SWS-890 Make WSSecurityEngine injectable to Wss4jSecurityInterceptor

build.gradle

@@ -241,6 +241,7 @@ project('spring-ws-security') {
 		// Spring
 		compile("org.springframework:spring-beans:$springVersion")
 		compile("org.springframework:spring-tx:$springVersion")
+		testCompile("org.springframework:spring-test:$springVersion")
 
 		// Spring Security
 		compile("org.springframework.security:spring-security-core:$springSecurityVersion")

spring-ws-security/src/main/java/org/springframework/ws/soap/security/wss4j2/Wss4jSecurityInterceptor.java

@@ -22,7 +22,6 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
-
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
@@ -44,6 +43,9 @@
 import org.apache.wss4j.dom.validate.Credential;
 import org.apache.wss4j.dom.validate.SignatureTrustValidator;
 import org.apache.wss4j.dom.validate.TimestampValidator;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
@@ -56,8 +58,6 @@
 import org.springframework.ws.soap.security.callback.CallbackHandlerChain;
 import org.springframework.ws.soap.security.callback.CleanupCallback;
 import org.springframework.ws.soap.security.wss4j2.callback.UsernameTokenPrincipalCallback;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
 
 /**
  * A WS-Security endpoint interceptor based on Apache's WSS4J. This interceptor supports messages created by the {@link
@@ -135,7 +135,7 @@ public class Wss4jSecurityInterceptor extends AbstractWsSecurityInterceptor impl
 
 	private final Wss4jHandler handler = new Wss4jHandler();
 
-	private final WSSecurityEngine securityEngine = new WSSecurityEngine();
+	private final WSSecurityEngine securityEngine;
 
 	private boolean enableRevocation;
 
@@ -149,6 +149,21 @@ public class Wss4jSecurityInterceptor extends AbstractWsSecurityInterceptor impl
 	// To maintain same behavior as default, this flag is set to true
 	private boolean removeSecurityHeader = true;
 
+	/**
+	 * Create a {@link WSSecurityEngine} by default.
+	 */
+	public Wss4jSecurityInterceptor() {
+		this.securityEngine = new WSSecurityEngine();
+	}
+
+	/**
+	 * Inject a customize {@link WSSecurityEngine}.
+	 * @param securityEngine
+	 */
+	public Wss4jSecurityInterceptor(WSSecurityEngine securityEngine) {
+		this.securityEngine = securityEngine;
+	}
+
 	public void setSecurementActions(String securementActions) {
 		this.securementActions = securementActions;
 	}

spring-ws-security/src/test/java/org/springframework/ws/soap/security/wss4j2/Wss4jInterceptorTestCase.java

@@ -16,16 +16,17 @@
 
 package org.springframework.ws.soap.security.wss4j2;
 
+import org.apache.wss4j.dom.engine.WSSecurityEngine;
+import org.junit.Test;
+
+import org.springframework.test.util.ReflectionTestUtils;
 import org.springframework.ws.context.DefaultMessageContext;
 import org.springframework.ws.context.MessageContext;
 import org.springframework.ws.soap.SoapMessage;
 import org.springframework.ws.soap.security.WsSecuritySecurementException;
 import org.springframework.ws.soap.security.WsSecurityValidationException;
 
-import org.junit.Test;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
+import static org.junit.Assert.*;
 
 public abstract class Wss4jInterceptorTestCase extends Wss4jTestCase {
 
@@ -81,4 +82,11 @@ protected void validateMessage(SoapMessage soapMessage, MessageContext messageCo
 		assertEquals("Invalid response", securedResponseMessage, getMessage((SoapMessage) context.getResponse()));
 	}
 
+	@Test
+	public void testHandleCustomSecurityEngine() {
+		WSSecurityEngine engine = new WSSecurityEngine();
+		Wss4jSecurityInterceptor interceptor = new Wss4jSecurityInterceptor(engine);
+		assertEquals(engine, ReflectionTestUtils.getField(interceptor, "securityEngine"));
+	}
+
 }