From 2afad2ca8089ccd996cc45d70450b7779b1a882a Mon Sep 17 00:00:00 2001 From: Arjen Poutsma Date: Sun, 15 Apr 2007 14:47:16 +0000 Subject: [PATCH] Moved documentation from separate module into the main module, so that it is published with the site. --- oxm/pom.xml | 5 - pom.xml | 72 +- sandbox/pom.xml | 2 +- src/docbkx/bibliography.xml | 58 ++ src/docbkx/client.xml | 160 ++++ src/docbkx/index.xml | 46 + src/docbkx/overview.xml | 142 +++ src/docbkx/oxm.xml | 709 ++++++++++++++ src/docbkx/preface.xml | 22 + src/docbkx/resources/css/html.css | 421 +++++++++ .../resources/images/i21-banner-rhs.jpg | Bin 0 -> 10504 bytes .../resources/images/oxm-exceptions.png | Bin 0 -> 20807 bytes .../resources/images/oxm-exceptions.svg | 48 + .../resources/images/xdev-spring_logo.jpg | Bin 0 -> 37376 bytes src/docbkx/resources/xsl/fopdf.xsl | 470 +++++++++ src/docbkx/resources/xsl/html.xsl | 91 ++ src/docbkx/resources/xsl/html_chunk.xsl | 208 ++++ src/docbkx/security.xml | 890 ++++++++++++++++++ src/docbkx/server.xml | 345 +++++++ 19 files changed, 3677 insertions(+), 12 deletions(-) create mode 100644 src/docbkx/bibliography.xml create mode 100644 src/docbkx/client.xml create mode 100644 src/docbkx/index.xml create mode 100644 src/docbkx/overview.xml create mode 100644 src/docbkx/oxm.xml create mode 100644 src/docbkx/preface.xml create mode 100644 src/docbkx/resources/css/html.css create mode 100644 src/docbkx/resources/images/i21-banner-rhs.jpg create mode 100644 src/docbkx/resources/images/oxm-exceptions.png create mode 100644 src/docbkx/resources/images/oxm-exceptions.svg create mode 100644 src/docbkx/resources/images/xdev-spring_logo.jpg create mode 100644 src/docbkx/resources/xsl/fopdf.xsl create mode 100644 src/docbkx/resources/xsl/html.xsl create mode 100644 src/docbkx/resources/xsl/html_chunk.xsl create mode 100644 src/docbkx/security.xml create mode 100644 src/docbkx/server.xml diff --git a/oxm/pom.xml b/oxm/pom.xml index 1914b604..b5eb9a08 100644 --- a/oxm/pom.xml +++ b/oxm/pom.xml @@ -17,11 +17,6 @@ JiBX Maven Repository http://jibx.sourceforge.net/maven2/ - - maven2-repository.dev.java.net - Java.net Repository for Maven2 - https://maven2-repository.dev.java.net/nonav/repository - diff --git a/pom.xml b/pom.xml index 052a09fc..bad4e05b 100644 --- a/pom.xml +++ b/pom.xml @@ -124,12 +124,6 @@ samples - - doc - - doc - - 2.0.4 @@ -140,7 +134,19 @@ Spring External Dependencies Repository https://svn.sourceforge.net/svnroot/springframework/repos/repo-ext/ + + maven2-repository.dev.java.net + Java.net Repository for Maven2 + https://maven-repository.dev.java.net/nonav/repository + legacy + + + + agilejava + http://agilejava.com/maven/ + + @@ -181,6 +187,60 @@ true + + com.agilejava.docbkx + docbkx-maven-plugin + + + + generate-html + generate-pdf + + pre-site + + + + + org.docbook + docbook-xml + 4.4 + runtime + + + + index.xml + true + css/html.css + true + src/docbkx/resources/xsl/html_chunk.xsl + src/docbkx/resources/xsl/fopdf.xsl + + + version + ${version} + + + + + + + + + + + + + + + + + + + + + diff --git a/sandbox/pom.xml b/sandbox/pom.xml index a0c7f6d4..b8f4d8df 100644 --- a/sandbox/pom.xml +++ b/sandbox/pom.xml @@ -3,7 +3,7 @@ spring-ws org.springframework.ws - 1.0-m4-SNAPSHOT + 1.0-rc1-SNAPSHOT 4.0.0 spring-ws-sandbox diff --git a/src/docbkx/bibliography.xml b/src/docbkx/bibliography.xml new file mode 100644 index 00000000..f093da89 --- /dev/null +++ b/src/docbkx/bibliography.xml @@ -0,0 +1,58 @@ + + + + Bibliography + + + + Jim + Waldo + + + Ann + Wollrath + + + Sam + Kendall + + + A Note on Distributed Computing + + Springer Verlag + + 1994 + + + + + Steve + Loughran + + + Edmund + Smith + + + Rethinking the Java SOAP Stack + May 17, 2005 + + 2005 + IEEE Telephone Laboratories, Inc. + + + + + + Ted + Neward + + + Effective Enterprise Java + + Addison-Wesley + + 2004 + + \ No newline at end of file diff --git a/src/docbkx/client.xml b/src/docbkx/client.xml new file mode 100644 index 00000000..2950b89f --- /dev/null +++ b/src/docbkx/client.xml @@ -0,0 +1,160 @@ + + + + Using Spring Web Services on the Client +
+ Introduction + + Spring-WS provides a client-side Web service API that allows for consistent, XML-driven access to Web + services. It also allows for use of marshallers and unmarshallers. + + + The package org.springframework.ws.client.core provides the core functionality for using + the client-side access API. It contains template classes that simplifies the use of Web services, much like + the JdbcTemplate does for JDBC. The design principle common to Spring template + classes is to provide helper methods to perform common operations and for more sophisticated usage, delegate + the essence of the processing task to user implemented callback interfaces. The Web service template + follows the same design. The classes offer various + convenience methods for the sending and receiving of XML messages, marshalling objects to XML before sending, + and allows for multiple transports, + +
+
+ Using the client-side API +
+ <classname>WebServiceTemplate</classname> + + The WebServiceTemplate is the core class for client-side Web service access in + Spring-WS. It contains methods for sending Source objects, and receiving response + messages as either Source or Result. Additionally, it can + marshal objects to XML before sending them across a transport, and unmarshal the response XML into an + object again. + +
+ Transports + + The WebServiceTemplate requires a reference to a + MessageSender. The message sender is responsible for sending the XML message + across a transport layer. + + + There are two implementations of the MessageSender interface for sending messages + via HTTP. The simplest implementation is the HttpUrlConnectionMessageSender, + which uses the facilities provided by Java SE itself. The alternative is the + CommonsHttpMessageSender, which uses the Jakarta Commons HttpClient. Use the + latter if you need more advanced and easy-to-use functionality. Both HTTP message senders require an + URL to be set using the url property. + +
+
+ Message factories + + In addition to a message sender, the WebServiceTemplate requires a Web service + message factory. As explained in , there are two message factories + for SOAP: SaajSoapMessageFactory and + AxiomSoapMessageFactory. + +
+
+
+ Sending and receiving a <interfacename>WebServiceMessage</interfacename> + + The WebServiceTemplate contains many convenience methods to send and receive + web service messages. There are methods that take and return Source + and those that return a Result. Additionally, there are methods which + marshal and unmarshal objects to XML. Here is an example that sends a simple XML message to a Web + service. + + Hello World"; + private WebServiceTemplate webServiceTemplate = new WebServiceTemplate(); + + public void setMessageFactory(WebServiceMessageFactory messageFactory) { + webServiceTemplate.setMessageFactory(messageFactory); + } + + public void setMessageSender(WebServiceMessageSender messageSender) { + webServiceTemplate.setMessageSender(messageSender); + } + + public void simpleSendAndReceive() throws IOException { + StreamSource source = new StreamSource(new StringReader(MESSAGE)); + StreamResult result = new StreamResult(System.out); + webServiceTemplate.sendAndReceive(source, result); + } + +}]]> + + Here is the corresponding configuration: + + + + + + + + + + + + + + +]]> + + This example uses the template to send a hello world message to the web service located at + http://localhost:8080/WebService, and writes the result to the console. + The WebServiceTemplate is injected with the message factory and sender. + A zero argument constructor and messageFactory / + messageSender bean properties are provided and can be used for constructing + the instance (using a BeanFactory or plain Java code). Alternatively, consider deriving from + Spring-WS's WebServiceGatewaySupport convenience base class, which provides + pre-built bean properties for configuration. + +
+
+ Marshalling, sending, receiving, and unmarshalling + + In order to facilitate the sending of plain Java objects, the WebServiceTemplate + has a send methods that take an object as an argument for a message's data content. + The method marshalSendAndReceive in WebServiceTemplate + delegates the conversion of the request object to XML to a Marshaller, and + the conversion of the response XML to an object to an Unmarshaller. + For more information about marshalling and unmarshaller, refer to . + By using the marshallers, you and your application code can focus on the business object that is being + sent or received and not be concerned with the details of how it is represented as XML. + In order to use the marshalling functionality, you have to set a marshaller and unmarshaller with the + marshaller/unmarshaller properties of the + WebServiceTemplate. + +
+
+ <interface>WebServiceMessageCallback</interface> + + To accommodate the setting of a SOAP headers, and other settings on the message, the + WebServiceMessageCallback interface gives you access to the message + after it has been created, but before it is sent. The example below demonstrates how to set the SOAP + Action header on a message that is created by marshalling an object. + + +
+
+
\ No newline at end of file diff --git a/src/docbkx/index.xml b/src/docbkx/index.xml new file mode 100644 index 00000000..268fc76c --- /dev/null +++ b/src/docbkx/index.xml @@ -0,0 +1,46 @@ + + + + + + Spring Web Services - Reference Documentation + + &version; + + + + + Arjen + Poutsma + + + Rick + Evans + + + + + + Copies of this document may be made for your own use and for distribution to others, provided that you + do not charge any fee for such copies and further provided that each copy contains this Copyright + Notice, whether distributed in print or electronically. + + + + + + + + + + Document-driven Web services with Spring-WS + This chapter will contain the reference for server-side Spring-WS usage. + + + + + + + + diff --git a/src/docbkx/overview.xml b/src/docbkx/overview.xml new file mode 100644 index 00000000..e551c502 --- /dev/null +++ b/src/docbkx/overview.xml @@ -0,0 +1,142 @@ + + + + Introduction + +
+ Overview + + Spring-WS consists of three separate modules. This chapter discusses each of the modules in turn. + + + The Core package is the central part of the Web services functionality. It + provides the central WebServiceMessage and SoapMessage + interfaces, the powerful message dispatching, and the various support classes for implementing Web service + endpoints. + + + The Security package provides a WS-Security implementation that integrates + with the core Web service package. It allows you to add principal tokens, sign, and decrypt and encrypt SOAP + messages. Addtionally, it allows you to leverage your existing Acegi security implementation for + authentication and authorization. + + + The OXM package provides integration for popular XML marshalling APIs, including + JAXB 1 and 2. Using the OXM package means that you benefit from a unified exception hierarchy, and can wire + up your favorite XML marshalling technology easily. + +
+ + +
+ Why Spring Web Services? + + There are various other SOAP stacks available, why and where should you use Spring-WS? This section answers + that question by showing what the focus of Spring-WS is. + +
+ Spring-WS is meant for Public Web Services + + One can distinguish between two different sorts of Web services. Private Web services are not used + outside your application domain. They might form a part of your Enterprise Service Bus, or used as a + means to communicate between a fat .NET client and a J2EE server. When the two sides of the spectrum + (client and server) are under your control, you can easily expose (existing) methods, since you can + (re)generate client code easily. + + + Public Web services provide a separate interface to your application. They are often used by clients + that are outside of your reach. When developing a public Web service, you should really think about the + interface you are providing: it is probably going to be around for a while, and you cannot change it + that often. As such, it is a good idea to place the Web service in a separate layer, thus hiding the + inner workings of the application. As a result, you can change the Web service and the rest of the + appliciation seperately. + +
+
+ Spring-WS makes Web Services First Class Citizens of the Architecture + + Web Services deserve a proper place in an application architecture. Often, they exist as an afterthought + in the application architecture, mostly because existing Java business interfaces are exposed as SOAP + services. One could say that they are "SOAPified". Spring-WS provides a MVC-like framework for + developing a Web service application layer, just like you would develop a layer especially for a Web + user interface using Spring-MVC. Spring-WS also provides useful integration points with you existing + Spring application architecture, such as the Acegi integration. + +
