springframework.ws.client.WebServiceClientException
      See Also:

    • handleResponse

      public final boolean handleResponse(org.springframework.ws.context.MessageContext messageContext) throws org.springframework.ws.client.WebServiceClientException
      Validates a client-side incoming response. Delegates to validateMessage(org.springframework.ws.soap.SoapMessage,org.springframework.ws.context.MessageContext) if the validateResponse property is true.
      Specified by:
      handleResponse in interface org.springframework.ws.client.support.interceptor.ClientInterceptor
      Parameters:
      messageContext - the message context, containing the response to be validated
      Returns:
      true if the request was valid; false otherwise.
      Throws:
      org.springframework.ws.client.WebServiceClientException
      See Also:

    • handleFault

      public boolean handleFault(org.springframework.ws.context.MessageContext messageContext) throws org.springframework.ws.client.WebServiceClientException
      Returns true, i.e. fault responses are not validated.
      Specified by:
      handleFault in interface org.springframework.ws.client.support.interceptor.ClientInterceptor
      Throws:
      org.springframework.ws.client.WebServiceClientException

    • afterCompletion

      public void afterCompletion(org.springframework.ws.context.MessageContext messageContext, Exception ex) throws org.springframework.ws.client.WebServiceClientException
      Specified by:
      afterCompletion in interface org.springframework.ws.client.support.interceptor.ClientInterceptor
      Throws:
      org.springframework.ws.client.WebServiceClientException

    • handleSecurementException

      protected boolean handleSecurementException(WsSecuritySecurementException ex, org.springframework.ws.context.MessageContext messageContext)
      Handles an securement exception. Default implementation logs the given exception, and returns false.
      Parameters:
      ex - the validation exception
      messageContext - the message context
      Returns:
      true to continue processing the message, false (the default) otherwise

    • handleValidationException

      protected boolean handleValidationException(WsSecurityValidationException ex, org.springframework.ws.context.MessageContext messageContext)
      Handles an invalid SOAP message. Default implementation logs the given exception, delegates to the set exceptionResolver if any, or creates a SOAP 1.1 Client or SOAP 1.2 Sender Fault with the exception message as fault string, and returns false.
      Parameters:
      ex - the validation exception
      messageContext - the message context
      Returns:
      true to continue processing the message, false (the default) otherwise

    • handleFaultException

      protected boolean handleFaultException(WsSecurityFaultException ex, org.springframework.ws.context.MessageContext messageContext)
      Handles a fault exception.Default implementation logs the given exception, and creates a SOAP Fault with the properties of the given exception, and returns false.
      Parameters:
      ex - the validation exception
      messageContext - the message context
      Returns:
      true to continue processing the message, false (the default) otherwise

    • validateMessage

      protected abstract void validateMessage(org.springframework.ws.soap.SoapMessage soapMessage, org.springframework.ws.context.MessageContext messageContext) throws WsSecurityValidationException
      Abstract template method. Subclasses are required to validate the request contained in the given SoapMessage, and replace the original request with the validated version.
      Parameters:
      soapMessage - the soap message to validate
      Throws:
      WsSecurityValidationException - in case of validation errors

    • secureMessage

      protected abstract void secureMessage(org.springframework.ws.soap.SoapMessage soapMessage, org.springframework.ws.context.MessageContext messageContext) throws WsSecuritySecurementException
      Abstract template method. Subclasses are required to secure the response contained in the given SoapMessage, and replace the original response with the secured version.
      Parameters:
      soapMessage - the soap message to secure
      Throws:
      WsSecuritySecurementException - in case of securement errors

    • cleanUp

      protected abstract void cleanUp()