Announcement Announcement Module
No announcement yet.
SecurityInterceptor on InboundGateway Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • SecurityInterceptor on InboundGateway

    I'm trying to specify the Wss4JSecurityInterceptor on the different inbound gateways of my application. Initially I did this by specifying the interceptor on the UriEndpointMapping that maps the endpoints for each of my inbound gateways. Although it works well, it does imply that the interceptor is applied to all endpoints that are mapped. A more fine grained solution would be to specify a security interceptor on the level of each inbound gateway (allowing me to have different security scenarios for the webservices exposed). Unfortunately I didn't see an interceptor property on the inbound gateway.

    I probably can get around this by adding the interceptor to the request channel the inbound gateway is connected to. Although I haven't tried this yet, it somehow feels wrong. With the UriEndpointMapping the interceptor becomes active before it reaches the gateway, whereas the solution where it gets added to the request-channel probably implies that it gets activated after it leaves the gateway. Am I missing something? Is there a better way to specify the (security) interceptor on my inbound gateways?



  • #2
    Since the security interceptor actually needs to access the Web Service Message, it needs to be invoked "before it reaches the gateway" as you stated. Otherwise, the full context of that request is no longer available; the Spring Integration Message has already been "extracted" from the WS request at the point where it reaches the request channel.

    With the Spring Integration gateways, we are really just providing "endpoints" in Spring-WS terminology. The proper way to handle interceptors is via the endpoint-mapping. Is it possible to provide multiple endpoint mappings? (if the URIs themselves are grouped in such a way that those requiring security can be separated from those that do not).