11/*
2- * Copyright 2005-2010 the original author or authors.
2+ * Copyright 2005-2011 the original author or authors.
33 *
44 * Licensed under the Apache License, Version 2.0 (the "License");
55 * you may not use this file except in compliance with the License.
66 * You may obtain a copy of the License at
77 *
8- * http://www.apache.org/licenses/LICENSE-2.0
8+ * http://www.apache.org/licenses/LICENSE-2.0
99 *
1010 * Unless required by applicable law or agreed to in writing, software
1111 * distributed under the License is distributed on an "AS IS" BASIS,
3838import org .springframework .ws .soap .security .wss4j .callback .UsernameTokenPrincipalCallback ;
3939
4040import org .apache .ws .security .WSConstants ;
41+ import org .apache .ws .security .WSSConfig ;
4142import org .apache .ws .security .WSSecurityEngine ;
4243import org .apache .ws .security .WSSecurityEngineResult ;
4344import org .apache .ws .security .WSSecurityException ;
5152import org .w3c .dom .Document ;
5253
5354/**
54- * A WS-Security endpoint interceptor based on Apache's WSS4J. This inteceptor supports messages created by the {@link
55+ * A WS-Security endpoint interceptor based on Apache's WSS4J. This interceptor supports messages created by the {@link
5556 * org.springframework.ws.soap.axiom.AxiomSoapMessageFactory} and the {@link org.springframework.ws.soap.saaj.SaajSoapMessageFactory}.
5657 * <p/>
5758 * The validation and securement actions executed by this interceptor are configured via <code>validationActions</code>
@@ -112,6 +113,8 @@ public class Wss4jSecurityInterceptor extends AbstractWsSecurityInterceptor impl
112113 private int validationTimeToLive = 300 ;
113114
114115 private int securementTimeToLive = 300 ;
116+
117+ private WSSConfig wssConfig ;
115118
116119 private final Wss4jHandler handler = new Wss4jHandler ();
117120
@@ -441,6 +444,18 @@ public void setSecurementMustUnderstand(boolean securementMustUnderstand) {
441444 public void setSecurementUsernameTokenElements (String securementUsernameTokenElements ) {
442445 handler .setOption (WSHandlerConstants .ADD_UT_ELEMENTS , securementUsernameTokenElements );
443446 }
447+
448+ /**
449+ * Sets the web service specification settings.
450+ * <p>
451+ * The default settings follow the latest OASIS and changing anything might violate the OASIS specs.
452+ *
453+ * @param config web service security configuration or {@code null} to use default settings
454+ */
455+ public void setWssConfig (WSSConfig config ) {
456+ securityEngine .setWssConfig (config );
457+ wssConfig = config ;
458+ }
444459
445460 public void afterPropertiesSet () throws Exception {
446461 Assert .isTrue (validationActions != null || securementActions != null ,
@@ -490,13 +505,17 @@ protected void secureMessage(SoapMessage soapMessage, MessageContext messageCont
490505 soapMessage .setDocument (envelopeAsDocument );
491506 }
492507
493- /** Creates and initializes a request data */
494- private RequestData initializeRequestData (MessageContext messageContext ) {
508+ /**
509+ * Creates and initializes a request data for the given message context.
510+ *
511+ * @param messageContext the message context
512+ * @return the request data
513+ */
514+ protected RequestData initializeRequestData (MessageContext messageContext ) {
495515 RequestData requestData = new RequestData ();
496516 requestData .setMsgContext (messageContext );
497517
498- // reads securementUsername first from the context then from the
499- // property
518+ // reads securementUsername first from the context then from the property
500519 String contextUsername = (String ) messageContext .getProperty (SECUREMENT_USER_PROPERTY_NAME );
501520 if (StringUtils .hasLength (contextUsername )) {
502521 requestData .setUsername (contextUsername );
@@ -506,6 +525,8 @@ private RequestData initializeRequestData(MessageContext messageContext) {
506525 }
507526
508527 requestData .setTimeToLive (securementTimeToLive );
528+
529+ requestData .setWssConfig (wssConfig );
509530
510531 return requestData ;
511532 }
0 commit comments