Class InboundXMLSec


  • public class InboundXMLSec
    extends java.lang.Object
    Inbound Streaming-XML-Security An instance of this class can be retrieved over the XMLSec class
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      javax.xml.stream.XMLStreamReader processInMessage​(javax.xml.stream.XMLStreamReader xmlStreamReader)
      Warning: configure your xmlStreamReader correctly.
      javax.xml.stream.XMLStreamReader processInMessage​(javax.xml.stream.XMLStreamReader xmlStreamReader, java.util.List<SecurityEvent> requestSecurityEvents, SecurityEventListener securityEventListener)
      Warning: configure your xmlStreamReader correctly.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • LOG

        protected static final transient org.slf4j.Logger LOG
      • xmlInputFactory

        private static final javax.xml.stream.XMLInputFactory xmlInputFactory
    • Method Detail

      • processInMessage

        public javax.xml.stream.XMLStreamReader processInMessage​(javax.xml.stream.XMLStreamReader xmlStreamReader)
                                                          throws javax.xml.stream.XMLStreamException
        Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

        This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing
        Parameters:
        xmlStreamReader - The original XMLStreamReader
        Returns:
        A new XMLStreamReader which does transparently the security processing.
        Throws:
        javax.xml.stream.XMLStreamException - thrown when a streaming error occurs
      • processInMessage

        public javax.xml.stream.XMLStreamReader processInMessage​(javax.xml.stream.XMLStreamReader xmlStreamReader,
                                                                 java.util.List<SecurityEvent> requestSecurityEvents,
                                                                 SecurityEventListener securityEventListener)
                                                          throws javax.xml.stream.XMLStreamException
        Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

        This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing
        Parameters:
        xmlStreamReader - The original XMLStreamReader
        requestSecurityEvents - A List of requested SecurityEvents
        securityEventListener - A SecurityEventListener to receive security-relevant events.
        Returns:
        A new XMLStreamReader which does transparently the security processing.
        Throws:
        javax.xml.stream.XMLStreamException - thrown when a streaming error occurs