+
+ Spring-WS is Data-Driven + + When Web Services started making their way into the Enterprise Computing world, developers considered + Web Services just another, XML-based remoting protocol. Such remoting frameworks can be used with + relative ease: on the server-side, one simply implements a specific interface such as + java.rmi.Remote, and on the client side, a dynamic proxy is used. + Unfortunately, because of this simplicity, remoting architectures have some issues: + + + + They pretend there is no latency between the client and the server, + while in fact there is both network and application latency, + + + + + They pretend that client and server have shared memory access, while in + fact data must be both marshalled and unmarshalled, + + + + + They ignore the possibility of a request or response not reaching its + destination, + + + + + They enforce a non-concurrent programming model, while in fact a + concurrent approach seems more in place, + + + + + They enforce a tightly coupled architecture, where changes on the + server-side result in changes on the client-side. + + + + It is not without reason that Gregor Hohpe calls a distributed architecture a fairy tale + architecture: one is made to believe things that simply are not true. To quote : +
+ + Objects that interact in a distributed system need to be dealt with in ways that are + intrinsically different from objects that interact in a single address space. + +
+
+ + Instead of being behavior-driven, Spring-WS is data-driven: it focusses on the data being sent, not on a + particular method being invoked. + +
+
+ Spring-WS Focusses on Contract-first Development + + SOAP services are defined in two contracts: the data contract (the XSD schema), and the service contract + (the WSDL). Generating these contracts from Java-code is called contract-last + development identifies some problems with this approach, most + importantly: +
+ + There is no way to ensure that a service’s published interface remains constant over time. + Every redeployment of the service may change the classes, and hence the contract. + +
+ The alternative of contract-last development is contract-first development. + Using this approach, the service and data contract are leading. Spring-WS focusses on contract-first Web + service development, because is considered to be a best practice. After all, the actual XML that is sent + across the wire is more important than the Java code that is used to implement it. +
+
+
+
diff --git a/src/docbkx/oxm.xml b/src/docbkx/oxm.xml new file mode 100644 index 00000000..941e8bf9 --- /dev/null +++ b/src/docbkx/oxm.xml @@ -0,0 +1,709 @@ + + + + Marshalling XML using O/X Mappers + +
+ Introduction + + In this chapter, we will describe Spring's Object/XML Mapping support. Object/XML Mapping, or O/X mapping + for short, is the act of converting an XML document to and from an object. This conversion process is also + known as XML Marshalling, or XML Serialization. This chapter uses these terms interchangeably. + + + Within the field of O/X mapping, a + marshaller + is responsible for serializing an object (graph) to XML. In similar fashion, an + unmarshaller + deserializes the XML to an object graph. This XML can take the form of a DOM document, an input or output + stream, or a SAX handler. + + Some of the benefits of using Spring for your O/X mapping needs are: + + Ease of configuration + + Spring's bean factory makes it easy to configure marshallers, without needing to construct JAXB context, + JiBX binding factories, etc. The marshallers can be configured as any other bean in your application + context. + + + + Consistent Interfaces + + Spring's O/X mapping operates through two global interfaces: the + Marshaller + and + Unmarshaller + interface. These abstractions allow you to switch O/X mapping frameworks with relative ease, with little + or no changes required on the classes that do the marshalling. This approach has the additional benefit + of making it possible to do XML marshalling with a mix-and-match approach (e.g. some marshalling + performed using JAXB, other using XMLBeans) in a non-intrusive fashion, leveraging the strength of each + technology. + + + + Consistent Exception Hierarchy + + Spring provides a conversion from exceptions from the underlying O/X mapping tool to its own exception + hierarchy with the + XmlMappingException + as the root exception. As can be expected, these runtime exceptions wrap the original exception so no + information is lost. + + +
+
+ Marshaller and Unmarshaller + + As stated in the introduction, a + marshaller + serializes an object to XML, and an + unmarshaller + deserializes XML stream to an object. In this section, we will describe + the two Spring interfaces used for this purpose. + +
+ Marshaller + + Spring abstracts all marshalling operations behind the + org.springframework.oxm.Marshaller + interface, which is listed below. + + The + Marshaller + interface has just one method, which marshals the given + object to a given + javax.xml.transform.Result + . Result is a tagging interface that + basically represents an XML output abstraction: concrete implementations wrap various XML + representations, as indicated in the table below. + + + + + + javax.xml.transform.Result + implementation + + Wraps XML representation + + + + + + javax.xml.transform.dom.DOMResult + + + org.w3c.dom.Node + + + + + javax.xml.transform.sax.SAXResult + + + org.xml.sax.ContentHandler + + + + + javax.xml.transform.stream.StreamResult + + + java.io.File + , + java.io.OutputStream + , + or + java.io.Writer + + + + + + + + Although the + marshal + method accepts a plain object as its first parameter, + most + Marshaller + implementations cannot handle arbitrary objects. Instead, an + object class must be mapped in a mapping file, registered with the marshaller, or have a common + base + class. Refer to the further sections in this chapter to determine how your O/X technology of + choice + manages this. + + + +
+
+ Unmarshaller + + Similar to the + Marshaller + , there is the + org.springframework.oxm.Unmarshaller + interface. + + This interface also has one method, which reads from the given + javax.xml.transform.Source + (an XML input abstraction), and returns the + object read. As with Result, Source is a tagging interface that has three concrete implementations. Each + wraps a different XML representation, as indicated in the table below. + + + + + + javax.xml.transform.Source + implementation + + Wraps XML representation + + + + + + javax.xml.transform.dom.DOMSource + + + org.w3c.dom.Node + + + + + javax.xml.transform.sax.SAXSource + + + org.xml.sax.InputSource + and + org.xml.sax.XMLReader + + + + + javax.xml.transform.stream.StreamSource + + + java.io.File + , + java.io.InputStream + , + or + java.io.Reader + + + + + + +
+ + Even though there are two separate marshalling interfaces ( + Marshaller + and + Unmarshaller + ), most implementations found in Spring-WS implement both in one class. + This means that you can wire up one marshaller class and refer to it as marshaller and unmarshaller in your + applicationContext.xml + . + +
+ XmlMappingException + + Spring converts exceptions from the underlying O/X mapping tool to its own exception hierarchy with the + XmlMappingException + as the root exception. As can be expected, these runtime + exceptions wrap the original exception so no information will be lost. + + + Additionally, the + MarshallingFailureException + and + UnmarshallingFailureException + provide a distinction between marshalling and + unmarshalling operations, even though the underlying O/X mapping tool does not do so. + + + The O/X Mapping exception hierarchy is shown in the following figure: + + + + + + + + + + O/X Mapping exception hierarchy + + + + +
+
+
+ Using Marshaller and Unmarshaller + + Spring's OXM can be used for a wide variety of situations. In the following example, we will use it to + marshal the settings of a Spring-managed application as an XML file. We will use a simple JavaBean to + represent the settings: + + + + The application class uses this bean to store its settings. Besides a main method, the class has two + methods: + saveSettings + saves the settings bean to a file named + settings.xml + , and + loadSettings + loads these settings again. A + main + method constructs a Spring application context, and calls these two methods. + + The + Application + requires both a + marshaller + and + unmarshaller + property to be set. We can do so using the following + applicationContext.xml + : + + + + + + + + +]]> + This application context uses Castor, but we could have used any of the other marshaller instances described + later in this chapter. Note that Castor does not require any further configuration by default, so the bean + definition is rather simple. Also note that the + CastorMarshaller + implements both + Marshaller + and + Unmarshaller + , so we can refer to the + castorMarshaller + bean in both the + marshaller + and + unmarshaller + property of the application. + + + This sample application produces the following + settings.xml + file: + + +]]> + +
+
+ JAXB + + The JAXB binding compiler translates a W3C XML Schema into one or more Java classes, a + jaxb.properties + file, and possibly other files, depending on the specific implementation of JAXB. Alternatively, JAXB2 + offers a way to generate a schema from annotated Java classes. + + + Spring supports both the JAXB 1.0 as the JAXB 2.0 API as XML marshalling strategy, following the + Marshaller + and + Unmarshaller + interfaces described in + + . The corresponding integration classes reside in the + org.springframework.oxm.jaxb + package. + +
+ Jaxb1Marshaller + + The + Jaxb1Marshaller + class implements both the Spring + Marshaller + and + Unmarshaller + interface. It requires a + context path to operate, which you can set using the + contextPath + property. The + context path is a list of colon (:) separated Java package names that contain schema derived classes. + The marshaller has an additional + validating + property which defines whether to + validate invoming XML. + + + The next sample bean configuration shows how to configure a + JaxbMarshaller + using the classes generated to + org.springframework.ws.samples.airline.schema + . + + + + + + + ... + +]]> +
+
+ Jaxb2Marshaller + + The + Jaxb2Marshaller + can be configured using the same + contextPath + property as the + Jaxb1Marshaller + . However, it also offers a + classesToBeBound + property, which allows you to set an array of classes to be supported by the marshaller. Schema + validation is performed by specifying one or more schema resource to the bean, like so: + + + + + + + org.springframework.oxm.jaxb.Flight + org.springframework.oxm.jaxb.Flights + + + + + ... + +]]> +
+
+
+ Castor + + Castor XML mapping is an open source XML binding framework. It allows you to transform the data contained in + a java object model into/from an XML document. By default, it does not require any further configuration, + though a mapping file can be used to have more control over the behavior of Castor. + + + For more information on Castor, refer to the + + Castor web site + + . The Spring integration classes reside in the + org.springframework.oxm.castor + package. + +
+ CastorMarshaller + + As with JAXB, the + CastorMarshaller + implements both the + Marshaller + and + Unmarshaller + interface. It can be wired up + as follows: + + + + + ... + +]]> +
+
+ Mapping + + Although it is possible to rely on Castor's default marshalling behavior, it might be necessary to have + more control over it. This can be accomplished using a Castor mapping file. For more information, refer + to + Castor XML Mapping + . + + + The mapping can be set using the + mappingLocation + resource property, indicated + below with a classpath resource. + + + + + + +]]> +
+
+ +
+ XMLBeans + + XMLBeans is an XML binding tool that has full XML Schema support, and offers full XML Infoset fidelity. It + takes a different approach that most other O/X mapping frameworks, in that all classes that are + generated from an XML Schema are all derived from + XmlObject + , and contain XML binding + information in them. + + + For more information on XMLBeans, refer to the + + XMLBeans + web site + + + . The Spring-WS integration classes reside in the + org.springframework.oxm.xmlbeans + package. + +
+ XmlBeansMarshaller + + The + XmlBeansMarshaller + implements both the + Marshaller + and + Unmarshaller + interface. It can be wired up as follows: + + + + + ... + +]]> + + + Note that the + XmlBeansMarshaller + can only marshal objects of type + XmlObject + , and not every + java.lang.Object + . + + +
+ + +
+ +
