Skip to content

Commit 346a53d

Browse files
gregturngregturn
committed
SWS-890 Make WSSecurityEngine injectable to Wss4jSecurityInterceptor
1 parent 2906b1a commit 346a53d

File tree

3 files changed

+32
-8
lines changed

3 files changed

+32
-8
lines changed

build.gradle

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -241,6 +241,7 @@ project('spring-ws-security') {
241241
// Spring
242242
compile("org.springframework:spring-beans:$springVersion")
243243
compile("org.springframework:spring-tx:$springVersion")
244+
testCompile("org.springframework:spring-test:$springVersion")
244245

245246
// Spring Security
246247
compile("org.springframework.security:spring-security-core:$springSecurityVersion")

spring-ws-security/src/main/java/org/springframework/ws/soap/security/wss4j2/Wss4jSecurityInterceptor.java

Lines changed: 19 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,6 @@
2222
import java.util.ArrayList;
2323
import java.util.Collections;
2424
import java.util.List;
25-
2625
import javax.security.auth.callback.Callback;
2726
import javax.security.auth.callback.CallbackHandler;
2827
import javax.security.auth.callback.UnsupportedCallbackException;
@@ -44,6 +43,9 @@
4443
import org.apache.wss4j.dom.validate.Credential;
4544
import org.apache.wss4j.dom.validate.SignatureTrustValidator;
4645
import org.apache.wss4j.dom.validate.TimestampValidator;
46+
import org.w3c.dom.Document;
47+
import org.w3c.dom.Element;
48+
4749
import org.springframework.beans.factory.InitializingBean;
4850
import org.springframework.util.Assert;
4951
import org.springframework.util.CollectionUtils;
@@ -56,8 +58,6 @@
5658
import org.springframework.ws.soap.security.callback.CallbackHandlerChain;
5759
import org.springframework.ws.soap.security.callback.CleanupCallback;
5860
import org.springframework.ws.soap.security.wss4j2.callback.UsernameTokenPrincipalCallback;
59-
import org.w3c.dom.Document;
60-
import org.w3c.dom.Element;
6161

6262
/**
6363
* A WS-Security endpoint interceptor based on Apache's WSS4J. This interceptor supports messages created by the {@link
@@ -135,7 +135,7 @@ public class Wss4jSecurityInterceptor extends AbstractWsSecurityInterceptor impl
135135

136136
private final Wss4jHandler handler = new Wss4jHandler();
137137

138-
private final WSSecurityEngine securityEngine = new WSSecurityEngine();
138+
private final WSSecurityEngine securityEngine;
139139

140140
private boolean enableRevocation;
141141

@@ -149,6 +149,21 @@ public class Wss4jSecurityInterceptor extends AbstractWsSecurityInterceptor impl
149149
// To maintain same behavior as default, this flag is set to true
150150
private boolean removeSecurityHeader = true;
151151

152+
/**
153+
* Create a {@link WSSecurityEngine} by default.
154+
*/
155+
public Wss4jSecurityInterceptor() {
156+
this.securityEngine = new WSSecurityEngine();
157+
}
158+
159+
/**
160+
* Inject a customize {@link WSSecurityEngine}.
161+
* @param securityEngine
162+
*/
163+
public Wss4jSecurityInterceptor(WSSecurityEngine securityEngine) {
164+
this.securityEngine = securityEngine;
165+
}
166+
152167
public void setSecurementActions(String securementActions) {
153168
this.securementActions = securementActions;
154169
}

spring-ws-security/src/test/java/org/springframework/ws/soap/security/wss4j2/Wss4jInterceptorTestCase.java

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,16 +16,17 @@
1616

1717
package org.springframework.ws.soap.security.wss4j2;
1818

19+
import org.apache.wss4j.dom.engine.WSSecurityEngine;
20+
import org.junit.Test;
21+
22+
import org.springframework.test.util.ReflectionTestUtils;
1923
import org.springframework.ws.context.DefaultMessageContext;
2024
import org.springframework.ws.context.MessageContext;
2125
import org.springframework.ws.soap.SoapMessage;
2226
import org.springframework.ws.soap.security.WsSecuritySecurementException;
2327
import org.springframework.ws.soap.security.WsSecurityValidationException;
2428

25-
import org.junit.Test;
26-
27-
import static org.junit.Assert.assertEquals;
28-
import static org.junit.Assert.fail;
29+
import static org.junit.Assert.*;
2930

3031
public abstract class Wss4jInterceptorTestCase extends Wss4jTestCase {
3132

@@ -81,4 +82,11 @@ protected void validateMessage(SoapMessage soapMessage, MessageContext messageCo
8182
assertEquals("Invalid response", securedResponseMessage, getMessage((SoapMessage) context.getResponse()));
8283
}
8384

85+
@Test
86+
public void testHandleCustomSecurityEngine() {
87+
WSSecurityEngine engine = new WSSecurityEngine();
88+
Wss4jSecurityInterceptor interceptor = new Wss4jSecurityInterceptor(engine);
89+
assertEquals(engine, ReflectionTestUtils.getField(interceptor, "securityEngine"));
90+
}
91+
8492
}

0 commit comments

Comments
 (0)