Package org.apache.xml.security.stax.ext
Class InboundXMLSec
- java.lang.Object
-
- org.apache.xml.security.stax.ext.InboundXMLSec
-
public class InboundXMLSec extends java.lang.Object
Inbound Streaming-XML-Security An instance of this class can be retrieved over the XMLSec class
-
-
Field Summary
Fields Modifier and Type Field Description protected static org.slf4j.Logger
LOG
private XMLSecurityProperties
securityProperties
private static javax.xml.stream.XMLInputFactory
xmlInputFactory
-
Constructor Summary
Constructors Constructor Description InboundXMLSec(XMLSecurityProperties securityProperties)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description javax.xml.stream.XMLStreamReader
processInMessage(javax.xml.stream.XMLStreamReader xmlStreamReader)
Warning: configure your xmlStreamReader correctly.javax.xml.stream.XMLStreamReader
processInMessage(javax.xml.stream.XMLStreamReader xmlStreamReader, java.util.List<SecurityEvent> requestSecurityEvents, SecurityEventListener securityEventListener)
Warning: configure your xmlStreamReader correctly.
-
-
-
Field Detail
-
LOG
protected static final transient org.slf4j.Logger LOG
-
xmlInputFactory
private static final javax.xml.stream.XMLInputFactory xmlInputFactory
-
securityProperties
private final XMLSecurityProperties securityProperties
-
-
Constructor Detail
-
InboundXMLSec
public InboundXMLSec(XMLSecurityProperties securityProperties)
-
-
Method Detail
-
processInMessage
public javax.xml.stream.XMLStreamReader processInMessage(javax.xml.stream.XMLStreamReader xmlStreamReader) throws javax.xml.stream.XMLStreamException
Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192)); This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing- Parameters:
xmlStreamReader
- The original XMLStreamReader- Returns:
- A new XMLStreamReader which does transparently the security processing.
- Throws:
javax.xml.stream.XMLStreamException
- thrown when a streaming error occurs
-
processInMessage
public javax.xml.stream.XMLStreamReader processInMessage(javax.xml.stream.XMLStreamReader xmlStreamReader, java.util.List<SecurityEvent> requestSecurityEvents, SecurityEventListener securityEventListener) throws javax.xml.stream.XMLStreamException
Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192)); This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing- Parameters:
xmlStreamReader
- The original XMLStreamReaderrequestSecurityEvents
- A List of requested SecurityEventssecurityEventListener
- A SecurityEventListener to receive security-relevant events.- Returns:
- A new XMLStreamReader which does transparently the security processing.
- Throws:
javax.xml.stream.XMLStreamException
- thrown when a streaming error occurs
-
-