+ JiBX + + The JiBX framework offers a solution similar to JDO does for ORM: a binding definition defines the + rules for how your Java objects are converted to or from XML. After preparing the binding and compiling the + classes, a JiBX binding compiler enhances the class files, and adds code to handle converting instances of + the classes from or to XML. + + + For more information on JiBX, refer to the + + JiBX web + site + + + . The Spring integration classes reside in the + org.springframework.oxm.jibx + package. + +
+ JibxMarshaller + + The + JibxMarshaller + class implements both the + Marshaller + and + Unmarshaller + interface. To operate, it requires the name of the class to + marshall in, which you can set using the + targetClass + property. Optionally, you can + set the binding name using the + bindingName + property. In the next sample, we refer to + the + flightsBindingFactory + defined in the previous bean definition. + + + + + org.springframework.oxm.jibx.Flights + + + ... +]]> + + + A + JibxMarshaller + is configured for a single class. If you want to marshal + multiple classes, you have to configure multiple + JibxMarshaller + s with + different + targetClass + es. + + +
+
+
+ XStream + + XStream is a simple library to serialize objects to XML and back again. It does not require any mapping, and + generates clean XML. + + + For more information on XStream, refer to the + + XStream + web site + + + . The Spring integration classes reside in the + org.springframework.oxm.xstream + package. + +
+ XStreamMarshaller + + The + XStreamMarshaller + does not require any configuration, and can be configured + in an application context directly. To further customize the XML, you can set an + alias map + , which consists of string aliases mapped to classes: + + + + + + + org.springframework.oxm.xstream.Flight + + + + ... + +]]> + + + Note that XStream is an XML serialization library, not a data binding library. Therefore, it has + limited namespace support. As such, it is rather unsuitable for usage within Web services. + + +
+
+
\ No newline at end of file diff --git a/src/docbkx/preface.xml b/src/docbkx/preface.xml new file mode 100644 index 00000000..bd0596ef --- /dev/null +++ b/src/docbkx/preface.xml @@ -0,0 +1,22 @@ + + + + Preface + + Web services development is a complicated affair. There is SOAP, there is REST. There is SOAP 1.1, and there is + SOAP 1.2. There is rpc/encoded, and there is document/literal. There is WS-Addressing, WS-Security, WS-Policy, + and various other Web service specifications. Implementing Web services using abstractions that magically turn + Java into XML, but turn out to be leaky abstractions makes it even harder. Spring Web Services provides a + solution for building interoperable Web services, while making it clear what XML is received and sent across the + wire. Spring-WS provides a powerful message dispatching framework, various XML marshalling techniques that can be used outside a Web service environment, and a WS-Security solution that integrates with your existing application security + solution. + + + This document provides a reference guide to Spring-WS's features. Since this document is still a + work-in-progress, if you have any requests or comments, please post them on the support forums at . + + \ No newline at end of file diff --git a/src/docbkx/resources/css/html.css b/src/docbkx/resources/css/html.css new file mode 100644 index 00000000..36297ac3 --- /dev/null +++ b/src/docbkx/resources/css/html.css @@ -0,0 +1,421 @@ +body { + text-align: justify; + margin-right: 2em; + margin-left: 2em; +} + +a, + a[accesskey^ + += +"h" +] +, +a[accesskey^ + += +"n" +] +, +a[accesskey^ + += +"u" +] +, +a[accesskey^ + += +"p" +] +{ +font-family: Verdana, Arial, helvetica, sans-serif + +; +font-size: + +12 +px + +; +color: #003399 + +; +} + +a:active { + color: #003399; +} + +a:visited { + color: #888888; +} + +p { + font-family: Verdana, Arial, sans-serif; +} + +dt { + font-family: Verdana, Arial, sans-serif; + font-size: 12px; +} + +p, dl, dt, dd, blockquote { + color: #000000; + margin-bottom: 3px; + margin-top: 3px; + padding-top: 0px; +} + +ol, ul, p { + margin-top: 6px; + margin-bottom: 6px; +} + +p, blockquote { + font-size: 90%; +} + +p.releaseinfo { + font-size: 100%; + font-weight: bold; + font-family: Verdana, Arial, helvetica, sans-serif; + padding-top: 10px; +} + +p.pubdate { + font-size: 120%; + font-weight: bold; + font-family: Verdana, Arial, helvetica, sans-serif; +} + +td { + font-size: 80%; +} + +td, th, span { + color: #000000; +} + +td[width^ + += +"40%" +] +{ +font-family: Verdana, Arial, helvetica, sans-serif + +; +font-size: + +12 +px + +; +color: #003399 + +; +} + +table[summary^ + += +"Navigation header" +] +tbody tr th[colspan^ + += +"3" +] +{ +font-family: Verdana, Arial, helvetica, sans-serif + +; +} + +blockquote { + margin-right: 0px; +} + +h1, h2, h3, h4, h6, H6 { + color: #000000; + font-weight: 500; + margin-top: 0px; + padding-top: 14px; + font-family: Verdana, Arial, helvetica, sans-serif; + margin-bottom: 0px; +} + +h2.title { + font-weight: 800; + margin-bottom: 8px; +} + +h2.subtitle { + font-weight: 800; + margin-bottom: 20px; +} + +.firstname, .surname { + font-size: 12px; + font-family: Verdana, Arial, helvetica, sans-serif; +} + +table { + border-collapse: collapse; + border-spacing: 0; + border: 1px black; + empty-cells: hide; + margin: 10px 0px 30px 50px; + width: 90%; +} + +div.table { + margin: 30px 0px 30px 0px; + border: 1px dashed gray; + padding: 10px; +} + +div .table-contents table { + border: 1px solid black; +} + +div.table > p.title { + padding-left: 10px; +} + +table[summary^ + += +"Navigation footer" +] +{ +border-collapse: collapse + +; +border-spacing: + +0 +; +border: + +1 +px black + +; +empty-cells: hide + +; +margin: + +0 +px + +; +width: + +100 +% +; +} + +table[summary^ + += +"Note" +] +, +table[summary^ + += +"Warning" +] +, +table[summary^ + += +"Tip" +] +{ +border-collapse: collapse + +; +border-spacing: + +0 +; +border: + +1 +px black + +; +empty-cells: hide + +; +margin: + +10 +px + +0 +px + +10 +px + +- +20 +px + +; +width: + +100 +% +; +} + +td { + padding: 4pt; + font-family: Verdana, Arial, helvetica, sans-serif; +} + +div.warning TD { + text-align: justify; +} + +h1 { + font-size: 150%; +} + +h2 { + font-size: 110%; +} + +h3 { + font-size: 100%; + font-weight: bold; +} + +h4 { + font-size: 90%; + font-weight: bold; +} + +h5 { + font-size: 90%; + font-style: italic; +} + +h6 { + font-size: 100%; + font-style: italic; +} + +tt { + font-size: 110%; + font-family: "Courier New", Courier, monospace; + color: #000000; +} + +.navheader, .navfooter { + border: none; +} + +div.navfooter table { + border: dashed gray; + border-width: 1px 1px 1px 1px; + background-color: #cde48d; +} + +pre { + font-size: 110%; + padding: 5px; + border-style: solid; + border-width: 1px; + border-color: #CCCCCC; + background-color: #f3f5e9; +} + +ul, ol, li { + list-style: disc; +} + +hr { + width: 100%; + height: 1px; + background-color: #CCCCCC; + border-width: 0px; + padding: 0px; +} + +.variablelist { + padding-top: 10px; + padding-bottom: 10px; + margin: 0; +} + +.term { + font-weight: bold; +} + +.mediaobject { + padding-top: 30px; + padding-bottom: 30px; +} + +.legalnotice { + font-family: Verdana, Arial, helvetica, sans-serif; + font-size: 12px; + font-style: italic; +} + +.sidebar { + float: right; + margin: 10px 0px 10px 30px; + padding: 10px 20px 20px 20px; + width: 33%; + border: 1px solid black; + background-color: #F4F4F4; + font-size: 14px; +} + +.property { + font-family: "Courier New", Courier, monospace; +} + +a code { + font-family: Verdana, Arial, monospace; + font-size: 12px; +} + +td code { + font-size: 110%; +} + +div.note * td, + div.tip * td, + div.warning * td, + div.calloutlist * td { + text-align: justify; + font-size: 100%; +} + +.programlisting .interfacename, + .programlisting .literal, + .programlisting .classname { + font-size: 95%; +} + +.title .interfacename, + .title .literal, + .title .classname { + font-size: 130%; +} + +/* everything in a is displayed in a coloured, comment-like font */ +.programlisting * .lineannotation, + .programlisting * .lineannotation * { + color: green; +} diff --git a/src/docbkx/resources/images/i21-banner-rhs.jpg b/src/docbkx/resources/images/i21-banner-rhs.jpg new file mode 100644 index 0000000000000000000000000000000000000000..8b24a7736d9408e6d768f9daf1870f6d946e35eb GIT binary patch literal 10504 zcma*NbyOTM(=WWRP~6?UIK|x-cPT7Tw74v;1zOy?=;H3~?ofR3;<`|rq6OMgD0cgv z?|%2*_pkT)<>Z_slSw9%RSAHE3;@{t3xJn%0D*#!HN+o)1V91& zS0Ui#5`YV`akH`o*bMwDL3-H)L;#Tfb0Gg;0RIpEH#;&C(m(3I_Ke3U4NC4nJLH{?!?{|Nv93KB99 z4gD1=20j3Q3IrkpQBlx<*#E`*kAQ*-c!fqlh|WMnOoG7&(q-hgTp~3Heaj@koJQs$ zF9Iu?zm~HC+uEi3kylW>BLE-)kx_vE+CxPl`mZkjOArDS213+Vd_-vf*eyLmVf@7C zS4B;rmgS-D4x_&E2<{4JJU>%;)vZ#>SI^shrY(OshvH`&UHwa_`AOS!I@bsul z7?Y|{%tFBSSwW5Qf6DN<1Rg@t3U}Kg%_WK9`XRn z?NBvpOv;l&1NQQ$Z2_)J2op`|9OL0EznyUofh0)^kuxtZp3CUIK(o$(3?GRW>9(zh zgDy`_vhN}EkN}^MSQav~<=P|K*q)%;xUW&SKU8WMB|XDOeqA;gQRj2o#PJAgnCEzed^DQkay8bLS~0X+BL~ z%ib||;z^$LqXe>1wW&Y@ zzy{b%Tg4G>8X_5D)^GZDLh@4OF{I7taz;o!O+NPh&ay}Du!O)lma zt>An=zxT?wiP9gR2q6^KDe3pzWkj#UO4|;v##cmN<%`(_Rv9BZ8ocLaBDneaIB7Cu zE?oD3xxL$ZL_Rw#fk5$`+kkQs$*B^xj>#03=;8%jI zqMxPOO^s{Oh-~h1OPq`NhXe3*`8L$XI+4q7#TBcjxAv7CQsF48u7?8nJ9^|jPzepI z@0RC1SPz-Mw!L?>iLinbd?H=Yh zwLD0_x`Vy#JVncIn<}k4eLtP;n~A#oltV*AC#BR<1NCo5sdxuC^eYhttq*sO3gbHd zJ1`P60job)pO-kMI0+NV=H-OSK%`O3C_MmZNTlr{>CsqFp~6C9UIn14GG7fKt6~~* z>qwn&Yy@2Q*sX_zi{%vWq}ngKT_qFFZi&$Jc@xoBDQgBmED|0Xbi<9d#M2vGo@h^> z_w07Hv77t$ai^(^Qr@cUzU???NMqpxUk<6Vay-+eyKjh}#%)Ve95_vez5n%=E{RSd zOY4TiTR6mK#Fu(Nx}aR*kIq_Pg2Z^K`vR-G?X=HTKa*~DuE1z!zkph}!7ArA&b3VX z-=}1czfW{>9q=fi4@1a-h}n*KXh=ZnMoi)guwket`R@Tj0;p>)^|W+vZECoMGl?KA z6QRx-t1h<+jZhOukLrHT6GB=kR{Cqzq%tRWKtA@}BTj%?1qvlZ{_9Qps~gnQn7eOh z?}5e0g0vNL@$^B_Hc!RF{Dfqk|W@Nz6?@@2YGuj(YhG*hR#x?I7R-Y59fx=slfKuqU z=MDfnfgl=AEFSt~c`RDE+BP=|q2yj0hED$|9lz=VHu%G`NWGd@yIn~{%*h}TkV3u? z0Y?S1V}b|>LqY(!ZC>S{o6${=KAR1eLbE*z_jGLy6pYNRY2PRb(l!4Cu(}(4D3x?z z?FhPteCbD7Up4D?Txs&!Il2*ODNsACoY58`zTvXhn{zf4uwUfkLL^~Ycla>QbRV)0 zd!S5kH4(E>msC2@$Tdy)+hg5(sZ%l2M9!cssg=pWAN8DrtV5sO=>9-ke$vQX?>=1o zT`02WPlu+EV9~JB(c8!tH}VIp&y}JPA)(5G6j4Gv=uhgizYC>PA{?CU+c< zi`aDx7&C-AlcQBl!U$O2iYXJC^E;FbB0#rM^rDp$*E#H;-HURf2FbF?NXQQee&v5RCq7N z2?Z=iVeKmVDiZ0G;ktUl1BC}W?HrOfK!_yml=}%orv<{#W$5+}Ud%(+<22Dpj>*~M zo?;_Awj^6z4QCKR2Yjb|sG)8i#qydyYRbE$$9t!RHTC~2hQ#}Xg1f7y+b5?qtYwGm zoL`_}GMD@gA`FmkZ0RlmUr=#aW#$19nR!uz8jQM0198>WVE=(W(Fkm$RZ+NBZ}+v_ z>RlH-G2Hc3F~?_8FKQ1X`JEM;j+nB}l6a(5^35#S%~86riUd|RUS*nEWa3@<+9MqJ zxGnR8#QsP;cz^iM=I=7O-`PD*_sC*4hdpDHt|$nhcOvN2DwYfb&{FGimkPF!?@}m& zReV#_(}W5~-2xlvOe-V?6|Bj82&Ux{JGV_9M#Zl7PD@tr!N!2lz8(XoiyQS)x5iP- z`wYt4NPG6M%i9I^&C!Nz;ZFbITy*_uG(u7Z?k6im!Xs)=fU(z)Pyr6EB3Ds=!}lSju`+Tb$RvFhk^O?yy4EDmIo@ zVyvlJ_&UTLLwC?!+7wY=X9|R|WU<-gvAB&x(daM4^qGWG=~K6NiSU7Ylq>$UjPVN+ z>k!r7nAMe8;YgyJt~`7+m@4VqMz2u`*f4QY7*+8=TZP2gLC_ulw$Elv75>i*3sNJ0 zGCDg`&U~pw_1SOhrumHDunSbADoTv53>W^)@-56;`^^NnSCCJ}-^YcG0~i>1Lccgm zFXiACye(uo)@t{$GSL**%qWq$+l;d9au@RU5Cu-6SZ3>jSUd>sRIZmSyl-1>HE+k^ zE7FlZ=Pmdg!8CAet(YwS^*E>h`4St+b zNf=YM(U!Cc`)1AOa8Crg)enAgYa@%H<3jEJcpFC?Sd`j`b|?m7lxO9IrDQ0_2o6w7 zTU5CVC*%KMp_IoyC$ev_5Kcgr%!+r=H}KtwAvU9!Dup5YNI&4&KKDWQT}RM>#GRC$Um zp|3eT349gKkso19>$;ews#(mKIkwHqSZ9YHt2e8p`{#4GzjTOOMFdV0U ze>q`2)`g)mvK&k+O&?-@s>t`bz8l?%`C60D(H%pQf!d8oOe2Ds)&H<({ynJxW|wDTg&^vP@7vt z#r_m_KamtyH#Qg$kUCDThWVhC?=$vyN}mc?GoL5pqp&lEkbI>mV(lOCf&BQ|xlZ!) zhp=IdRk#>hhA`d_<9!ddzf0YG3fO4FRhcMgI=r~TE`_P`g(1=3E3t*{nmwpxI9~vf zm<4A+iF4(&ZojVgEf_qh^K~Y8SM{cv&2sg~YDTx3`81}tDZ==sLBg5?Z&gN}5QUa_ zm4lVP>&klm(lq+@cfH1>bh#z%P@vh1)EL2_4POkCWup6-8=Gf|{T)^do-0+lQH5i{*fd5Jv` zDpr0&Rb2`X7tY}gX&-*kEE3P#hMA{IE&75~>gpH3W@s-mF@OA>@OxvBIH!NZZ_LA= z7E}j{{96qe8|#RBpH;24!ET3>&{Nuj=a#;+Eg8Pf15f|7uRr*YXQswd%Q&M+0G?e5 zM=NPEYR&yp?hT7FseEL_N6gU^p0L~66qPC;mP@LBloQF1OS79W;!+7acX|4Mx1>|l zTfFv;Tlk5Ltavm;>S#SyCmG9;5}q+7X(KkwTj;|X?eLZfx(zZg$WMFyq)u<`VxgUz z2pM@@tV@cp;|Pt_^wHY2*)RGr#UTYFH3N~5>Br{~V|(H5qdQ3{wUb#m7cK@c1y>k{ zao6p)#D`?()^>*0RY__B;B7XY09n}`_Fs`kj~~aRQ$5#AXjJWL4pV*g16>Q-E+^DC z9usw2=juDzU|C~C1H$+UrT1^|PjW_ zEnzhnK<`z-E=E;QP%Ys+S`rXT_OuT=9b=TR1tpu(hL>!c9rE6ktbxZ`)0 zE61%17j9)K@4EP!nm)UNyc-H9F=7P4W0^@L@d?W#01s&&CsC%))Sq@Y{I zdvE&&VjU~+^FyP90}t~bcCODb{WiU=(U=>qHe4 zUX_R)Fp<`g)6%gHN*S_@;^ccB4$B5*Z}rNON(oRxzmEuaD85d+b)zgzzjq+EM^}=B5@}?Wd&>(@{=C?};=X z2ZgDoF|QDkPdMH@D4?l-R5FQ&RGH{Gf9sYnF`XP6AM0%IJxf=*k;pY-qmkE|T@E{@ zFj^dVa?%a{^#T}{x#Izyya3FlA1aL33jX#jGz|5>037`O)V%2)Mtp*->?mV!}>iEk7Uz>~DNO07Ug6*U7ueuJ{-TTi#={2H!x~`UozKvfiU7I!54s5)-sq}nIff^lhNmzn2pH-*^Wl!Q$0 z{6Q%33r$;!@4=ykp$nOU?6wSRfH~-y~G0? zN0=d5^5=x+Lo1?1vq@3J6?&)D;tkW#r}1kSUfD!!=`FP3CY)sWZknif@$~k=Zeq$v zNSr?&cMa7}56mm~sv3^1i13fCv@L|AGlc9JT!_GX9pP{Ex7m%222-a*KTp|i&9fi3 z+!#`=3h-ndd_T+$KLHzhDvah@v0Pl@BXmVtmHOLO#^;1tN9+&_w?A22YFCcze=>X5 z^OJ71=6+?qvUYDEFkkjnf_u(=%OG*39`4vekXOMVlNUZ0AYoT}ip($ z5~<+*w1k$F++ZUE(O-W8rIzoj{CzwE{kRV|V=v2KUjq{fj|ok+Q~@PY2025 zr_%e;gz2t@cY+r+x1y8y3VKSKDR;gcPAuOQp=<>^E&xbX_o}yB0L>y+r51#A?bIXN z{YX)&)eUXRfKEyhIwvW3G5q}*Ov8(Z&KsEpwfBU-kwd)Y{#ix?