The "ws Security Interceptor" is one such interceptor implementing the Spring-WS Endpoint Interceptor interface, and provides message-level security on the SOAP message en-route to the endpoint.

spring payloadvalidatinginterceptor example-68

Rizwan Ahmed Biography The author is an IT Systems Architect and has about 10 years of experience in the public and private sector architecting technology, systems and security solutions.

He holds a Bachelor's degree in engineering from the Indian Institute of Technology and a Masters degree from the Florida State University.

Detects @Payload Root annotations on @Endpoint bean methods.

The Form Client Demographics Endpoint has such annotations.

Since these bean wirings are relevant only to the Web service's endpoint configuration, message routing and exception handling (all within the scope of the Spring-WS module [REF-3]), they are stored within a configuration file aptly called application

In this article we secure the service by authenticating the incoming Web service request containing a username token to user-credential information stored within a database and authorize access to the secured endpoint only to a particular role that the user must belong to.Steps for Creating a Spring-WS Contract-First Service (continued from Part I) Referring back to Part I of the article series [REF-1], I had mentioned that the application context XML file is a composition of application beans (wired and managed by the Spring container) relevant to the particular Spring module being used.Example 1 is a snippet of the application's Web service (WS) context file described earlier containing the endpoint mappings which was configured to define an annotated Payload endpoint (Payload Root Annotation Method Endpoint Mapping) that autodetects endpoint classes and methods using annotations (@Endpoint and @Payload Root) which it then uses to appropriately route the SOAP message to.Within these declaration elements are elements that specify which type of security mechanism is to be applied to the SOAP message.For example, to apply XML Digital Signature, the security configuration file would include an element, along with a keystore alias that identifies the private key/certificate associated with the sender's signature.Since you would typically have a separate application context file for each Spring module that you would need to adapt, we would need to create separate, appropriately named, XML context files containing wirings of application objects for the Security, ORM and DAO module.