Samples JDK
SoapOutSecurityInterceptor.java
1 package com.freemindcafe.apache.cxf.wsdl.sample3;
2 
3 import javax.servlet.http.HttpServletRequest;
4 
5 import org.apache.cxf.binding.soap.SoapMessage;
6 import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
7 import org.apache.cxf.interceptor.Fault;
8 import org.apache.cxf.message.Message;
9 import org.apache.cxf.phase.Phase;
10 import org.apache.log4j.Logger;
11 
12 //\cond HIDDEN_SYMBOLS
13 /***
14  *
15  * @author KOMAN00S
16  *
17  */
18 //Phase.PRE_PROTOCOL
19 public class SoapOutSecurityInterceptor extends AbstractSoapInterceptor {
20 
21  protected Logger logger = Logger.getLogger(SoapOutSecurityInterceptor.class);
22 
23  public SoapOutSecurityInterceptor(){
24  super(Phase.PRE_PROTOCOL);
25  }
26 
27  @Override
28  public void handleMessage(SoapMessage arg0) throws Fault {
29  System.out.println("SoapOutSecurityInterceptor-----------------");
30  //EIP-19204 starts
31  Message inMessage = arg0.getExchange().getInMessage();
32 
33  //IN message can be null in case of async response
34  if(inMessage != null) {
35  HttpServletRequest req = (HttpServletRequest) inMessage.get("HTTP.REQUEST");
36 
37  if(req.getSession(false) != null) {
38  logger.debug("invalidating the http session");
39  req.getSession().invalidate();
40  } else {
41  logger.warn(" No session found Not able to invalidate http session");
42  }
43 
44  //This should be done only when we are processing a request and sending a response back
45  //As this intercepter will also be called in case we are sending a web service request to third party web server and
46  //getting the response back. In this case, we don't want to clear the authentication.
47  logger.debug("Exiting current user");
48  //SecurityContextHolder.getContext().setAuthentication(null);
49  //SessionHolder.setSession(null);
50  } else {
51  logger.warn("http request is null Not able to invalidate http session");
52  }
53  //EIP-19204 ends
54  }
55 
56 }
57 //\endcond