`jXaJkLB~3ewC3^ zBq_ikao=1bE8Pq6s*VUX9W3Aq5Un(8xs8J1tmKNk?zDK7BglO)bVC6${;ZzqMZF`a zG@xkm8BM}-3sPRp4DYrsrqmt^r`@Kk(B{F0mZQfC+ zj*rwY+mzT@ZPTurn}Z&6{H9tzDt#}6MuB;0Zw{0lh=aD`OUb%>SQnVmrNnvVw@n`* znUr?SVe-u(ILZ!4RvjHtfh+2k6t*RtSz{$aAaecHLsQZ%J1Y}yw0~A3QrrB~eLrjs z%Qw>YWTvNosJoMigk8q{;0CHg4wc190&iW|qNlEDAlz+n;z2*6(6M5%Fs|`6HQX+N zy|r;+5-z67w9dWF9?aQEf!bLbahnYL*>QUABxE_A7wDuDWV-z2fxg3RSD~#!xCnVe zHS`xiv;MT(d-PQ$@9r`6nX`(fu(||2rp7uH7q4m$I;XI{1CO0j)Be&L%16d8F970u z?K!ubpr4z!fk7J=hd3Y}CQIrz+kl9h4Kwr&=DK zkyz(hP*5)`PE^U?+R%8@rcKlEZ%E{*p7|alDAQ7}zIRydrwD{#rwA=+yXu*G36f!p zqLRKA)jB5Fl`&rPH;ZacJN_C(V-ssUmY>(eWx?}k=FJNdVyt^!US+%n!HlNxCw#N3 z!Dw=clMLl03l%<0PM6$}$2d-d+f zmVjZB*?pUi0L8xCCgl&*76gguCRk2;=974U_~Ai~x*Gn@F(^BQkXcLxNifNVlT#&+ z&@OeG)8BMYFD_GGoMF5Kp0j_JHWza|<5CsJ$Zf<5RkP|X{17o$+U7=z7T2Y)Agp`dbI?YijBt(Qj4%(a?L;O z9)-5V;7$kAn}a6hgxm0+SO-00Sfo>;aM+OY&AjJWckTUD7%^@|6lcojq3R%5I+BP4 zNRD;cV7>e#VX@Um)79G4oVM|_B%CNbeJz!E3}S|@V%~h;(W0FYG@PcsQvr@Rh8<-_ zhkOWUxLT#zuN{out<6o}n*oWPl}jTcBPWu`#PMkJFjy*b1O?y;$w>6ou_?9T5z$s< z__X=K&fbQQvpmkGxelcalJXs&LPCwTl7ve!`8;I`pqFSI$7+VqFd8xm6&4LXB$7s3 zZ8ujJE_N2#Wj6cfi|8gzM$-@vZd%^>wB>t~8Vh`n{H{Zth|cf~JE9SAg2Bl|QUAiwVw>R1Myc%M?&AWpIuFG*( z-ubA9^kIlEJW0tmL8dKpcJ!;D!I~*$C-{IU^7hixN;SBPj&!XHBtqiD6A8O&(Mlr=oJZQCA`bqrSdt5~ z#~D2YoyA6c*7QlR&8uGE%eA+xGVRitM0c`waxLdQWxC?(r)ceyUT<#?jJAk+^^|#J zobSfflv{bi}sXhA-;bj&V^vhbF%8+8C(L-Z?$RN@^M1Q>Y;7=KYvy zJzKlECHq?7*EQAK210P>Y93EfS8D);e8ISp_vQz0>neln*{=yNfOi`mP3h)=JgI0h zw~@PD^0`AMf?9<<4A;r1s*Or_wy0@bl7@P}83wzy4`xm6zjnG&_D#lLOB}heTy%E0 zY|3z+1^tNcVbb-6#u8k?r_+Q8NOH;>JBUZLkUDev=*)$KZod5cXbW(Gpq=uaG(ZZ7 z&~ay|&$B}Q9d;9Ph#A}|4cW>%SMr8UAXiHgg2h7I(<_NHg>T(5W(VIkaKk-n9Oq@nS}}!1GK@XV_DU*^j)~5% zT_kI$Hks^?gxct;d~XrMM-Kv7Nb7C=!$Sg!<4oO31@@8liYQL|4 ztJgG9&pWectDI*SC~!PGe~YR(qMs0xyBit|{&p87Pi5nV;aw}*wFE2Z|1sQ^q(;zX zQ8@#PSVhLs6+?N8ledH04Kb;3hHSK zChM{`p4rbG(~f@%@dD_k-NSZ^x%;<0(o0bG(iS0XZfx;@K6{lU!YSd zE5YJ>JT3C=CzAFRo`YrI$J+M3)C_Uf@JX)(=C&Es`3!0mZZF6%y&g7B4xFMSu`2Lr zRHW$c=yblIBTK`~DC`#2e;&ikV$%7~IyEsSZmu@>zQr0Cfsn}2DE7=H)S0N(;VC)) z9bho~Wx1PeCao(6%g3dsLHK65?A*P#xyyy8uBd35c0F2b@E$9BhZ2K?Jic{$bY?~^ z7mx7YY)%<-zys}Xeli{?+~6^Z_9c5k9GW!M?P<6LO<1W-qBwG(%T&J9$$(lt z{Abiw784*N^yz5plJoO!6qX*udG*7WY?H_j?O|c108aB~%nt=`Vb@JbnO2ad5rT|X zy_N~Zqk}uDx`Ij@9xbKy9HF>HVt>BNf%lCAWy}!QJqIp4Hl#Jqzje`^sG-9zZHV{=hM&|X+levQo zixi8+__bsNO1CQU(=uk(cx&K+4{~1|Om<9h=+!+~We>RO5Iyzp3kfG!D@A=ND}Mzf zzl~>|9Z0<2QccMI5pL*Uy9B2vZ&+(s1RCKDBy+MCmSn1EpRm=b zqfvcH-K}#+BD3XiKVRog0>a_E$9dB1Q!@L(LV2V5?>|GRK%=R^-fLU?n=_qJ}v>xe-o}Ye`HG z4L?RD2}XQGn!X)6rnb)5l7VVU)mb(e;J8M>*a8VK&>ma~Gz4(~bi@F(ilMg4s)d=H zDl(N#R|R-GD=A)2tW1{{HEDVx!F_6TSXhhbV6}X))%WzJjc7IpWHb&nvoQr_&{>s+ z4xRgn`3G-h=V)ZtH!2O-^N9s%V2!|4{kBgMJb{t=%hUI2c0m%J_QvZmS1XT1A#6!Q zDJ#6_O840^Zx+rky-x}s&ek0Iq&5PmBHCAA{Ret*78`e|i&;~ur%GDS>RKRw79!_aVSo42=4AKrL?#dhXMscad!yrP~0U*v0}lUAp7L~ zf4e(7bLN~m-^^yFr6JF)m)^O4cOz7lWzkWHP@X+|hAuBBrT*;Mix%MDPj8TbzfXC{ zCV?NXti+YXpFLZADKV##3%q~pET`-C>={Nc;?MJBCJbWWm(=dkI_{sHEZx0KTrHld zdDxiQY1lYeeBfhcXXXAtuViBOLFMxY9foHcETUMz^T_Vz zde+_sh-H6=9l>DfTvoq)EU!k=DI!s%5HF71Z*l}*!hsjPK^hDj3kyqa#I#1?zmKAZ zSb_Igeay5ii1)a)8pGKr@k7_BSJwG78=-}eW;(RWdD(!eW!Pr(_BjjQA z5QblVl&bh|8CXGYHR#85kj~Eo zoGv|9+aCO#Ft8=k%dR{GBItz?@>ENjxN~c-9JkG?Oc{q5xo?+e7th@y>;GDP(@aO_)hG23XXP0Y4*uALO&auIw8G|i4lHRrEH8S@zwP)?u>x*)bdGresjPVo z(P5u(<%p+=MEh@!ABX#_A6eNC4&2*ih@A;`A3m-fAGocCYM=83u%DwAl#N;J9=P7Y z?b$7;!R;n|NR*V3gidDjoO@JY)s1uz;_c&%iqv|)d1`n#OhTl=k-nV^8(gg@H6sM; z|M>se9{%6aJcP-WH6g5$evVYg6V2}m7U9kzT-VTG3T<#`+66~BKi=-hLip9>%UZMz zeO?n7`E$s`k&*6gc+bwv;OkH+OdRbhsB!L z+C~99zkK%@mIJO=uvjlUDIs~`Qghba8+(P>DU}gY+SIKLAyNPSSw@oxsLwSQ!80>S znpwl?T@i9bcebp3&t)~%Yg3pNs_)p`XO(by9Q34b7)=}KOF#fpJCSOP%W!IcU)g@g zXgT_G`?Q^Z_Z>3HMu3ajMy7yUmE#KJO;S?0J)*O|FYx0I@^Mi(^W#}+hxg&nlTp64 zK`sa~2FZ`Nx~{ISuRgseK5E_}OYe;I#eFbeiD1P{q*Lh!R`4AH5u~P}k?rY-M{mb#sU=+Z;^%g0dNJ1-JL6;d;d@d)N=m zcI*^*POPD+$uUV2iLD5jArk-T%N4G1;SgfSCUIJm4cK7_rYQZIkpE2;jL&y7hVSfa z-8<|Rf?q+8KDx(X^2#c+0Ssonx;MiqEQwb0PHmT3b@lbqO~0jjfpu6vgYSqvF|f(# zH#t)jD5g`geZ-MZA`@VGp486fo<JGWaMb72hKYDEG@BZ&vK)%EV1fD8@vt4Ky?~244-!7*sX5Zht}}71X$5 z+Fqz!r?@+g%uw(@=|XP$`xVuIRSrHL^ceE>>x;#5aT513!#1LxFw8jThzKNdgvGoZ z5qmtv9LeBQq1B>XeAs3SVo21pYCxS^2%xy{l@8v3L7FDNH3mYSu7jSC6NkPX9Xa}Z z*>D)-q(u3j4!+45_bo2vE2L5~F`=@x-+*Bae}@6BHd;k#%6?UHz}9h(jVXNc1*Uw~ zL;k3Gbt$qL&2?A(O)7*S5kv`o{x>g9G(l32hnxFvZWvkjMqd;b0Rh3DsoIa;#WkVh zR-D7b!?R9lgI*b_^*+>@@Nn?L>E^&TVKaEVoX}8ldGMpbvpy*=W5|9<=~i$QA%)q| za`WKmXkW+UWu+WJ6nz25A`NAvx{%jVlKc^lif}Le8*#b z>sx7U?bO!4C)yo%$t2Ce;S&EDJMPU!6x&H+_Wi4Q12=Tm_8U{!Vy*1e-tR7xZ6xF!}&D6K64;GSm_A;M7~G=k`;- z5*#>R$u zhm(s}8`l{B%T$o(`=hpN!@9;sS%~%jN+91v1SV;NJd#@}dI3!_^WjbHiBM|-BFvu_ zn5LH2MzXeH{EAs`7ao=XLe?nHC!K1Vnsl!6aC;=%&c}qj_lpaEBqibQfhRwFU^RfY zcvZGKABGY;{)qec?;k=(7!mFEsV0roFER|;{RPMZZ%klI^{9)Bi}9@Z=$wEz7(n_M<;}Tn((iUD1dD#1`=wf4%G$2V-NnQ;K{{H1+0~%ub+J?_C5<;s@PL zXK%E_k9zV`4I@KCLlMK7BKG~V8*t35PH5FnZE^{NvpH zmTu69tT#A~@HpMN>c1fREd&|!59*j>>#2-l2CtIg7fWs;DiAYeCBl|`c6d12-E?)+ z{o8G(3xIKoj1WdW_3^@wnS~`;yCn)Wxc7(YMngF`n_7(kDE{&&d5xf?NN>x{%3x!O~IYPqJ->4}sVu z`c5B#(Kj%CJS&l!4r08s_1($5o5k_K&?vTcovUE~r-y4b4UKRAoe8X^+B|`{Wj6jx zEYoxC=Sr%?oeRdc!K)+dO|KsG(_|eJ|E#)Xb)(Cb$`S~1u_rZGJ|Gp zgonzD42SBn={KMa#F59jPlijxBAO-wQreUiyThtzyV6_q5WjH4wd#=SkOk{d$=G-w zw_Ts?=EZHC4v?qHSMF|n#8p5@p;)S;Z|9dEhOVye87&qNobUs$Th`Y9^A3~Y-TS>b zDoLBCf%m5a{D6po6i55-n9#A5zP|qNC>dNtK(wB~v2yCeFf^zZby^i}o+bctRiwn| zXf(L^Dv%g3uo>e7;h?+!_oSdFEUmTeSegJt%_f5*wj+Ali-U-8fMWoMHv`Gh_VXM< z6<;9kopm}rJw5=+r&bAUDp*|Jz?t@r?s5F-9utu&`Q*kDh9rf5nN}7;-`?JK6~czUO1*pw7%LICVZf#4BIYTO)wQ)5Z7f=4lLC^LuFsVWGu@lYzd7l_ z-2P!fxgPL07}s#^~yTqz(HL6&ZPwb?i?!)dzkj zub_|^r;05(aR_Z>`+ZKL*nYRqhw6vrRMJN7u3B(GH z-FR8D_-lST%19o{cx(>Vq~356@Dl?Ty1~Z0@TA3PMpGaw>LrfLH>yBGN}}jqj@Dg$ zxoV64==UaB9gFrUJ(Ft3F3`NkxtSSir!O0ri7SLO%G+?kZVF1GaQ_FX_l%U27R%I; zBCQ`|5XW*;d_YpbD^eHO2*fen5@CCkl;E^J#8Ksc_klp!qN7hnw0t-5OOlAs^wq()Z-`?Ecpw)K!#Jnm%8 z?X-t6vR0~7Pcz@>fD+DBT_B1OD2Df9r&mg*J;UqmJ(XO8itv3$ZM~oRNmq{JjlkNhX*Pa_JLO&her(tR_X&Bf zd>Q3l+X!P!j!8Bjxp3 zC~pc99k5xthq8J}Dfr_k(J2c#7VzzKkOXvWw#j^5@YYLQQ-myAq|5bB$GredCxEV? z=y>$@lKiA6)hY5%-bAmPWzJk#&!9_Q$lY?4`S6oIL5f*rF^R4t>U@1AK5C=hqjGHj zYs~o7IV07Lu%RdS?>ycjLBbHBmaMhj6Sbu=-?tCyhUF4X2JthKs=-*IW3jTD0kYru z727;GRE3ds;FSC18Nv2!rOkH7^+x&YVD?{l z^}VJdCHvXpSH&M2r!8@_y^-piq#r&5-8TZ=2S*lD%`}wB2Eg%CYd2pq@UkzGUg(_~ ztV`Uc=GI{_SqULSUMU)$P>&3yZgv!}T~6shCVY3_KxVUiO>I%svF~~4JeIUL94KXe z=igX+ca2t-*GsaPVymmyum{Mb%ohvlVdhGrv!9+u$erG{*{QYLyww^TboRN-+TVHb z@7UFw4^5%UdMB?m70yk4%iyRjODqVPQ7ud9O5ub4K~kgJ6a9nlq&xS~gFsPtx$m}E z%x;e-ASmPJ@rL?${_W~;X5uNx+|nG0Ik98=t-i}ANN~i9p+g` zP21=wXNw*D3Tcqg(BA55=Sd+mJF;)~jlzEfBp;-anv;=Y`A?cBvlYI$P#mj!qT=zWMi#!i&EvChK) zIqZA>R)+a4nVZLqNmzE`pg!)88~MQd_0i@V&}~7iG2DGf4lctS4jF=Z;W(E!?86j;)I;)zKWqh6$ral*NYY znDAsKX}}+gR}AwAK?OXF^>86S5wUa2LK~0#KOIDjTWbX+GKJf=s-L0-8?$53K1qXW z5AI>-3~C1W9kr|ZBdlWaUc3wzv~2_9>IDgUem>B03r2b_CQWH1I5*9uY|_y`!TgDb z9hNM$VjKPq`iw4h6`qWjGg$>SuXg+Yss(kGwRq+?^lsffgkoEq|KpV2;Z_+1p?@vX z&pto0S5@3_>qqIk4C8|e@-d)iRSfT~7BH{Pf;I4ngy#~QCyO<0^(yf5dm-&nw%0-| zb|LCHwRH+Rs~G4!G&M(=9rLO>`P@Pey(G?l)pNmP8U^;1EN)rZ?H?Ccm-qCv4apj^ zS4E&h&lYt{cleO##1*ddLyHp^KD<%eyG~3}{QJ}vcZ>*< z)(qo6?7ZQ+{)Ev;Gj&<*5XdtS`iuGOREOne;*fs}f5k#ke_rVlK~(GP8$Dl75HO7C ztC(p9*OT%?-dIPV>uqS|*|!LK_-R6;hdjh|RU1~?9f_EhOe#sP z1e2iIch^Df8ncz>sY%HUG_PZ0)>=FCtC1<&)Hw8T;yDY$>(=bixn=V7Io*0EF%^`E zN=E8GDM`nRJR@*u{5{e@nsS&sO*~`c{z zJrQ*MO$iRMD{_9tAZbzzIYKdbnF;qw;<>TYrO+jF$uT`yDu5<)re>8K^UhWru`^E# zE~(}|{2hwVTx!=hQm2DEdU|;Yktwg)ujMX^LCe!n-N}S%`xytur0r4hENCJpQ)X~= z?!s)B43{zH-1{l>OG*?u7BOp3l4v<<$7C)$6)JZxV@ZE?#jwhXO? zvUq%6uL;1L;eNdmTNhbiKJNm4b_J=iDPgE;M1^lDAB<|K=g-W|(bHT>&A3#NHU;nr zZe;xIO)BB|J@GfQY9WCM9s0TR^0<98d_l)LTg%BIFSfUTsREacW5QTnQF)uWj{HU- zp&Mz9G>2ynA$OX^St8>5z7x+wIP-yUW21Z2-@n-8Bzmy<&;?Ow+nRk=_9U5IT`!Wf z*|IIYn=z2D?gn(e*`ne62240_>0EGle5gdNqD&hpEUZ1?Rlm8{4;045 zdLDks^o_t1n>7*;?}%moAS5{1-qEvlxn^-G$02yGAvfxa!4`kZWX+0b7ERHGY2Y1p z{!nq%5pkvnebMxx7o%@L`u3%|kGW%3cD2N!qsZ6L>V98tn-=!b-!qP$&@^aympZz{ zr82xRWmGyP2I_!J!NXjLNHZvF(#$xpbFgJ$q}m9NHxjoEHGV3 zJ38lS;|}kWre(F1MO!wsb%qDZ3UT12@b@9}(Bf;-H;_N8o6W9tSaxW6Lr8qzd$J0v z6(*~2Sc_lYPx={(bLw2FlyQlAyKUIFbv&0CK}6i%lhPu`R=9h z85!jBP>F#)Bb!9_&oOT-Yb|Oja(0ksguTc)13cXhI-%p0$wA4YE(DyJdN<$hUFr9G zc(V>Wq5{*9Uut!=ItuWL_~2NQ)ElG~FmX}}nPnfq5^0Uwn*MxX9a};!K_+!@;HQW8 zM6BvMD)P{09?fJ|!WH}}pBBC*Zxg#5TrTpniIDQKcn=QO+*G#Y3}e?lJ2*=8RUn>B z-B{gwf2BfWG1~tVyu)F!r!}tY2#V@+WIOnT*2F@WN1igkH_tm8tW=u%rz4v0Abx2s zQZj3$X3guLCfBTX--N$ojJnlF@iBp`LfN>$*b%itL8W(L@B8rBD}IK1lv=KT)jX55 zeON_?e(@yrTMf2v4&_`<-Yim4V`F1NF$`TWWDHq0ywLGQHpVIlVt&C)T@1EmetTxmJt}L9#9QAEbA)}iKDRl>adAA5sO^* z%D~6(ZIvfS1M4H{)kA5~i+%Mdbh1(q0!$|XN}mJ`Vd-%R`4RzE#Yuc z%|DPE2iP5)RF0PijL{RLpfFv*EPtgLeUn%kK_I?>9nwOg_3yy&_)TuGrJm<62s)ca zxRioVP6^%rgdo(2YvwEz|lJ0Q8`2FTG zKJL6kDr9ardc^xU5kryC&My$7-6PbE%MHC?MSOfb+)eh*sX?Bqufx|oyK>#tz@vEs zht@dQcfp3$u`{ajxRYVPFxiRa=R*Ls$MNY+_?re&WY6__ZNq+rDD5tVPgYiGe?3i% zrugsGm5v%%dGovjEACW{ruWp?cQBUy=ItA)SA$kw>!27Crf< z$QaeU|Mxm^VtS8|LyUE@dSV?!W+V)qQMHSo8+8%dt>x@ckBjy9%lo!|w5_vuvCLGT zCDPpX=Ab~wQ|_+DBW>NE+j0f-y(?Xp_V8?LTc(p=g=_)zkG$Zu#HFUkq5Z=f2h8nP z0n*;;2^Q_stghtRT(9r+qxYj%?3kT}$cofySHoX0Yhfm9uh)B}ZgdSXEL?4Tx;319 z5Oda#vz>ZB9}FTk>KV3RGf8gdD;HWdd?Gt#+4c|b`H57R+FdX5{vYUdT)o&4qlbce zW4if#??z^so53$3Y&$Ps`_(5R+WeA;G7;fk-PHLrueAd%^6$>QU zSbUw=D=b7Zjl@rc<`_u&e8}={jRaI z<|gxYmLx(|4HqHWb(XEMOYEE2=HmsNALoCGt<$S{tBKDK>D{=E?7%q9YI0tWD#4DCkq?VIS|x8)`^U z1H6f6@BP2WSlTW}qm*N*znJ=<4Z}BkZ}oJc?N2u*@NW)wP3|cVowC(HxfkRUI!E&3H0b zzAspTLQr0^&-yD6(fd4WN^Yaui;&Ce&q;TYs}p1MP=DD&_aDPfzb3j);I&F!y~q%o;f5o z96u8qNkPRXdqG;OS3mXg=2+4)^kLrZp7@cD*8O=64r7qwbUPL+qx**CkI<;YqauBy zE?I}$G?@F>g2SA8>@o7A^fz{cK@QM)D0v+P)TiJ2bH^C;_V)tsr17g6bM5Hn7I*Ii zVIAJ2e?zS3WBW`fED=9*U!jk)bS`i&LaMdzZOf}cf<;5BQ9scH(Bs2mwd@EOpy!76 zDnxNXBTn~k9Z+eT?inXe*RxrM=P_=XjEfSZ03T{(76N()XJ+x)jKy!#1d=>$RSjJnE2WL);WVbc-!|%N z_A=Xi-sl%j2XQQrCorH$G%MpY?(2W4eC(bh7(^0^Hq^r!hc?-$I<7(@Y9u&aBYaL? z(n(S1<*EIz^qlzX8OXs<%&MuQ_pb4IqtRx-$V}`*OiHaO1bf+L#V2Ry*_<$Jb$+BJ z;DBI=b4y#$lix-chePYWBHBDNvq zdq2jseN8ZTG!QSSppOGxRJbbwH-TzW3Y=l`>Wdb^^CERL> z3X95_+j0Aza>snrMIDz|o=s-`wu(f)Ny1%GgQfl21?GW50Ou{MUj5eh=3zIO!yu5p z*TNuzv-#ntngKIWJH~ksED*Yn;eQgFf0?`-RLG#GQ)Z6UtzHhX)7Q+Fy4O$#Ky#PThVxzExivLdTSMC3gpQ_PZ;h zOvWlVpzSnDHcR^6$1(h*$g7zuTvToS4dAPuiMgnzdJh*4UNTojZ|h;VxjW`w3+0zD z^#$?$BU7HiHwNqDI)QJ;`~Rg5KA)1V8Y4}P*-j>|a@)bMFJc`4H>0x1nq}+3Vf_}l zoy?y}n8!%Jr$=e!`3BIWY=L40?E19M9MHUkKDe(>jKF7=h$(82l;nEbVge$EllJh;~>6*bY4TJ$9l(4_fo!X!LWg~ z4SV`bTjyW?T;cYMt`}QI2mF^*NWW4wjWU@!8vXmQ%NG86x)f;6jYcsG!9z_Aex!xr zl@3>%%Kr*z%dibJ*~8c_4D6X^VpCUVZ_DXCow<2e0P)h%z=@Y{uJI^Eev7KwY(iC{ zy=A6RVWxkpk_xwKt?g?>;#vGNrXPDrJZC2T$ZfFaE?!i0Y}`P{a$r=^^Nm?p$4qz5 zw8zI5t{;3h%QWNZ@#_*?{^EW^_W4}}d|jvk*(k`c@zk&v2~*rDWS{q!@EDaSQ2WD3 zZV}pgy^g7v$yQiqO)n)QL39*Y(SIh-Q=xHuFojS2&VM-pejh)*3cbOlaZ@){GL3eeZ|U*GD0}&`|U#CK{eg z*3D4f*%V(iNA!SP^?B2bKfJKW1LLiYOU6VG{>&@Yk#UZ15yjmc)G>taE1Ui36D_M6 z5+mb(MVp%R>vh7mI0VtXrmb0Bvnr>RaP1{Ky_pg>&wsrP=~4YXa}7T7{hab~JOt#$ za>;X59oaV_Agu{aKEz8g`TA*pxxb&~Tr5+OK1FudakV0C8EJ(LYEY<=mKipCx>CT* z<*4yV>4=XODTi%0=C=bpi@4m zsT&&z-?sH*bR~`~DYC330%ogY+ol_wa<#ImaX@G`%j^F+Sr4M}OTfRAC<>N0TL{2H^dSPH|abvQ8HxbUAn?bOF8rkzd^?R zOy;wNH8V5w5p*gZ)KHj*r<6_7o4TPDeM)C?lfKq1XVh4O*T`ZoN*VWUGx2jg+24j# zqITiB^Uw99f?udiFGxLf$K+H{S9myWMM(KwaZl;;eLEg(KZt;=9R#BDHnjTNvSf?? zOxc0>>nh(9#z(lH)+>`%U#0As%Eb&83@4LNE@1aJP88x1w1VbJXcwv^dp(iW5EzMb`}JTTTK8v6A0EC58X+s!e*-;}Tcs+z8= zl$IrLJ>+%{8Mz&%+zhGw*H{I^4;h*+*&LJYB24ILN*(H)Q1jG^_SvM)-}ZZ*Fs?lNaL*;5MF z@s?NU^dHUOpUicKCp?U)0!7xQyiU8FuEAH54Zg~sX$V>UVisRDFe;c5IEFzl|Q}fXCIZ&45Ij{LU^V7+{Qpw zZ)2|7@jdAeuyO{rb0ayy)+0CeVGrLGP{&-Azr(;EF2&MX|GGtymfj(EwWvgr%mnu# z9%lTJciI#oQ3my#^|8N$?D$mlP45WL=}~jxKg@3 zGikG;kq&8c9|_!@luP{@4pzO}TJ&~z{jD(Bu@Dpdzh6B2|F8U}W$+vI{(L;n-39!oKZZCyEiD`dv!|w}mV)r(B2iX+{|vlzc2uNt z3oTkKYKZf$4xwQjX8j0mR_bLaf>FT=r$_rAuunoE^8p8wC=CLE0P$Pd2T5C4PfySJ zZm)3jd|Ye*DDKAm{7IDQ`iCK&)l#FRw6urRYdJVkMf5$QKB}0*zndZGQR0uNc}+?G z7X9=;)zL$#%nu*H!Ax9SI6#&4{EjRU1g1X$I$H;bwxl?*hdq^D7_9f(TO4Pg+&?@3 z)Jabk%;MHpyw>^v-hc|UT-0E{$calpfWZ2!?d*C0sLrqTa!%jc(XoFpp2}s#V}3|* zbZ97kg$$@}HURRA`~hn59NN;NHoLsMtcb9&H`=Ed6RvVjf zVluY2wy!<`X!N@K1{DIOw5}TZ^G8BfHVkHV2XF+&f07u&(kz#S!hy5D`wF>5a?- zeseqO6iAiGGFhmR*%knBa@z;sjy-^9bOr!F&dI|(9A*CJv$L}|`=ymzKg_@Gic&(t z{C9-b!~+9G+ppV>haMro_!&SFd09&(8*4mQrkf_@RUur;#QNJ8sNtV(C8}&}ryBJG z%D>HDy}`5Jg5ZBNH8s5t>*r4{rd2lS#BL*m^8lWq(yTWeD?BQy2Qfz;yE!RH5zsdh zz~9cq^)6IWE@JnlgE%gdM<1@&;*y!PO?M}94dH3(YvH03($dnL&3Fgm(K8>y+oy+9 z*#;^DFPRM7MtN%VL*#w{>jjE|H2cT^NivW?qp-E8KPi&i+PZ9(#sqzB2Wx*v*6`Q@ zJ_v6_o$7rqV`%sb_V2@3NmSH)c)0anvl<0lOR!kcZU}-O#L3UkuYrGMdjfzKAEv+T zC>kAdcDWyZ^-ROMFAJ`nRSMbwzG5oz&JP1~Uo&tP? ztT;3>cL#>uUIG3Fc^roQz0>cwjgCzM$85I()S~r>rd%x@okHO#!W_!haxtZ#rmGvF zmM0?((E<8@1~j+~miy9sQ$~4<6`>+2`4R`99UQlr?~VW}5hpw7QNUf0)X;nVJ3wuO zhra;e^ce*uC8e_sns}J#%3^KuY^H2eYP?RiUCk3JMCl`QQ(r)!k5)Nzc~vF{o2VOq<{JMmH*3?=b-W z{5M`JFdptV045sd^4S3AXFpyPp3xot=U;VjDN>CB1w`*pBoY21O~jAavHjL^u@8tE zU}QE`s;S)|fC1eep9B020(o;@v`CeP$l*#q-VBJDuD1G|%}rQXSO8AP@^=(KkN-^v zfxj$4q1##Gz2B{nLd1U!nSm9KD%$UCeW*}exUe|xm&+ShBcJYf#1M;`%t2fp2(*Vb zpaUFX1}p;(Xu!~^Tf_^W^HIL-%4c+$&R^~MD4)|(f(L=lDcJzO@4OapO+iN|YZ$;b zwg7Ov_K1u*E`+uDMa`+_P+1c5|@^bWSsW!q2<$tY3g2HTo^CbSTt=VC^*mQS`F1UE4mj~N*Ns^ zz{558>NUH=61PCY0D|L2?6LI(Vs6QVOq!Xac=AJLaU!%~c$-blxVEOutAHwL$L^j2 zoTusjOmRFbHgNZ3GaW=U(|-Gp7(l?(uZHo44iSjsYgByp$^5FD$+$pj%%a}%Q0XA& z$+=iE5h8$B!s_GxwU{q{ko|ODNMe&)QGtOea`6rY74?6}*~t&pjw^!cFbr~05u*jVHmx2q+pr=mzxzls+Y! z0S;f@4G;qnq5u~GL_ZRmwA$7e_=f#a@Jr;aSi|Uy;dp%ODnWn{JU!2TGQd!vJ!+zL zAJv^KlF~NzMnQy>#1;7c2Gy%6KwpE(eo*u6et15C{|4v}KGnVBIPwssYQd}(l_;KgGROQ zQd0hFW*SN_D(DsASA7g^tn3(;q&|KJkh`Hf*+GVn!ulE-)L{nT37kto`-Q3>RkQmK;C2*ke{dHa z>%=SIvIY=o4TF-t4=R&{M6}4Ld55Duq9I8xbcCITgnykiI*mYz`!ZCqpmsVK8SWbb z{4$&}hM)*>x$OVT6*mMb`oHx+Syw#l%00Kd9vviN^3$kjhuj8n)oYTu7pkwVPrS4Q z@fRiEHFfX_r@!Bj;45W?6&XZ1AcvX!Yr7@P*a#?