org.apache.xml.security.stax.ext
Class InboundXMLSec

java.lang.Object
  extended by org.apache.xml.security.stax.ext.InboundXMLSec

public class InboundXMLSec
extends Object

Inbound Streaming-XML-Security An instance of this class can be retrieved over the XMLSec class

Version:
$Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
Author:
$Author: coheigea $

Field Summary
protected static org.slf4j.Logger log
           
 
Constructor Summary
InboundXMLSec(XMLSecurityProperties securityProperties)
           
 
Method Summary
 XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader)
          Warning: configure your xmlStreamReader correctly.
 XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader, List<SecurityEvent> requestSecurityEvents, SecurityEventListener securityEventListener)
          Warning: configure your xmlStreamReader correctly.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

log

protected static final transient org.slf4j.Logger log
Constructor Detail

InboundXMLSec

public InboundXMLSec(XMLSecurityProperties securityProperties)
Method Detail

processInMessage

public XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader)
                                 throws XMLStreamException
Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing

Parameters:
xmlStreamReader - The original XMLStreamReader
Returns:
A new XMLStreamReader which does transparently the security processing.
Throws:
XMLStreamException - thrown when a streaming error occurs

processInMessage

public XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader,
                                        List<SecurityEvent> requestSecurityEvents,
                                        SecurityEventListener securityEventListener)
                                 throws XMLStreamException
Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));

This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing

Parameters:
xmlStreamReader - The original XMLStreamReader
requestSecurityEvents - A List of requested SecurityEvents
securityEventListener - A SecurityEventListener to receive security-relevant events.
Returns:
A new XMLStreamReader which does transparently the security processing.
Throws:
XMLStreamException - thrown when a streaming error occurs


Copyright © 2000–2014 The Apache Software Foundation. All rights reserved.