Package org.apache.xml.security.stax.ext
Class InboundXMLSec
- java.lang.Object
-
- org.apache.xml.security.stax.ext.InboundXMLSec
-
public class InboundXMLSec extends Object
Inbound Streaming-XML-Security An instance of this class can be retrieved over the XMLSec class- Version:
- $Revision: 1354898 $ $Date: 2012-06-28 11:19:02 +0100 (Thu, 28 Jun 2012) $
- Author:
- $Author: coheigea $
-
-
Field Summary
Fields Modifier and Type Field Description protected static org.slf4j.Logger
log
-
Constructor Summary
Constructors Constructor Description InboundXMLSec(XMLSecurityProperties securityProperties)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description XMLStreamReader
processInMessage(XMLStreamReader xmlStreamReader)
Warning: configure your xmlStreamReader correctly.XMLStreamReader
processInMessage(XMLStreamReader xmlStreamReader, List<SecurityEvent> requestSecurityEvents, SecurityEventListener securityEventListener)
Warning: configure your xmlStreamReader correctly.
-
-
-
Constructor Detail
-
InboundXMLSec
public InboundXMLSec(XMLSecurityProperties securityProperties)
-
-
Method Detail
-
processInMessage
public XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader) throws XMLStreamException
Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192)); This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing- Parameters:
xmlStreamReader
- The original XMLStreamReader- Returns:
- A new XMLStreamReader which does transparently the security processing.
- Throws:
XMLStreamException
- thrown when a streaming error occurs
-
processInMessage
public XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader, List<SecurityEvent> requestSecurityEvents, SecurityEventListener securityEventListener) throws XMLStreamException
Warning: configure your xmlStreamReader correctly. Otherwise you can create a security hole. At minimum configure the following properties: xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false); xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192)); This method is the entry point for the incoming security-engine. Hand over the original XMLStreamReader and use the returned one for further processing- Parameters:
xmlStreamReader
- The original XMLStreamReaderrequestSecurityEvents
- A List of requested SecurityEventssecurityEventListener
- A SecurityEventListener to receive security-relevant events.- Returns:
- A new XMLStreamReader which does transparently the security processing.
- Throws:
XMLStreamException
- thrown when a streaming error occurs
-
-