*6q?`st`swvDTrB1R~UA5@UUyG z6Ezcon#)!`kn$QwLR9Q}2ZZct>~YJR={N1a%uT`aO5yLA`uuUj%eRKBJ$u@n+(OV{ zKhb~xv{qH;wb{*e4SfmT7W(RPdQ7%Eahte8=4hg1OjpYL8?M|qj*l{akae>-e>@QQ zvQKB!{Y1=xhw7LCoAmV4^IA`@Y5d{8SPm32sVJq97H>zba;xxka^P3D;zN^-{cM6R!^i{I9sH_`J0@j%YV%oQmA5vhHfob<_ z0tV-9eyb0CEjk9RxN@0DG|WR4`4t3CmzRNW&%VBakZq%T1ia3LM_pHY@0n&F6M*9R z*b`QMVbnFaQv|3=>wyLW26c z^A%>logj0h!a{xhh*Mz4|7+6Yz@&|y-a0JD{EltVa=)bhz%ttQoLyAS9%auZgXN6_ zNGGD`QTkH$}!N%&vk&jO^V9ix6tXQfTy2<&-m)7d6Hy*ivJt zrxiK>4cV8zlt-JO+$fdF`nGSJM>5LDj0Lfs-AE$)(8i`L(zuE{T9jn=2f1qe?Ti%T zZM1nV_G1mP;~g%Mnl-&bB9RT8#2+aeP6{{y%Yt9NQU9jat^HSlK_WOs@ua9ol-qt} zF&WyYPpcVc8&@QsG`{zhF{-dBiCHl_e!J!3XNM8GNU@FFnUC?0=(0)O!5Qbj6VtQ* z(QLZX3DCv^qUWou{V|G_P1qaQP&z;H79)o4qQHqE z)U>T}@baj|fj^noScpitZti=&($xowJ`dt|RuDno4fbwX=t<*)_iYM&tjgn3c0R1U z+>}`ELYE*nPUSI$PSwY6+|Pds`(@n#NXd7mVUltw^e#)DK@?h<(zKV>pp?}h3kv1- zcrU!BA}ae(NU=yI$RVm$hI07YR++2aGf2X|0kY{nyi>g#&~Nm zo-qDrG{xpwwTn}RMWQ22 zjs7o}mfPv}hC9q2_Jw(#MLR1tnxaC!GAbC8wlHy+55C*dKKAfwFLI^gEjxL7Aob&; zbjm!0%YG1Wd81{&@b&E8WncKL8hQwcb{x0fF0sqLTO{$IORy~`_xN>cyQpPfHy`Kc zvvOEImU^6ee00*DncMdGh+E!VdXYH+fZzQjI-)H}*jQw183@p_j+ z%^vZ~@R(df2aomIPrppp9QA`;HZIc_Y%(mMj%9l$LxqZq5lZGIXrsg+IZ5v)RgTM++nD70fs8P@=KwpM#$ zp9R;!y-ytI(DBYlm7~LPwW}DRIVu(Vmo*^$ebde7^ICZOH@^k0{L&lES5`x}G`m>@ zef(Kf{ZR;C8sLvybJic}m@NKtOX*<{EOv2^_Ye5DpLI3wS!tBppJ46>O@KZm*pj$5 z>u@+P*Y)nY(67}Gi{*~?`Uqi!-K2+K;N4|;EN8c9) zB)U3SPEk+wHrkA6syTd&G9p`6!~4*~<0C$T!Fe>9yzQqc-`hKYTe~$7R;1DV|xLIAl z)6fLr=iN&W;z@lRVo*-&0J2?p@|AC&b@o_M5&*irM%vltrS~{g_9z#1+P!L2j-|Jl z^LQQ*tZq@EY0DUi+vX7{4b|sP?#Laf8T)h)*Hm%(ak!YTXf6LUBau|DeiCPhnLuw1 z9+5}vw%~@KN`QP8C4PBJ3-r|a?g;os&@uZ^Yvi?{ozFfqjt4J2ZBw9?d~lbc==q~# z+@&Kuy&6_YoM4RE{0qMcKvFd@im8$Je z!EFc=7k{NfwFB-_;cV%ek(w5m@GtM0@lrfem(yC;Ti?fqJDwzlL&MdhL*8wUtV#1Y zl`+haA@em><04hT?ZSEou}QpalIq;{6}a2{)sC*`=inhjnH;(5#*%jfbmhaFYKA-8 zYS5TvtqY4tefP74vHLzcC63O$mj3{?E$nO(y(IOv1FM$njPi4?B{Ps&^3b+WpQqD| z?y$CTL%)!N%QSu-3uc?ThE~2t68}FV)oJQNyArijg&38qO8{51E(LJ4`cceSAWc!( zO$3>JuW9>}u+Xhzwq~Ql8=JMYWrK`P$R6T5R>HfU1XV2cnBK}{109A`U{hEVg_~CN} zBXi6Tri*qcBwgjJ<)Vt;X+FtE9IE}s#nYsR3ptS2AHA7*roU$Mq?d2u7C(F)O0~#R z;^3Ozuy~inp2Rpt;p7+5rMI)1NVpSL-ijZ)h5wr8Qy$ChY%=}m90N=Ur+yUXwL~zR znx2_bxCjZH-7<5lH3O%N&OzK@8V*9f0h5-6uKb=d{gE>8(ySP~If#p+!q~x>;M$Rl zpM;_6_D!qe&+=_fJ)`-h*t+n1^LZmsld@Im+QStDFG5@??~*vft~|m%c#1wwq3%B^ zzMyMa&5m*?9IRP(ZGavguHj!xkY-EN2#Z2v;5&fWVmLaRD}>2neX&V~%9V?4tgGlc zq#JI9NW)X@JtM;pW4Gfc<;|AesaufxEU;kmt!g$^jqA#?EBy6#m6!N=K>n9K;q`m( z8S9-18Jf=PbIA6>#g(9uV1 z)!~X~d?ieAhZQuyEY|LSxADpTey)6wEP!l^ZY@-n&JSNn+gN52O;&6|e%eyvKFO?Q zmu8{n)$r4`SI*=3!In|J%5sz<{HJ`kl7f~*!w37e>gM(5X;Lr*nM|)hTbc(*O4H z(3^eIfWS6`x#n77{ENx2=Y6Q7?3yAW88v0kX&yM2ODy^HN3%B+s+WALAJCR>s2j2* z2BiBCa9=rU?IQ2m#6Y3*fPVJ!#^?DXB>-jS!Q;mJo0(`o9=ma#m(D+H^Rp@Xy^glY zH^(Evk*U2cJJSdJe>!>7zr2{CZMkS(0&%S1hUQef*KGO)Uj+u6irFCK0?HvI`4&65 z8Xc-DPrP~cd9pD~;0jU>c~7p>>FYEgVU^xZT)8p}S4sQwdfz0wx#>Aud;7~m5!u!e zHcJ)Hw$42S*@V9k|Kp;7xeN8;A>{!~wz$&*n$AdxATK(t=`wQy5Bz(mG*K^sc=1TkRUc9pHssrZ!=^r?gMV}tDLEoA6+MfHjY|8}d!hOI^_XY#0m%FM{T z*akio?idyy!iEl|b@=*fBqvhKd(aBYcx`_BYnH355uCX9G+@jjfHwW1lT|v>H0Soi zX0mk0Qo6lm)LHFWYMTRDYd`uzZEbU60L{7<-&gMk4P(YR#riP(|V@KD#hi01NsX|qS!Frw^D!7;cbBYLB zN@Q^#Y<}QgfT{VXyjttSZKC)FB$p6%p_3jOHIZxgNZ$;)M?86uffbPB|7a{`zQq%> zCtg*re)`nG(g*&|+cYRy4WD;wbDKHwbG*E|d;LAdD!L(DEkD_O9{h$)fHp#Ke7B+r zVGVFP8)E$o75x+<5O-B84-*o_bM1)=^mMsotmP41SNRu)dmUB`CN1piGuTYv8Ip({ z=PsSIt36~iWuK8sW7VE6sjQW1WYpGU=6mB9jd>)-+vrlezd-Ogvm+)7m>l*b5(Q64YRUR3a!lbT>AwwCMEp&8=mhoKxy*-N$MUr94F4>>fu z4w{&YS;hRcYf8b3dIqL$?D^(!`A0AbV;9`&hnX|fNN-MP^KX*s@U(Fn9zECui6z?4 zr?Q_y?KjrM)-F)+e1JAz%zWKTu_wuC8>I})p7~Reyy%V#qnjUthu2TYASj^8>}>BD zNrz3mpzLCgw3bUhFpW~rE*$Gb84DkD^3l9bmDOV6SD$-wBy9H_wYF`{KU-b@VR_hm zC(-OB;E;Zm&Rz*ZLFtURV~MdYK+7?ozgtQ0m!~0e{H~vlLmZw820$o$a${U&VY{wF z98^W=rUt-Dst4@}aX_ohznBrG{tA>`Jdp9Wt5f#`yFL4&E^TuZ%bqr;TxuJ%Ix**^ zNhy=|%lDJKCN_7s~^X`=+kw+SG%_>S1a}rxi=VXjJ@j*ru zDl<~%&;;EqjF;58jlJZTKDFUQS)^f0{0bR7ED(I zQ*i;>3TG+j}>aD-t_NnkRL#I1OVnq2Nja5Qf>at$W4Yp9k zW_sq6H#=lzmOT-w!qT;r-*3rV;9TYGoRd=cWzuzE+)$igbJW3$l0cNYrtQhxz1Ij> zD5B1N$h2r>krA#e9klq=yCshGWg*$q)xblw!d9Vsp{+F#^gjj(8RR3#9_YU_p!9&| z4XM(d-)1dxSI|u{dd;Q$r$8cJ#JKr8xzFUwefS6qwX1GQ3&ch&Rq5P9t2+5+!R)0J zi5V`ib*axzjeMh2S&aBb;AeYTpEBccSwpvl9bx((#X>bS+&mj{o_ruEZ-5rOiS$o7nK97 z^593AR2L>S=wu9#zY^oVxR8rAwyx(4b!LC5M>weOnT6^Maih=nChHE&{OS;|28#0v zG!_+&aELVc@pW!14^wIA81Dwis*piZ7+<5*|C{$1R ziZ8COQC-Hs57){)3bm2Bux*CZn~c{}(gdIjCUhQy#L#FNW=;JjsY zaFa9d*!ZG1D6$*0cW`Wpu(bNhd))&0t*z6g-BKihCJpB|87><+s)XJzZ2gG!W0m-A zvCkvh1y+S4G0OWlTiV)uQ5Hs(-!3Ql<@NJIG*RRC%RdEyFIkU-R>`8-hu*E?qBZeV zjo}kYH*!6o53pZ>aN~SJOGQ|5LCs{b*IjI}nHyp%K3&Fo#i2@~A)*vxU0w~Vv;xPt zX-NX^$JM}XENl0@iFa4DhT0>#X00n!w5sR6Or=LzsBh2tZXwiI=LTT`uX2TNJ? zeQ@KrPw2(&FtcTwM3Pk;; z-ZgxH+K^stEDLNw1Nb5bxGsVd!VqipF>8S12YbgvgC{%v6Ey=C!&IzOx%2ljwL+$d9M$jq6xJI1St2(dZPn4*T5+f1>;ns@|EC?LfAgyRXZJ5zUpH0 z0H8h!zlv6aPwfW7sYZh3@=t4lrG_bpJ}+D9YSD-_dX8#6n44s-vafH1-qa{6_S}BN zMt0u2BD$z*G*#J&DliT%6ZUHStuq|dMH44sboOKE z5cY*7PfyMOT>2ALUY>b5=CUH44N;#l0)~_AuN8^t1>sB+?MMijg8q6-4pmjo*x-Tv zuO?;LlKNXiTnxAGx*-R-)YIU^rDxpmDegT?&y5d{5Qt!;xk^ABc0iuV^YOaa!ReGH z59F7AQ#q~(a=bYCw_aCU*AG*_b|Ur7k8x@ay4nO}QFqc0=`gr3OF;3JArXSRda`&* zCt&S}de6Zt_5@*$@g8*u&sTq2S9I>~n!?prIURS*$ayWTWgG_0$UOmPq!$MyJlWYZ zwd+b8lR?YivA2U*MnMrj!=$)}yIXf5nR7YgIpR+`lqef_P90ymlm!ZH8h5;RF`bE? zgZ_UJ!GHJY{p*k+nMLImod88;Jxx5ci1Hmr3hQ&r;Q<%0^kAbKvXmCcVZrK36A>%; zg}dzoL^^R@-w4?e+af-d|_u1U&xN+Xco>e^&f9CsEIo SgQ71nJY!^FreAX#68i`2f8PTD literal 0 HcmV?d00001 diff --git a/src/docbkx/resources/images/oxm-exceptions.svg b/src/docbkx/resources/images/oxm-exceptions.svg new file mode 100644 index 00000000..e33c67ae --- /dev/null +++ b/src/docbkx/resources/images/oxm-exceptions.svg @@ -0,0 +1,48 @@ + + + + + +G +c1 + +XmlMappingException + +c2 + +GenericMarshallingFailureException + +c1->c2 + + + +c5 + +ValidationFailureException + +c1->c5 + + + +c3 + +MarshallingFailureException + +c2->c3 + + + +c4 + +UnmarshallingFailureException + +c2->c4 + + + + + diff --git a/src/docbkx/resources/images/xdev-spring_logo.jpg b/src/docbkx/resources/images/xdev-spring_logo.jpg new file mode 100644 index 0000000000000000000000000000000000000000..622962ee3c89651ded6aea73c854d7ad44f880f5 GIT binary patch literal 37376 zcmeFZ1yod9+W>rK=w`3Ib@VVo%V z+S>qth6ca^001U{0U`!akTnqU4**dCXqR;Wumn;6QFj2b{iFdSY4`wS2~Z<%4-o%l zofKJ*i?9b!fASU~pX10IsqsSUkEe{at0f!)vvWnbdfK_VLF9BHhW0Mju0EasKQFJ4 z7_W#JFBF0-1q8+Tc#&KHfRYdTq4)e80P?}V<5VD_kJLK^3z_>HSiy@(c6E@`-|=8|IU{O0Pba~U;o2||J(xBKTSAa0B}(*brJ#BfmETocFH#`(2|99b-Td2nwL|=2u9tj zo@s$TCNGrr-h?c6n!lXq8W^;hojFr;_jsbeD?)c<#V<+4-hQCJe0LA?(`Wryf3CoW zoa?h=ir#N{)AVgi67EMuzj^S+=kbT}bD$xxATJMkz2qDJXgt^wQ~W)reeFPFmAfAx zc!gEN_{jD1$Oj_F!ScCzb0PjCjjC&PC9b#J=O#Z`RC+ajzgzOeaXa<(nrF zY?%qIt%VNYv}I4J@$t9M^le?}gv;M_WeeoIy0QO6>HUpdFaN7+FtM=D;tnNri=&~~ zO_Wc(sA<0TZ&P&*aw0Z|GOSKW~-qymzPD8ke+v`Q^%PW9%T;2fjs5h^OW zy4?PW0hrjQt@T)&!nL3Te$%m?EPW=%G|H+BN#LGosU{yE?*aw~O$ zAwDfSAfY_7j_aA<`1iD$vux9IK-USNHEP2%i*FZqIWsDYZpyuNvS%_rrP_a=@9?V8Uuwep+xPUT$9^1YELR`B zbGmc$OU-U2LG^=qi=wObY5sZZ-p(Ib-@W_%G zV<2AMgPo5xbSgZJJmuEfQ+u~3lJ-noJ_X~P-seudkkj(lgprk) zAb-OrZhZ+aSSL@u?tIsIJDsBYS#vkgmi5$NU@z|KT0|Y=JIR{|fq1*wokXr%zYS+2r_b8zjaF zSt7T6JPf#2>yWmH29+J;^pLod|bqa z=$5WtF4mq}mJU|P)=xeiD+C|1bvg0$knx|BtBWnNeR-+FZ4ke=Wf88Zfxroc~vdhNmt3FA#JKCxo7b?O$N{R&XRA+!vwZsjR1=Zt3dkbRiJ) z7x*v4Saz-+{xVMXw!b_@@T2p}zraXN3~RWJg_jcoS;g{(dm#P|xxp{+U&(PSZRK2@ zTs?ksF3}J9vPyp-kSu_vtILJ2u@J6qT3!fG`0o=3+X*?5{soF_>54#3sDFXuAcxrQ zKayYmH?mzQ0xtfWK-Z5i>p%YUh%W1(pX=1cvFFExM!Dp=pa;vbqWY z?9xbhJ3xs%7W{LN_~#(8b^6ai;-7=WKL?3_4if)=I!OH30qK#u8UW}bZ{#ir00e*x zGT3wlERg{x1b_i{$T|XfdtTO%p)@iK`>!b=fZPvpKji<2Xfcp4CXsKTK*$%CSGesE z2sbev9v9DR78kD&uUWY|^Y~i0@$g;aVTOE@xylVm+=f5Hl}x0Ylz zglh0=xXHoo?3MjJ;JW^rdRG39R-)Fd*QKx}e8qg7-JIbF3y80?lZ&UAuO#cGa4}^4 z0?fk-xgAS`^jT|60)+AhtoH~NF^ zFWt2_y6i1d5jNyfl|01$j zK0a$pZV@X1L2fIkD4f@l&(d0m*M=1v@>3-o`8xRDE4{${QVW4dTr|ZlBQag1$Kg_f z{Gx)QLc;u_Pzj#@h(k*MK@YR{g*zF^+dIQuJdw6aLHPxLQvXNHUs;U*WDyqlo#QtI z(iJ=xegDlD{|o+c`)w%yGA2j_(mMh?$U*tPG33{q^M5~DZokmK4cQ+sF=cyCgsX?2 zlmySe!v1f}N7&o^C-dwA^PABZO)=!@3y%EfxR~Ekd=fnW0=t+kmp~&OxTmX=*CnAa zKhH1P-@$*-8vlFR-@$*-{zhy=1FCg%Z1 zo>JwJx75W)6>eS;ZeFO~ua7Dw5*G{S??k`&G+eFiZT$WlzTb%c;6tvJ))okh|Bmx_ zvR}NHwjvLF$fZ^4^3%z`{W$cS$v3hoko(D>E5=V1{QnabzX`h-@QaD}*G~SLvlr0+PVvtzP2|7Y z(*98Kr?CH$y-1onK{iEb>`S>4q{o}5`<$=FN{Lk$A$6bHR z1AmM7pV{?~yZ)93{uc2+v+Eys{VfmtE#iM>*FWz1TORmZ#Q)5$f86!AJn*-O|KH9o z>_0z!z+I5vJA9BIHh#-OmcIBzbD4$wBgglDRD%D!Q2w}n?80A6*(%v5zGN%|74GRT~jf8f{ulS0YYYwfi6%)=okPoCOrusDVB^jgM~XkqX1cO(qq{=PbNWfk9tG{)JupG z`?yEvDYG|4NP*?EdyRc8O~ORLMK&`EItUvD6%zxg?;=Nm2o;%4j3&c?j?5?KC&36l zMkX}(Ovo|{kgj=<=~#vcCd+x&Gs%-N|+nUx-4-s1-JY6zWz zM7=FU+N^ELM$6Y^6D7)Hf*Ihnl;H&mjHUV5DW%h${`N%aQ#2t8G|C)g93Om**#{(K6yZ7@eF{l91#i zSN3I}I9vxBIB?8=vUh+D=*c$hmA;5u7v`6cfvQsC>eZQtOujs3m^{FV@$<1F-rra` zetaZf$JY%3qwgn46TgQBHs()hm`^KF5B9ZASd6WbaIBc)yrAq)94xAPJ2DsL1|PFx z;O8Evz*Pl+TMG)$Zvp_H+@iUqErlYpMIYLRg}Ol@w%%l-TY_1GdNrB!VCCajy)k1W zA8>+8!_qAxX*HR>n|%cX(~(v^Rx|-qS1KmNrtr{Oic?|(sH4h23>p2mr@u9$G!!h7 zrIor6*f~h-&$(=c8lrCc$*J_X7-{qQFO`vEpJb~vg<+GT=|(0!*8|GpJxCjP3F-%` zD{ff_JuDQVp#`z z2Qy|}^nBuOOplz@@>Pu^(*$)j^z`YI!OV@WcqKc>ku0}P2&a6UX0V`x#ra-rZ$~ zg;l>kSYc)Z2V#^wF=;pet*zvd4x=`vc?4&Q&?i%|VX$SWs-~cJ>k#I6(&wUE-(L- zH2?ihRcdO*_V+8^%!2Ofp;rW24ZmlbG(ke0qhK8VAwe4Ls^|m}o0EkEp6+SYwFTVhiQ)hkwo+cqEZKTKtyCX zQ$yL#R4!Ua5?q)Q8qyo4F!?1NbzC@^inK(U1I8x~ry6f~d>Xm&h*q`XwT>?&=uo#$obP^N zqdL7zgcCK6pYjL!$nPuhPowX#2NhZzL7;?GacU2})6Y^>OD1(Gxvg98fkN{+uN80+ThEzOKOsrC^odK;pEjxy0qe0CRo3*|XOV=3Zx-YtEI; zj>KUq-eZ&{D!?4SXD2I2Peu4IfX5Uz6GK%7Zp&n;mbI;Rg=HykoLZB#TPhSE1;=g!$l_!%C_T5jFA3%a_R_Q+?b;-l(0V@6`Mp0&^;lYiuAlrIzq~+(<0a_ zXQ^i>s2&EN;KM{KP!9eWEP-P8{;Ew;2Y5*n1n+OP)lbYqbqajLRz|mC0S#c`x8YCw z)|(C=JJwUrFPfh$VGBZV2cFp_vr#Q^F2pfe>j_zeR1>w($Fi!*E*fX|s_KwppGruN znqfvY=X4vq=f%|PX8w$!@w{}03yU#h-Q9#;eum3I_?`u^ey^HxnIGXkkuDn{equs~ zSrHMj4@r!^Kq&($vDXQnvIV3eDNZM6e0&bWvY5R7v8?%&{4%kO@F-0xKjsV{gKFS< z513LqzaV`$nBc#6XBE8HSHP zrGVE<2zC+(i3~zRZI~8`s6Z)T&0rQDDT+kKQuh`;yi;!p^rl$O_rFbvwLu-uS*KRD zoH?Eif?`JkJ8saf>@dE-G9rdm&l2yx)ij@2rdk6n8eA9tH9VqE1n{9Wice4p8TC%ubi#-S_P=$85?D z$&O8rvJgBI80qhFWLg@fyN2lQ^N*TUnZR5xi##mFl9!P7(t>vOH9V^C-)eDVh}cw! zzyQl-$(XjviZI1^mxzHwlcih=yE9b_)G_$Hr&S>^;!<7Rr(x4y3>!xQ{_uyS;aPMW zF{3AAwChF@1Np5D)r3x;`XS&U!Q1(Q3mlkwQ7&M1*w?Ha6pgPgk8oody1)f27G*{0 z97|Ewst0**qB30;LXv|LVMY0%!CMDGu%5N4;yO9ANlfj`U7?^@(lx|#Tda2(1@ zOg9MIio=5xBuA(!vygdq2hUNMdx}#r>vq=+M+-=SLV+FiRX=Dc5#NK2jp|-ufHr%W z0PF#+j-=RJb*3+s>3S?LsZL?>@$*4vH|>MOu3O$fbUr&~_(Cx$5q5+$-gP3h)>|pN z4rI@H4%t2vocVnnx}{sH#euFaRrFMP-h{;^3^KJ|>NQ=uT%3R!YBa6#F5Aw{FQ7#73l#kG*k_}U^EN+Ang5q7b235wS-o@Feq z2;-ing#XE0vXgErdp7pE&O=p9%HbSri%)<$Bp>tBC;W!4hs`3LajSJ$SI8U+@Y}l4 zv@L0Ga-p*awM#2w5H8B_L{gh=c|R|W5ODxWG{4tZ9EyquXX?@RZIco562wV<^P)|~ z^YZx43CYrF;rN`Df8$!EdL4FRHKAyt*edK3i3lcEJWO2`;z1B6hTj~Y(Sh)!q;tSj zC-y8<=_C70^MpOO_|7~kEq?de@!Ksvpg~=}fm=2ge|m9oQ~{i3%VC=g*VrM^7n~F;IY@UX z0$;UPrhN!gmD!WVGn*G}1kE!AIqEdH-|(dzV8b868`)vV&qzeo(e*E4%a9IXEhv{_ z{N&YO()OsgnJN&=2w!j3npm~m zq*5ok98Umu-rg`XD6wrm0b)YYkA-@K7xY#HPwfZn_*<)s%L8M;51};t{Cz2kHN@}i z8;L)L34R|WCj?XGW>HEjEr|sSSlM}D(6bY~GmInMLOq;`N|ZmuT3`&#>77@=M@+M8 z$)KJkKD|Zwarasi)_jrMC@1k0tYd3l#cx(_EBS~kdQoeUWt?6%0>tAG&YP&1iz=Hk z$?W9f6rrgqzVL=fJ}o^ik<)JyCD}U}v2m!({=rP{Rw-fxbsGZ`A^iwd@St+kDe0Dj zw0g+x{3@)4Q5_nIb;~sp5l%S}He?wEqAyj8296FV?Z%ny^m3S@Si9ObB zS6I3aJ;+26rH}1-W*rb%OItb1MjnmfgnQ>XK6A-UqO0lJg}2>@11(s0#wNEuN*1=< zX;$Jm>ARiiR@G7pALkoX1K=qAE&vZh3xGo1|fixVp z46HW7ftq@Q&a2bOh#Fm|PB~2G$HQajE*4@;t}z+Pv|Aly;jj1_^RP^IgA{4|^S|MI zAne;SW>McTx|Utcv(W56IwaT1if7KGuvne>L=>6?!$mm&%}qM`t+j>VRQRDBY~1oR z6%^NC4@+U#|LB5kVVlqClGwVPg27S&xw zX;VE8QaS`^os#&On!t?|Ug|RcX*P?iL?0cnP{nelHK(x2(p{9x$lR4gmAhfuT3l9` zL8Pi>(Uv4WQ9!k{l*8_9zYO)f$qtrmD%o?hX6!@)yBC6xObkqs$V7TlHkv8}txigG zH(ekq$)}TnR361Ha%#R}oa%MaXH6A<*^%2L0ozHWdgM zF&ip6DQwWI546oz{BdW^b>&_*PL3|NYtFYt!Ze~BrNZMXN*0L7fmZzmnnc3|6>Zk}< zdA`l6q-0leMVw`DunNswu*S_=TT$S4G7TlxLy$qlPO zwZ{@EGrEmk&299!aii7xv^W&K-f^)`YX*xsx>da+WwHN22a+-11~K>BeYSWGxOEOK z-@E&`Gxr5kc6dc9*>TKrOUi zq=?FfUuTkNq!g?A}UT zEg>zz4oyIl&8nfYs$0lfm64X|k)~KuD60$m)VroHhKKQH`rVbvl*7WvH;+q5pM|*f z_3HLY4p{gb9(gbK-4&JOP6Vcd_PITQE2sR)i2s5L<;2tR( zrpp9Lj;I<8B*HE6T9JccWQ(DgPd;e3^ELK8uwE}RV2sR>z|l~#fUIV_t)~%lTLuqL zVXK{Xmxj6%@G|Iz*t}|gy#xboQ$JxTUhG_*3N~g*>9NCBesygSKYI0Xx_q@dP(4)) zcGts3<4sg&&L^QJ#fnkHr9Z9EcM4I)P|ECb2bOk z5>m?&gZstYL(}r4?-Y$da>4rZ4dr=3axTO!VBK!ca>-p1rfbD2(yOw~2JN%a8R2T} z3;R$&J&wHjFyCO zTHub6WEyF7S2* zVSr;*+oa+8Q$M?$E2v}Pp5)h1iy5|D5ZF4&F<4O7RU8p%0I6qCi!YAObIx!mQD?5H%PIDugQ`M1Fxt`!KKgg zze~0hwFn`y%AT-=29X5HXfACB$FmS8S=2m*0NNiN)>n+-_d2pfOK`h5bZq|D>dq{M{g#ZB4e$4Rs3g$Q{2RF)^AiNsl;1 zIq1{F6>xS}E;)ynNQwe;_w=G_&~E&<`te@^p|oJ5lXjqry`K>r5xnh33>7|5bx8z4-kjD< zG^5tF@(WSg;_kQ`+<0bG8;u?Mq5N4nh6$}Uh$@AUUEc|<r2ft@gpU? z!d-LI@P#!x(F}84qH_T6DkaKs|H@3q{v6m;n+S^Vy)AMVf0whSdZTLMzj)E`FLA{M zfaiR2qEMAk%Ong{UT%H&CN`dII5>Tyy31Iss7hr$<5(*O<%)?`ZNKU!dB70cY8ThK zN;r9APhey7lKIEnqdO{oLvsr*n7dM3N-D$9iCt=47c}XEM6F8 zJqNDRD>}22r)MkstF%0Yr-tGA-IEIsjtIrwbi%6Y;}hQqew?^*sAm-=MPps*HE?CI zKjO*8P{ERy_Rc|NBg1o#Ni;HMRKy=XIEH<&hiXsd*1y~dS1n>-!zM2DB*oo` z6g6ym|46+MjF|6KCfz1mKESh@o>rtpiN~s21*FhKI~PTLBKrcy&2r>jCc=-)N+>Ht_$Z9%S=(At9i07@}kcXUnctsfY@=+IN;J2@A zE9MwlhEWPK1sh~R6bjM=$KX|%P*oE(n@h8K=UnQy%+!MS5(^Gc-LBLUe}5JX^j#5@ z=<1wjog(RjQd-h-#~zxWT8|@+nL8ZIK8&Tw%kp(8=&0HyKXYZi-_yCyP1SR4y5t?! zXQ8q9y~A&%*GkJ)+S+Y*Xwz&Cmqp2ww!