- java.lang.Object
-
- org.apache.xml.security.stax.ext.InboundXMLSec
-
public class InboundXMLSec extends Object
Inbound Streaming-XML-Security An instance of this class can be retrieved over the XMLSec class
-
-
Constructor Summary
Constructors Constructor Description InboundXMLSec(XMLSecurityProperties securityProperties)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description XMLStreamReaderprocessInMessage(XMLStreamReader xmlStreamReader)Warning: configure your xmlStreamReader correctly.XMLStreamReaderprocessInMessage(XMLStreamReader xmlStreamReader, List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents, org.apache.xml.security.stax.securityEvent.SecurityEventListener securityEventListener)Warning: configure your xmlStreamReader correctly.
-
-
-
Constructor Detail
-
InboundXMLSec
public InboundXMLSec(XMLSecurityProperties securityProperties)
-
-
Method Detail
-
processInMessage
public XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader) throws XMLStreamException
Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192)); This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing- Parameters:
xmlStreamReader- The original XMLStreamReader- Returns:
- A new XMLStreamReader which does transparently the security processing.
- Throws:
XMLStreamException- thrown when a streaming error occurs
-
processInMessage
public XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader, List<org.apache.xml.security.stax.securityEvent.SecurityEvent> requestSecurityEvents, org.apache.xml.security.stax.securityEvent.SecurityEventListener securityEventListener) throws XMLStreamException
Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192)); This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing- Parameters:
xmlStreamReader- The original XMLStreamReaderrequestSecurityEvents- A List of requested SecurityEventssecurityEventListener- A SecurityEventListener to receive security-relevant events.- Returns:
- A new XMLStreamReader which does transparently the security processing.
- Throws:
XMLStreamException- thrown when a streaming error occurs
-
-