@>-MTDCb+gjU7agaYDBV8q@AVeKE=6#Ul z43n&^C79i6KtD?uP}`KU#{qFCXfyDd=Yv0{s~=QTzVv?oR!cu2-W)NJkfY#{sE3wh zu2HR0m&%r^gD1B+N7uRg?Wy#qm?g&Nj_ZD$vekpq1IBpN%%~H@icd$CIu$Gl@97@S z-%>B9$(I8_)NJ`F{&>=oXA?f`uLKu1{oDo5wE3X!>Jj!q`E&L%8hfpFr73ue=mZla zMWi4}Tzn$JW9+$CrS9T6Bc;#tEaA(8TdyQ2{Vxt(|5%Yp<=@Nj; zL8?c8PnwN>+Do|bH20y$vO?GUoxWUx?d`b=Y`@R;xxT0DNzgi}gzCJb^~#STR-ICT zQc2y_{ImLR@Rk#6F2*qU@5;d=uHsPlH=85iG?iHqsD<#=%SK`bQLe$;Q0r4|c4+4hymyItN zMRV`5xa@cn8l?1lK6X3kv>VcV&UW9fr9_xJllzX6be7D}BNgaISd27Gy2PkG#;E;n z*mpP4dR+PZJR1#n$QR-LJ$q8R~QTz9wy8&=rsAZ=OKU0jNXL z)LHSm<&yN%(-#j&r@%yvOG4SRuD$tyj$br}hPzAK_Q&^mJ6?8^<|uS>W}e(tCR%=^ z%raRdI63$-iqjPL;N%Pj3Tj8FAT*8|#4c8vSirLapwNPl2tS{+xDj*EQ`3)y>a7gU zwPf35qvxsV8RStZGh*wJ_uZo88wv}ZSD-s33L>+q#x-OI*gNamm17JegeuPiY*uP~ zwYE~&@AWRe_emH76<=E?=7-5VM>ACu)7XtqUfv8Sw$prchz(cQr^0jW(BluC>t>%b ztMO{SE#P2B+9x*DfYK*oQtByWxZe~V!T>->rH;2vrsajF2Ii~GKWy!nYd`mwB2%z# z&TV$fcktrHn2=h}5vEjHTq{}JC4LG_^UDR}NfehCSsO(pQ7}D?M3EIvQm&3`872>% z7kN;JM)w3Hc6gN#5Ai*(<6B=n@(WLKRIO$?S%HROMPn3gl{e*fsHY1IRjU@nUm>0E z%A-vjU)cm0uroE22H2}}?RVgTT(#V5uvKu<%*`y-`eb4?huX@NXltg(uCFWo=4ry~hV z0Mr*Lf?mX*&tlrZ#1Ta8gWyfj>Z=fnyk{9SS@K48MsB6Z*7*6lj%Zj-s#p-SNXEC< zS4SxQgYdf{?64YbV7i;H8fuhZ$^qq4Axz~cLI-bG-jj_mBOx7pB7F|Tw6K&s*APUx zN|MD{VmMi+!t9V)d0c7E#^QiCw%uK(>ZKrCj#G@maf^XHSbqBC1p7-PVS^F`y|J)Q zsYg)3aIdJhUx3hKsXQ?sL-$rufhvsTi=15?dvQ=)<(;g=%@7XpX%-C(TU&lqPR*y$ zqGI0+NXYI+v|t7y2y0}6JN$RbsD}FY-SX8%L*;_hM0+1~^s@I-MsKHj2oa%m3w@T2 z%=E`Fj|u~)?v)wDJK|PB)*teAh@d<`!);;SWMn+V5}dMYW$q zAuZ&|!=+1)hjLqzj`mBZ`$9PaGSkm)9_L`+o3xuy zr;rt)P1lNlM~ZN&NT$d0Ax)bulhH;WZ1F8ud5pLP>(=Y&2vN@1)m@V(#r{BxNU-xS zTjrb#@Tp=J8b12uC*CP5C~{22JfYhY_A*%CtKLiuC+SLl?CKqngh=<#BDugI+>&eIU^;vkIJbx?lvfn~!mTyY z*?Mj|F2AKILW9Z-%}cwwY_m6diu|U-YzuTCeP8ptBhSuJpBhetSw_b@It#1V`YnjX z{ez{O*faOe0hV`Po`3NlZK(=Vp*!$ha*sYxyEE4k)QlTFghydcUWK{V9o@S_AvJ+; zf*trc3xlVorq^Kblq~Y;Jmqe(nIiZ6vObAD5w>S?T1DmAIerP-D;-UYehGCYY}}Qu zN$!tkcrq)Mo%|aYeHSRKoklZOrkddix1Y<&^lPg1wYO+~7(s+RqoR|^oKPn=BQ>PB zvy2dbQ=j})Es|l<3tA+)P`+UKE?8owz^xl*tDkM>C+7gpeaA?=8jtl(Qd4}*4$FHy z_Bc)INlxr^+q)^9I*)f00arvZ;?p#UNymu8>HAoA@|OjG(ESn|GQcHuU z&h^G-U298S^+lkCcrsj?d_#^1-2~!1B3VDX+j`%>w%ojRP1^Q`&{8^`$iL(r~Pb>aB(=TBfs%dv$AGmNH9q$|^4g zjE|UUIh_Wyo(rke8>&i|F4dH|4JKT@s*tbdoGV&`H7)WRyo_JiXi|h>1^3vt_#K=1*~sRI(9G?6Fu-FbCQ*NiPq>WDt!FbgFHJui50Oqk&+S zYXv`cw5~!qR|y+iYyY$zqva#l_g1Dl^H2?LJUdUL9t|y;B}_qJRrIm^o!nV|5`Fr( z;qP(2oGIxqX#7Mo>oqmgoReLLO&mVhh+!H@NkPNey{@BBRZnBG zu5l*}wB{|8|rerdVat`D-=A5%@U@Ho=Q<;yYY2NMTc>4A5{qB%x_-LO%j?#-+1HM6uY35*}>;(_!krj=`b0DgCzFXm@Fj}M# zirMYs$QEDx8})XXU&~o|8F(}^$O5w#i^S+u7Mn)v2Kzh0BhEGkIfLA(z7q;7Z_IR~53G%GI^4YmZ6CMde52RgvF}MS zCy(nGff-|2J&#ds5D3=3R62~H}$?rSK)l0X>B*X zj2nALmtzg~x->Xbl-+WHmfMY4_LF<+C+=Ns?^n0|UVp22UWtPvm*1~xNwg|hlj735b8W}#>q0`Ami!uTifA`r{!&MIS1Zxk48~Kv1k+P(W&kX z&{&qvb#Isq*F;+tZ9=X&ZsxG%=R>w+tRHR+F&m?WF{@(LSeyqs;bZLYqoChc~y)&bGwv z_9mWIO@FtDlpQKp9Ep5Ck{XG&*g{GKGilXemL6s*jCQ!O7vN)GD_ZX?mJ8>U%dQ|^ zNXAilt=?0t7(u8KF6NHFAiSH|u9WRI)%s@EhIjBKX^uso5{*l1JjX!ELV^~gF`kkgWhpv(#vA&E#rI41ZzrmiP z=hmXN@NumJUD?AW>MfcU3_`bpsZ>pSZ4=Yh)JZQ;yl9c_BPrPW10g>em+SC-`^YUi6gxpj5;m{VvZwR<)% zYl0j6$ls#9hNNq(b3gR{;UIO$e)Fo!C(e^JVMJ=-*gE5&;elmRLMB6*Ffq~2&@rhZ z`QF4LTJc9*?SuGl8O+7kVY_}?pq>TIoW)_e%}4ItfgRe3+tERc_Lqtb3&7xw#JDJ-iGU3CoZzZ(HtdvnGyZ8Lxnto zUiIILCoHC0dD4AHSkAV$tImO}+%<6y`o98{Z~w%bB=xVQCu; zM@zZ4DW?iC)UE26AxfH-`C6T(hCZ|2*?1YI)@{WY5L}%&X?8q`e~qCqCqJda5y#%j zbJuHXi*-*ggf*EiLfD6{l?bl1@!jaY=u07*jbg@Oii3uAYzncPcKwyH9OPsX_9ATz z+>0KHo2bMlVms*kXc4BJZ&X`pt~5P62jt$vJ97@E*t(Fva>bJBgU#y^d;`D#L3B&W z6MGlNq{6lVvV?ee*7Li?C7HziASWfd!j=&W zy&9-_DagcEE_#T4p0#>v=YFpJyTDyMvXLd$tfLCI4)bT9Bd!=#K4JlFte6c}x?+84 zrTgl0{N=T&yZ0BiFSH{L+-A9m`}fl^z{drhQhoXpXXik1o52`My;VIzrpmi;2bvzC zt4T^_pFm=ATrBt{uCqZ*otwL$zqpIit#CV5z4?AdLZ-r;Qv#7ATXfJZf(2FjWhHku zfLX5?L_n2Y-SLIfY}TI6H}^edVt>8Lz&W3eY4%jKH48x}bm0J@w>OjGimNiP z5D@~WpBy(2hOv_3yuD1?(l-tX`CoKBsO@O$J)Qn`0FC2!QL7WZ?p)mNXGl2v9@eLB zI@ei-IgzY6aj((241FM5U43&x`O}RcvO=6IJaYTASKL-2YIilFRm@xZcjOPM96%K` z-9WyheW~7kb7O2AWL8ZxvA_#m{o!_utD7UJ8y>bKt!VdoV|RuK(tP4vTZi?p;Dtd# zNVHE}7nQX5VEH<^?Y(A@0y+CZ`YG+Ey9giWwhdEr=qiRz%hxVMnt2B?zGFkq!baS; z97!e-vO#3T6pept=1@dZt|*iu>PG1jRop8M&mZPa(_=h}o2TuLkE!L1?0L=^fV`bFr<~s zl7fRhK1X`qq&0t6Wz?)cU-;UnpbxQWy~LDpLw8tI<2QjHFF zmCVjcMrvn&;Pav6+7o7waw>P^7}{uYrT+fW)v1$1enp|+z%ffmI^PS`kqLqd3Cj33 zwbY&lJ#EAMkbx0zJ+-+|Z01(%z_Ipc7o1qlDAulpIC+ zjeLmUp*JR&v@|F}!>W>}+F9(nZ64$2@G<_|2tHzBdfSlF%$RuJswUcy_AFlOYcPfr zkGn9vFsXJ4LyS;`+OZ{$~+1c3=>?ZWow%9Nj z@NcZC;{i)A=eUg_5L2WbN+X9waWPLw$yPCQoNZAyI6qeO3As3I!&CnxP`i#c8dwMG@~@+>Vcw zhIbi-LdT(b`c{mW$9{zVy1(q2OmNNK^rlBApFSdAqj2;q|BLrn^M~$4q7(N)^>FXv z5j$_cE%@E8(w>|Sk3MAx%M3wAcrnv@i%g*a9<^;kSN^y{?$$Bk`Yd5*W0Q)4JR7sBX}GD9k+#q?H_ zPI;{q4?T$sUO9OrI+F(%?;C<8pM#!*KSbH#%ZHox(kkXER7_t-SW+gaafIvZ{<#=^ zIT454+S26`L6X#9tb_!iV$lY1ckzr~iB9FkrQA#XdQ>B(>dXeR_-;JZ29IlFHiH8b zsIJ3@#%4N%E8eyozELeLjzU<$xwz88@8vPGKW(ZtdsFNRW7>d#>pM#gJ^D`vE}aoS z+b2e-_TgIp#s)7Fomw1zXA*Twy4I^SiujHk&jeemIS$tIZrev2_uHBI(wHZ?AJhA= zsxCV8iw>$CKLf(`;=f|pMu{o5oLDCn*NvsrL%Oa%um16eBfMkpD_Uo1OCvtprU>9a z6ao$RmC9IDf=0-|zuI;yrxa0`P_1IirC zd>r4gbr2uD>E!bpxAt-e$hI1wnVX@ciKrmaJ5|&13rSPkZY@UsNpr!0XV4miNGyOa zXC~)QU(_#oLK__xX1hE`M&8)$DG8PPI)e6*odEchqmiTa zzRv&`qwc4jg|&XpJXO@@kp^fhle4J_d*k=mi@|{a`NZ9}BUiDcc&pB`?Ts{IT|&ar zps`LAp)@%=bKu=o#nqBFG|4l)_Kp81zwc_Lk@YEl2VMH~;{O5}rh9eh57uIpWJ0Uj zqKt(^Ftu=c6ha%6?!!h-z3M9Fou%RCci)3Hk-&Hs&7YenLiUagK#weUlzmS!dkEFA zQ-t9!iamid#u*-a*{1IAGs6{4+tB_#5%sFw_hPNktS`zkpxSi>wq&&zdd;K(wt*9= z=G>W{Ecx~FwTNpOn1y>RjlM00ag@1&&=^tK&Sky-R6u{@ewdiig875)|K)xACl>H*a?i9=T6aehKfyc9X-B$s``5bz|U$^7-+xOJR+f zK4BrqjQm$X5U*+}C2FURm(l&>xCs^lJhiD&L7j#6pi)pW#}!NryYsewM=HrAd~o#A z?BWg{ioK7pzrf-c>axpiYehu#K{5ntV$Q5bP9(+&e*DZIJi|v- z%Zs0L4%@%};Xn0yr8WU|lA`doQ%M5V`~-C}qYbF{qd-P=RRV8;nRKtV_mO^GWc|t1 z!vDK*6tUu+EKBdy7)|j}j5P`abY)P_BB?@JZ$6X&fK(~E;0N<`9@bH$nA1%4*&=f9^v^-E zZ%M&qy^5hZju5~$$FcjouihrxZY)oTAg}LH4@!7$=@)k-U~)FqR9u*@9S5J`wI#m7zeuf6+s`iLrA zQ1(G!a~`L!QgWQ?<%C$t){T168!Quv+GX88%I1Ce;y%R-e{aDBNdT>2*R3^2v_2e^ z{5{nkV3kytxB0@D&c)g6{~m?N?H)gcE3i391y{>}m5NF!gZ!i!zFvIRsnd%niHm3f zBcY=uP_Exnp^DKEeEApTN~DwUSCHT2OPUx9fgAz?)gW+7TqTPe@EBmLu;;^Pq}uD? zdflUF9#zdoge$MjqXq#{`e9QYYvy-YP0UV7R%wgTQU zLD|`s_#o49b}kPCH|p3)@!PC0l>%8q$l63yjtd#p2LF`_=7dnPFX<5&MYPukX@WHq zk*d12CRnve4FkFPShEmw%hg&V#PMUx44a{{7@$=A(dw#XHEbFg${pOlFVM@dJm{!R zU?ceCPnE_>&nYDrjDw@WsG8fIP~jE-lh2iIp0XvHwNs!_@ZFzQSVU%=7;+?DR6P}C z4Ls+XcU|lMhw6QJUic)LI7o=PzB=wLBTiygNTS|&rr4Cm<8}* z3qi&Y5y>AC0`LBuCE}kOX4QjLMP+S&d81JHnwsEp`ou~vq#Z5=q*c$7X`T}X%t|Bk)+8I!2&M~m0nx!Q~GGC#h2wg2N-*sQra6C0g!+(+}BONXbx zDY~$=UA;`Y#>C5dtaiq&t2*oIa!ICRmAk|{iISs`f>uzy(OD?JS67l>Rd^P(Gd+Hb z<8$CIEC=BBq5)XujN31v^?J+Xs^WX~!hWFhAM9r2$#tDc9N%E?|Hh^HzIp|dQ6Bsu z>-HJxu;oXL%v8lBmKq;KAa#9z)^MhNioK|$e*G_1=i_jFBKj+yg(-_2ai^n4AV;;nz zGkj(pd{5BVcB&z>$L_VVE2!DFe=4?kkTCg@+8`2?F6cBI6AU^(VQhC>HNg5+Ii?)j zBHi`TB6$@fDl~eZ0LIN6iGz*Z6y^EnM-;NgU zQHC0ME%c1?Uwd8f6oxR`!=&dar~okEaQ+=F8CQYt-;m2?RHc=J)GlhW0u~_fR{QNt zkn`GO4v%0B#Y(K(ln(p?MZFt}z|?GkGv`uRq_>+HKV4GeNfB+#1@l;m3d`95kFnkx6u9;hmk)=Hb(%VP|>d`jL~IHL<6 z^n2I*I#XywK~tSSEj(GpOWt+Y(iYcdXTxY_T)+#K-EVI8v(-I}6=-wv7}&IW($HvK zSLzDR$8r3q{8ovJVOMwwxZJcB5rGLTv-^@s1DnF|*uQSMy%@efJ+bv@>EIxTF|G=A zJ(k2;Yo~fkVswX-zDjn6ACnI#iO9tVTvQy=D8x_6hK+hF%CCyXTE7sgb(0zTFV7>2 z+3VDUBxS063f2Pfu5e7bWsYF?08qDOqAPZmOw41i^O{Wthbg5_=#34KCdVyqL=mvwM&q37dpOxp19g655rgb= z07ed>U3gnap!~hm0CST^HAO+`9l5$(P08d3T?xOx1)KwZL93RDBH96Dwo<|SPLUH7 zHf6_ZJzgL5Cwsif%HX6pj20?ihrH6>&J^z;M#a){Q;FBBxBf-@YSYg(h(6hU~H9jAzNt8~QTXaK$Xd%XOw8<~;iQI&9iYZAa z|Ih@Eq4!CzoBfuZj63n&G*_$&)Mn?(R<{1@Zg%Ok#1U zCHd*{z?~m6t%VmUxzg`D)U)0G;~O4)%!bS;8wk*2IjN)_`K@`^sv)a9O%dEo|qJ^QEFnk#C^@Bi*cKrtt5QJB6Ci?4 zJg|qeE4J;2>H!(@Gk~S7x}qa8ZL`Tzq^H2=gIk&JriPeXCd01J%|*hdyQytc6XTqZ zVQt0M>$P)kueEViw&moRWJkrX#+@EoZR@=L{ALr{b?1 zD5QjH>dJLuRoRmkhc+re0MlUnn1tTn;^Qt(1d1x%SNv4go9^0( zpnTaN(uM++T#cYT=NZF-!x>PNQ&-;gJ#s$1-1T?^S})UAPBb#sstS-lUIO!peA!4$ z$=~XAvB@Wmnpd#3x9@i%!NNq2b*aC{BhI#4`GcLTGu^byL>RV8co!C2O)|?eF%P7H z?EdyXyh-7#Y>dG5d1%LtQ-qE{iTS5I#8AAI8+g(f9cEY7u@yov2B=tZnP*R4+0Y;F z;(O_kw0%s64OWp`ta05Tv)b)ds!rXt9NS-VqR?_F8A)=jkp$!{k)`UT#isBo^?}d6 zzloX{lGX*U`|Vh4oMhjRtNL0w^Z2+`+M|6!2PP=C<>>G?Ab1rbg^}eh+PgLHVl#Qd z3x@q0LW4fzeQ}PbSvBo%iH(5Cpfvu{VkjbLKT!mZl%VK+x18$ct?w<@TlvhjFV@@9 z>(|}CE|DK=_ms*}mU)u1DkzSNO|~m=^I3R)iND9B!@kr`dqeW#C?|mX>q_uuy}+5p zuWv(?#}pY_V)4b0bIA3%4c%SRTai zpFBx@*HdDnZaxHF4l+<1x51x`R$Q4sCzvHX_xb?xwaxE}TO7iqMlkinlHdvO1NPHW z_(nnN^2mN`4#n{6(JIk#&oEPVX&G`UwA6UTNvc9snU(XO1r&YzRYe>L(r4)5aikHE z+RIr`g8jl{;d;a=udAbNx=!H!>JzYJzZVeK7)kkFjT|tg4S~yDw_; zB$@wBwFVQ+K?0)oj2nOh9K*&>!GDdy^?Pv6xw4FfzSKLpSq|M&4fFUAu1*hN;tVPNjII-by3* zH<^xlqvF3Q%~89>g|dR~V>~M8zNnvsa9Vd3b1A#i2fwX2J3AAVkow!jT%#=~M5e)Q~0eCK?b%4+)8EHXa%doaw-- zoFuE#BSSEuI^T)sis&8krE$0XU|#&1&)fTY)2%Kqy@t|t7@kGSnJe6Oj{xN7xPOhBrI`9ag`P2Dti%2nK)qJ=mCpCKKid~sYU{jma5z%g_BtkHB#%X}mh=e`zFBvR7XP zIsa%ukwvH+oY(l+SeoLKHkrU8&nSsrPf~6pZ#WY1 zfFClvvul{Q*!>E&=&x|RjC*43EYJ@q`HU09?~1-noYWB`C9V*r_#*dW|C3?-G$I&& zHgdqCuRp{W{+5%r{~EPpb#%a|8bikpJ@U)(kV9=OlCTTaIx$7t`?)=Qr!Z#Yk-})g zszYdZ#5+kB!W?>}5Pq#X7c*qqYbH)EUj8s~ZZ&cX zSzF^4DHM(O{2;CJtzLjR9ze_#q9=kg{+^P*1=I4uO%E(;c+#HMQLo2S_Av@SPs{+@ zZILaZjrQ!SR?d>_3%ja?;O}N1EGTr0Nrs0Ckx#)=+>svyEbc^eP`vj(N=pRx;$?@duKi4 z21{a%R@+l1^qCfd@g=-0KBc5206Q=MoM@~QWu`wDuf?4ACRXWbrzRrZKlXL4_$&?5 zi4F0bilVXY1%IYexuCl@_qR?EJo6^lz&$0hIh_a%Ic9$v>)^6vq}UgJX-z}p$^v`R0i4@}4Ci)mWt)tRuglR-{_pD6O>kup8jTk}?X`5RrF#?Ki+p%|z6|3J$6IY(z zFG+B4`2YQ0H5qey_r^JCYk!CId=^AlM4G}xebCK6{8=-9|6{Gs&*yD5$y|4-1IyHA3_Eg{yKM`>3 z>@(4SmFtGB(>!(^Cc&mvqkH)OX>*c3FB-04VN_Nl(IC&+VVtm#7lxeNU|jyaKH3l3 z?=PDIIyfPPcM3z^mybCyP7M*3~xNmxphHCu=`+Iy#! zgYCUVQpF~IA^u)bpuSRBn3%e_>_r(x^md6ip};H56O8$hnC+ZWO?#>GGC&dJ?2!KA z(7CkaMyms+zZ9b?Tx;-Dyiv$$!Q`sm8FTCO6WN$gY2wGWwQy{V{xIxZ(nnF8p=&UM zhq~WAMQKF7*_h(Z{1MV*vUX=GO=NvXFygVh^TWvp;u>;IdOAz`s;3<(m+AVQPG=UW zTU6`Y9}bgp!s)&qYl{e-@#vlV#x5rcStT*(n>mfefPG#x;uutC9CDIdX+h@{q|$W| zn>9`dc$@M=yS#s(>yd$0y_*|OFJ{grn(P-VBHN@BGi>7IE=#&JhgwZDC0iSO>i#OIVr z`$~TnO)aKAJFW7BD@SgVfh9!uCuct2*e^$?1WBUhn!bMG0!fmY9V6%#8mk05U%4{d zYwYTzqtubfQijUoH~vk9Uxih@Hml#(jQV{7vVx2dRS{q(TZis_{h(0?e`ICmM;6$`8XpSsj5M&T{UD(b=vAe&iYY7Av8o6S`J7P z`j9kC?nDhJBS@95&FwIOu(lbex)>+Z44>!e^^yi#t!kWHa$h z6#?Ur?2#&M9ao4qF!t6HbIv>0alNF?qrT7+_CC;XALO7X-qlVxb#3EJoc=~b?0lsz zYdMJ|er*JS=kTGO6TF6;J`iB>o-)*VZC1TQ#T#Wm;B2-gUnkqL+PU}x#QEv>%ITuu z-&3tVvDImIcJRf;ubVS{jy61JO4)6K_8_^7Uo?u777xM1F+NpxrgHZ&SDJA?F>?b3 z#QoTR0X2i;yTU^n=PHe-AuL5$+}hO;B&w=V6%wu+q}j1WrDGKCFy82R>i{Ki;?zfX zFb3YQi&06(86rX=@K^pzw;EFi#}xCWzQ zK$p6dO}Vrt57(;3-szgi-HKSQ8eg}!Q_`RiZp)>vUbH$DIf}?g z#OHNsoP0FZJT?=M(Cc4R8haZiEd*()Ul*q>3mHFsL0jEE>V0x9frCj%wwTS|7ZYb0 z+Gk3I&l0`!iss^)4ue4Z6VoZn zK~&+*7D>Ces2n!Ly&z2=@1hlt- z3K9l{JJ8WF0)V)oTNNB-Z(uAB)0zTkDhx_KyNTU`@pHr|4ve%?Qi@xvbijE)kVXz% zh@fYZwOYSAhWLvmIYkjXJJm8;4M{8tI4xdGyI5lS?U7EIk*CeC6qAwEJgi9&%MMn$ zntVKL7m9uuL#M@Zg3~MZ$-yF_JrWYMtIWvg6jH!5j)CK^^nJ^*#8NjLz6Ulk&H)$lZFWsCp^IaX)W zBySWg2MeJ~7){5;PN>SEo}&rFXNrQd2ZgXNJMA@(dRmzdTd zyD<7qCORp!pBm|v_u@~JYG1q4PfJP}ywmy^LUl`X<#Y_ZzCSR5c-W5F+Ye=?A}#1Ot*dhdgH%bfN{h zcs&{xR?yHY3QH73^$xArWw-`oFMFbIUV*w|0FgirNTTM6Sv-9W!e+S)$r-Qwg}@Va0HqlMOmrd*R9dg=8tvQ*HHMe4+T~Qm z(8ZLJH~3M7{I936n~G;q3GRXJ+Zxvk8b+35ppbirM~5deuyyXI*1{zz;cG(&hq+5P zO&&y1(ejMn7pF-Yx!xJ%SOGw<>5M3;>j}*?04)L&1F!jA8w^1)DTgGHmeYl!SIM?) z-qVrnaS{rKv+B`^n7OKj%AWiwmf{YLD3&I`@JD$oFxas{9*=MADB4%jxHbGoC4Qe7 zq}TWkb6fo5d8k}jtx*#2Hw_~yhHwiCi#S>}OV>UDHjK(;mVZi}nGmEP|}GhWXioB2vdKp6En3B~6+)>VdU6`8}iJ zP=$|+r@-Nld#}S}&sL}jGmQDyn(!os$UjX_2ITf8&>u3Dby2@xy4r@~3oth-3dP<> z#|qKQ;+6l)F!-N1)qeq3Jo@-?-v+3kz+ zO7xI$^kt^1YM_eF){!)x^IL)17i3A8)s_yUPG2cqTCGnbObZ_qFt4ftfQWjWQ3nU%#*mF&dY3CtvqO%ff38o#SYq7F79aJ;oxx#uw=iAm z@f)idGLaA}hQ;lrkS0}5)UEN(*g2BYK&T$JJkvxTSyUJa9qHnBng zs#XUok^@#V^HXdx%^3KsZpO64xyV`Bx#u1!jH$kYeu7s6wALrT|M zCKq{hx$*in`%0B?$Ymk93(+FAzsqoKTf;|w@0ti6u_C+DuM_EL(L?17G4v~{k}xr@ z0K#+9_JuXg%7va7?_1k(pjIMluF=^TqXGz)!9LAKVlqj&Q3k{|6Ocd%naF{59;s-a zf9*qQdma*w19*WCDRM*GX%QOC?}fvdlk8BoW-4ykoW?5veqHlOiwOl>d)DWhGwAMT zRFrRQv%T69@&YSkJB4kVaVNiGkSF;rh0h}`u{Ay)*zI>@y1~(JZTY=_G?07Hr#TUN zMXF{Dhc*{*S|wChf~389esM!2K!p^9n1E?HMb)ouJS`aOF$&e8y=A+le8P9$woWgR zr*kw}XYs*AUgmOIw#ZmgSJ zARl@uH>#9oKcVH9Xs+#33p1xZ3A&Q9R1al6)DR9UH z#Ekq=VKwNS+&@PMLE=*TE_56Ekjb6}d)p>KgPqWnV~`0oU&#WEDl^=MKy&RgO% zv}=nkXk|mPP!_58fD2tO+kN__uUl;H`l}HOHq*o0DC=P2E z`@+BuVajFtUoP3oSyhmAUSoCEDRlec$OWk@(M~x#h5;C5e}O}8ByT#?fQNKQ4k7bW zXx;pk2nPhOa(QaLE^42hN|b@!v=lOealHk(cj)?_y~ZcnOQ7!!HXG(s3uG6fLd>IA z`C$4J2*z<>0^;^?7H~othiTF>`A#_s*V=+WL z7&pf<+_2FU3qPcsNt6w3H=U)t24lqDQs{LaduczjX5AsbHE>56IR%Tg^VA@i57Z!XyO7y@KZD96-?g%NqeQm8GGK8C zLxa6VmN!PJEA1f>2*CY{4WLyNxpxR&*}>uW#(cvE!qre`$+R{>3jL($inaq0J^2j* zQJ2gYRq+VV@n)dgSDL0&-DneffIyUcEFpOPTH^*eaVL5VfV@NvX&c!ZK zg3)Sd$Pm%UnY+N8Hn?4-Wdf=|VnMfmmOm7u3KNjpGFF-PmMyp(x%Df`JWZt5-&y;r zgsNZmcTdvdOc5E=%uHfw$My4j2)%3;x#1lihZW0H))4elt>HJdiB~08o3S7O`I^=$V6)4_4 z1CU%Lk=6X!QenvT9M6C*gd*Zwam-fVXZcE0d_Odl)PqI6sH|OP$crj4%tAZg4t$h} zV-rf!xcOdR!bI6*1#4;v%JgO;Kju3=Y4O0{m z{d87bl@uUVQkPpS8gdzF;OswV8i+QA^0Adn#8hm=etzb$5Z8>g(|WEBTAUl=Efo4= zZ?#9ut~NGJ+jU)cN!lazJ!*=GM#@OFl&C|wdsNy%r7R#MQX054qc5J)n4+-x8v#VI zzz`0@Gsh|o!$6@RtT#@J7O!=mLvl`J8@oS)ZxbforMC>ZFe)jY>7$BqnhjD2GN=Tcm8A7p-s z#}_1NsC5w@#G&~N$Y^-v`ST30Tb!f5a}3_UPwVLeTjd`2|HBq~;Ra_dE=tQL*Y9(w z{}2T?w9G-3z0)dH@lK3l@9Saz#=t5rX8{K7Jx!%Or%XMIplOo#Ihn@KfSp*!`|QjM zj6;SXUkPJ^A4ekG^@(R|nhVCklZ+MQS!WvK!+p@@XTV2W$u5o`M|KVczCSh-9}5VY zUltt-?)R4Vn2HR81Ss}(WsdK4B@N-bI8KWa1_9bVG3AKTf5QD&r05s5o{~>CH;<`7 zErUbyv^xR#Pn!4fwTgS*VQ~R}Z$Itgt&;~UO8zD{tbGPl>R#{bI!kW!tUZC|4W5$! zz9S3oa@h`EOx&fEbjcj=wqB{TOx%$D#r2z1ALo%PtapNgXldqw`aB~0oflMp)4w!JMUqF#9h9JoB4aB|H{U}_mHNO~FEF+G&d?OcWFG_#>p{K1tp)x5D^ zddiiMw2-lsc{+|fpMM6V>a{)t_8DZJlmm000l#-1e%r%>T1;8tHrffAC#g^GgYyJG zM+z}0?^92ds0J241L}1yuUJ2umApv}+M#>~{0Pc&l#GAEl=~*Vb5l;4{8-y_srA&l zW|*lRoZ+3gtfO{;I(P;-w@L2|feb$e#fs^&3CW z8=nD9>=5co36mOshv2B>rw8geBQ>$d59dP1n$1%NhtB|l;D;KrXTUOv_scFRIvz+W pJ_8;yRi6QOi$71_b?Cug4)m_eJRz15IPiZEWB)HVj`VruKLA_+?e72p literal 0 HcmV?d00001 diff --git a/src/docbkx/resources/xsl/fopdf.xsl b/src/docbkx/resources/xsl/fopdf.xsl new file mode 100644 index 00000000..5bc10b51 --- /dev/null +++ b/src/docbkx/resources/xsl/fopdf.xsl @@ -0,0 +1,470 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Copyright © 2004-2007 + + + , + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -5em + -5em + + + + + + + + + + + Spring Web Services ( + + ) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + bold + + + + + + + + + + + + + + + + + + + + + + + + + + + 1 + 0 + 1 + + 1 + + + + + + book toc + + + + 2 + + + + + + + + + + 0 + 0 + 0 + + + 5mm + 10mm + 10mm + + 15mm + 10mm + 0mm + + 18mm + 18mm + + + 0pc + + + + + justify + false + + + 11 + 8 + + + 1.4 + + + + + + + 0.8em + + + + + + 17.4cm + + + + 4pt + 4pt + 4pt + 4pt + + + + 0.1pt + 0.1pt + + + + + 1 + + + + + + + + left + bold + + + pt + + + + + + + + + + + + + + + 0.8em + 0.8em + 0.8em + + + pt + + 0.1em + 0.1em + 0.1em + + + 0.6em + 0.6em + 0.6em + + + pt + + 0.1em + 0.1em + 0.1em + + + 0.4em + 0.4em + 0.4em + + + pt + + 0.1em + 0.1em + 0.1em + + + + + bold + + + pt + + false + 0.4em + 0.6em + 0.8em + + + + + + + + + pt + + + + + 1em + 1em + 1em + #444444 + solid + 0.1pt + 0.5em + 0.5em + 0.5em + 0.5em + 0.5em + 0.5em + + + + 1 + + #F0F0F0 + + + + + + 0 + 1 + + + 90 + + + + + '1' + + + + + + + figure after + example before + equation before + table before + procedure before + + + + 1 + + + + 0.8em + 0.8em + 0.8em + 0.1em + 0.1em + 0.1em + + + + + + + + + + + + + + + + + diff --git a/src/docbkx/resources/xsl/html.xsl b/src/docbkx/resources/xsl/html.xsl new file mode 100644 index 00000000..aa7930ba --- /dev/null +++ b/src/docbkx/resources/xsl/html.xsl @@ -0,0 +1,91 @@ + + + + + + + + + html.css + + + 1 + 0 + 1 + 0 + + + + + + book toc + + + + 3 + + + + + 1 + + + + + + + 0 + + + 90 + + + + + 0 + + + + + figure after + example before + equation before + table before + procedure before + + + + , + + + + + + + + +
+

Authors

+

+ +

+
+ +
diff --git a/src/docbkx/resources/xsl/html_chunk.xsl b/src/docbkx/resources/xsl/html_chunk.xsl new file mode 100644 index 00000000..cfd07354 --- /dev/null +++ b/src/docbkx/resources/xsl/html_chunk.xsl @@ -0,0 +1,208 @@ + + + + + + + '5' + '1' + html.css + + 1 + 0 + 1 + 0 + + + + book toc + + + 3 + + + 1 + + + + + 90 + + + + figure after + example before + equation before + table before + procedure before + + + + , + + + + + + + + +
+

Authors

+

+ +

+
+ + + +
+ + + + 1 + + + + + + + + + + + + + + diff --git a/src/docbkx/security.xml b/src/docbkx/security.xml new file mode 100644 index 00000000..79828333 --- /dev/null +++ b/src/docbkx/security.xml @@ -0,0 +1,890 @@ + + + + Securing your Web services with Spring-WS + +
+ Introduction + + In this chapter, we will show you how to add WS-Security aspects to your Web services. We will focus on the + three different areas of WS-Security, namely: + + + Authentication + + This is the process of determining whether a + principal + is who they claim to be. In this context, a "principal" generally means a user, device or some other + system which can perform an action in your application. + + + + Digital signatures + + The digital signature of a message is a piece of information based on both the document and the signer's + private key. It is created through the use of a hash function and a private signing function (encrypting + with the signer's private key). + + + + Encryption and Decryption + + Encryption + is the process of transforming data into a form that is impossible to read without the appropriate key. + It is mainly used to keep information hidden from anyone for whom it is not intended. + Decryption + is the reverse of encryption; it is the process of transforming of encrypted data back into an readable + form. + + + + All of these three areas are implemented using the + XwsSecurityInterceptor + , which we will describe in + + + + + Note that WS-Security (especially encryption and signing) requires substantial amounts of memory, and + will also decrease performance. If performance is important to you, you might want to consider using not + using WS-Security. + + +
+
+ XwsSecurityInterceptor + + The + XwsSecurityInterceptor + is an + EndpointInterceptor + (see + + ) that is based on SUN's XML and Web Services Security package (XWSS). This WS-Security implementation is + part of the Java Web Services Developer Pack ( + + Java WSDP + + ). + + + Like any other endpoint interceptor, it is defined in the endpoint mapping (see + + ). This means that you can be selective about adding WS-Security support: some endpoint mappings require it, + while others do not. + + + The + XwsSecurityInterceptor + requires a + security policy file + to operate. This XML file tells the interceptor what security aspects to require from incoming SOAP + messages, and what aspects to add to outgoing messages. The basic format of the policy file will be + explained in the following sections, but you can find a more in-depth tutorial + + here + + . You can set the policy with the + policyConfiguration + property, which requires a Spring resource. The policy file can contain multiple elements, e.g. require a + username token on incoming messages, and sign all outgoing messages. It contains a + SecurityConfiguration + element as root (not a + JAXRPCSecurity + element). + + + Additionally, the security interceptor requires one or more + CallbackHandler + s to operate. These handlers are used to retrieve certificates, private keys, validate user credentials, + etc. Spring-WS offers handlers for most common security concerns, e.g. authenticating against a Acegi + authentication manager, signing outgoing messages based on a X509 certificate. The following sections will + indicate what callback handler to use for which security concern. You can set the callback handlers using + the + callbackHandler + or + callbackHandlers + property. + + + Here is an example that shows how to wire the + XwsSecurityInterceptor + up: + + + + + + + + + + + ... + +]]> + This interceptor is configured using the securityPolicy.xml file on the classpath. It + uses two callback handlers which are defined further on in the file. + +
+ +
+ Key stores + + For most cryptographic operations, you will use standard java.security.KeyStore + objects. This includes certificate verification, message signing, signature verification, encryption, but + excludes username and time-stamp verification. This section aims to give you some background knowledge on + key stores, and the Java tools that you can use to store keys and certificates in a key store file. This + information is mostly not related to Spring-WS, but to the general cryptographic features of Java. + + + The java.security.KeyStore class represents a storage facility for cryptographic keys + and certificates. It can contain three different sort of elements: + + + Private Keys + + These keys are used for self-authentication. The private key is accompanied by certificate chain for + the corresponding public key. Within the field of WS-Security, this accounts to message signing and + message decryption. + + + + Symmetric Keys + + Symmetric (or secret) keys are used for message encryption and decryption as well. The difference + being that both sides (sender and recipient) share the same, secret key. + + + + Trusted certificates + + These X509 certificates are called a trusted certificate because the keystore owner + trusts that the public key in the certificates indeed belong to the owner of the certificate. Within + WS-Security, these certificates are used for certificate validation, signature verification, and + encryption. + + +
+ KeyTool + + Supplied with your Java Virtual Machine is the keytool, a key and certificate + management utility. You can use this tool to create new key stores, add new private keys and + certificates to them, etc. It is beyond the scope of this document to provide a full reference of + the keytool command, but you can find a reference + here, or by giving the command keytool -help on + the command line. + +
+
+ KeyStoreFactoryBean + + To easily load a key store using Spring configuration, you can use the + KeyStoreFactoryBean. It has a resource location property, which you can set to + point to the path of the key store to load. A password may be given to check the integrity of the + key store data. If a password is not given, integrity checking is not performed. + + + + +]]> + + + If you don't specify the location property, a new, empty key store will be created, which is most + likely not what you want. + + +
+
+ KeyStoreCallbackHandler + + To use the key stores within a XwsSecurityInterceptor, you will need to define a + KeyStoreCallbackHandler. This callback has three properties with type key store: + (keyStore, trustStore, and + symmetricStore). The exact stores used by the handler depend on the + cryptographic operations that are to be performed by this handler. For private key operation, the + keyStore is used, for symmetric key operations the + symmetricStore, and for determining trust relationships, the + trustStore. The following table indicates this: + + + + + Cryptographic operation + Key store used + + + + + Certificate validation + + first the keyStore, then the + trustStore + + + + Decryption based on private key + keyStore + + + Decryption based on symmetric key + symmetricStore + + + Encryption based on public key certificate + trustStore + + + Encryption based on symmetric key + symmetricStore + + + Signing + keyStore + + + Signature verification + trustStore + + + + + Additionally, the KeyStoreCallbackHandler has a + privateKeyPassword property, which should be set to unlock the private key(s) + contained in the keyStore. + + + If the symmetricStore is not set, it will default to the + keyStore. If the key or trust store is not set, the callback handler will use + the standard Java mechanism to load or create it. Refer to the JavaDoc of the + KeyStoreCallbackHandler to know how this mechanism works. + + + For instance, if you want to use the KeyStoreCallbackHandler to validate incoming + certificates or signatures, you would use a trust store, like so: + + + + + + + + + +]]> + If you want to use it to decrypt incoming certificates or sign outgoing messages, you would use a key + store, like so: + + + + + + + + + + +]]> + + + The following sections will indicate where the KeyStoreCallbackHandler can be + used, and which properties to set for particular cryptographic operations. + +
+
+ +
+ Authentication + + As stated in the introduction, authentication is the task of determining whether a + principal is who they claim to be. Within WS-Security, authentication can take two forms: using a username + and password token (using either a plain text password or a password digest), or using a X509 certificate. + +
+ Plain Text Username Authentication + + The simplest form of username authentication uses plain text passwords. In this + scenario, the SOAP message will contain a UsernameToken element, which itself + contains a Username element and a Password element which contains + the plain text password. Plain text authentication can be compared to the Basic Authentication provided + by HTTP servers. + + + + Note that plain text passwords are not very secure. Therefore, you should always add additional + security measures to your transport layer if you are using them (using HTTPS instead of plain HTTP, + for instance). + + + + To require that every incoming message contains a UsernameToken with a plain + text password, the security policy file should contain a RequireUsernameToken + element, with the passwordDigestRequired attribute set to false. + You can find a reference of possible child elements + here. + + + ... + + ... +]]> + + If the username token is not present, the XwsSecurityInterceptor will return a + SOAP Fault to the sender. If it is present, it will fire a + PasswordValidationCallback with a PlainTextPasswordRequest + to the registered handlers. Within Spring-WS, there are three classes which handle this particular + callback. + +
+ SimplePasswordValidationCallbackHandler + + The simplest password validation handler is the + SimplePasswordValidationCallbackHandler. This handler validates passwords + against a in-memory Properties object, which you can specify using the + users property, like so: + + + + + Ernie + + +]]> + + In this case, we are only allowing the user "Bert" to log in using the password "Ernie". + +
+
+ AcegiPlainTextPasswordValidationCallbackHandler + + The AcegiPlainTextPasswordValidationCallbackHandler uses the excellent Acegi Security Framework to + authenticate users. It is beyond the scope of this document to describe Acegi, but suffice it to say + that Acegi is a full-fledged security framework. You can read more about Acegi in the Acegi reference + documentation. + + + The AcegiPlainTextPasswordValidationCallbackHandler requires an Acegi + AuthenticationManager to operate. It uses this manager to authenticate against a + UsernamePasswordAuthenticationToken that it creates. If authentication is + successful, the token is stored in the SecurityContextHolder. You can set the + authentication manager using the authenticationManager property: + + + + + + + + + + + + + + + + ... +]]> +
+
+ JaasPlainTextPasswordValidationCallbackHandler + + The JaasPlainTextPasswordValidationCallbackHandler is based on the standard + Java Authentication and Authorization + Service. It is beyond the scope of this document to provide a full + introduction into JAAS, but there is a + good tutorial available. + + + The JaasPlainTextPasswordValidationCallbackHandler only requires a + loginContextName to operate. It creates a new JAAS + LoginContext using this name, and handles the standard JAAS + NameCallback and PasswordCallback using the username + and password provided in the SOAP message. This means that this callback handler + integrates with any JAAS + LoginModule that fires these callbacks during the + login() phase, which is standard behavior. + + + You can wire up a JaasPlainTextPasswordValidationCallbackHandler as follows: + + + +]]> + + In this case, the callback handler uses the LoginContext named + "MyLoginModule". This module should be defined in your jaas.config file, as + explained in the abovementioned tutorial. + +
+
+ +
+ Digest Username Authentication + + When using password digests, the SOAP message also contain a UsernameToken element, + which itself contains a Username element and a Password element. + The difference is that the password is not sent as plain text, but as a digest.The + recipient compares this digest to the digest he calculated from the known password of the user, and if + they are the same, the user is authenticated. It can be compared to the Digest + Authentication provided by HTTP servers. + + + To require that every incoming message contains a UsernameToken element with a + password digest, the security policy file should contain a RequireUsernameToken + element, with the passwordDigestRequired attribute set to true. + Additionally, the nonceRequired should be set to true: + You can find a reference of possible child elements + here. + + + ... + + ... +]]> + + If the username token is not present, the XwsSecurityInterceptor will return a + SOAP Fault to the sender. If it is present, it will fire a + PasswordValidationCallback with a DigestPasswordRequest + to the registered handlers. Within Spring-WS, there are two classes which handle this particular + callback. + +
+ SimplePasswordValidationCallbackHandler + + The SimplePasswordValidationCallbackHandler can handle both plain text + passwords as well as password digests. It is described in . + +
+
+ AcegiDigestPasswordValidationCallbackHandler + + The AcegiPlainTextPasswordValidationCallbackHandler requires an Acegi + UserDetailService to operate. It uses this service to retrieve the password + of the user specified in the token. The digest of the password contained in this details object is + then compared with the digest in the message. If they are equal, the user has succesfully + authenticated, and a UsernamePasswordAuthenticationToken is stored in the + SecurityContextHolder. You can set the service using the + userDetailsService. Additionally, you can set a + userCache property, to cache loaded user details. + + + + + + + + ... +]]> +
+
+ +
+ Certificate Authentication + + A more secure way of authentication uses X509 certificates. In this scenerario, the SOAP message + contains a BinarySecurityToken, which contains a Base 64-encoded version of a X509 + certificate. The recipient is used by the recipient to authenticate. The certificate stored in the + message is also used to sign the message (see ). + + + To make sure that all incoming SOAP messages carry a BinarySecurityToken, the + security policy file should contain a RequireSignature element. This element can + carry further other elements, which will be covered in . + You can find a reference of possible child elements + here. + + + ... + + ... +]]> + + When a message arrives that carries no certificate, the XwsSecurityInterceptor + will return a SOAP Fault to the sender. If it is present, it will fire a + CertificateValidationCallback. There are three handlers within Spring-WS + which handle this callback for authentication purposes. + + + + In most cases, certificate authentication should be preceded by certificate + validation, since you only want authenticate against valid certificates. + Invalid certificates such as certificates for which the expiration date has passed, or which are not + in your store of trusted certificates, should be ignored. + + + In Spring-WS terms, this means that the + AcegiCertificateValidationCallbackHandler or + JaasCertificateValidationCallbackHandler should be preceded by + KeyStoreCallbackHandler. This can be accomplished by setting the order of the + callbackHandlers property in the configuration of the + XwsSecurityInterceptor: + + + + + + + + + +]]> + Using this setup, the interceptor will first determine if the certificate in the message is valid + using the keystore, and then authenticate against it. + + +
+ KeyStoreCallbackHandler + + The KeyStoreCallbackHandler uses a standard Java key store to validate + certificates. This certificate validation process consists of the following steps: + + + + First, the handler will check whether the certificate is in the private + keyStore. If it is, it is valid. + + + + + If the certificate is not in the private key store, the handler will check whether the + the current date and time are within the validity period given in the certificate. + If they are not, the certificate is invalid; if it is, it will continue with the final + step. + + + + + Finally, a certification path for the certificate is created. This + basically means that the handler will determine whether the certificate has been issued + by any of the certificate authorities in the trustStore. If it + a certification path can be built succesfully, the certificate is valid. Otherwise, it + is not. + + + + + + To use the KeyStoreCallbackHandler for certificate validation purposes, you + will most likely only set the trustStore property: + + + + + + + + + +]]> + Using this setup, the certificate that is to be validated must either be in the trust store itself, + or the trust store must contain a certificate authority that issued the certificate. + +
+
+ AcegiCertificateValidationCallbackHandler + + The AcegiCertificateValidationCallbackHandler requires an Acegi + AuthenticationManager to operate. It uses this manager authenticate against a + X509AuthenticationToken that it creates. The configured authentication + manager is expected to supply a provider which can handle this token (usually an instance of + X509AuthenticationProvider). If authentication is succesfull, the token is + stored in the SecurityContextHolder. You can set the authentication manager + using the authenticationManager property: + + + + + + + + + + + + + + + + + + + + ... +]]> + + In this case, we are using a custom user details service to obtain authentication details based on + the certificate. Refer to the Acegi reference + documentation for more information about authentication against X509 + certificates. + +
+
+ JaasCertificateValidationCallbackHandler + + The JaasCertificateValidationCallbackHandler requires a + loginContextName to operate. It creates a new JAAS + LoginContext using this name and with the + X500Principal of the certificate. This means that this callback handler + integrates with any JAAS LoginModule that handles X500 principals. + + + You can wire up a JaasCertificateValidationCallbackHandler as follows: + + + MyLoginModule +]]> + + In this case, the callback handler uses the LoginContext named + "MyLoginModule". This module should be defined in your jaas.config file, and + should be able to authenticate against X500 principals. + +
+
+ +
+ +
+ Digital Signatures + + The digital signature of a message is a piece of information based on both the document + and the signer's private key. There are two main tasks related to signatures in WS-Security: verifying + signatures and signing messages. + +
+ Verifying Signatures + + Just like certificate-based authentication, + a signed message contains a BinarySecurityToken, which contains the certificate used + to sign the message. Additionally, it contains a SignedInfo block, which indicates + what part of the message was signed. + + + To make sure that all incoming SOAP messages carry a BinarySecurityToken, the + security policy file should contain a RequireSignature element. + It can also contain a SignatureTarget element, which specifies the target message + part which was expected to be signed, and various other subelements. You can also define the private key + alias to use, whether to use a symmetric instead of a private key, and many other properties. You can + find a reference of possible child elements + here. + + + +]]> + + If the signature is not present, the XwsSecurityInterceptor will return a + SOAP Fault to the sender. If it is present, it will fire a + SignatureVerificationKeyCallback to the registered handlers. Within Spring-WS, + there are is one class which handles this particular callback: the + KeyStoreCallbackHandler. + + +
+ KeyStoreCallbackHandler + + As described in , the + KeyStoreCallbackHandler uses a java.security.KeyStore + for handling various cryptographic callbacks, including signature verification. For signature + verification, the handler uses the trustStore property: + + + + + + + + + + +]]> +
+
+ +
+ Signing Messages + + When signing a message, the XwsSecurityInterceptor adds the + BinarySecurityToken to the message, and a SignedInfo block, which + indicates what part of the message was signed. + + + To sign all outgoing SOAP messages, the + security policy file should contain a Sign element. + It can also contain a SignatureTarget element, which specifies the target message + part which was expected to be signed, and various other subelements. You can also define the private key + alias to use, whether to use a symmetric instead of a private key, and many other properties. You can + find a reference of possible child elements + here. + + + +]]> + + The XwsSecurityInterceptor will fire a + SignatureKeyCallback to the registered handlers. Within Spring-WS, + there are is one class which handles this particular callback: the + KeyStoreCallbackHandler. + +
+ KeyStoreCallbackHandler + + As described in , the + KeyStoreCallbackHandler uses a java.security.KeyStore + for handling various cryptographic callbacks, including signing messages. For adding signatures, + the handler uses the keyStore property. Additionally, you must set + the privateKeyPassword property to unlock the private key used for signing. + + + + + + + + + + + +]]> +
+
+
+ +
+ Encryption and Decryption + + When encrypting, the message is transformed into a form that can only be read with the + appropriate key. The message can be decrypted to reveal the original, readable message. + +
+ Decryption + + To decrypt incoming SOAP messages, the security policy file should contain a + RequireEncryption element. This element can further carry a + EncryptionTarget element which indicates which part of the message should be + encrypted, a SymmetricKey to indicate that a shared secret instead of the regular + private key should be used to decrypt the message. You can read a description of the other elements + + here. + + + +]]> + + If an incoming message is not encrypted, the XwsSecurityInterceptor will return a + SOAP Fault to the sender. If it is present, it will fire a DecryptionKeyCallback + to the registered handlers. Within Spring-WS, there is one class which handled this particular callback: + the KeyStoreCallbackHandler. + +
+ KeyStoreCallbackHandler + + As described in , the + KeyStoreCallbackHandler uses a java.security.KeyStore + for handling various cryptographic callbacks, including decryption. For decryption, + the handler uses the keyStore property. Additionally, you must set + the privateKeyPassword property to unlock the private key used for + decryption. For decryption based on symmetric keys, it will use the + symmetricStore. + + + + + + + + + + + +]]> +
+
+ +
+ Encryption + + To encrypt outgoing SOAP messages, the security policy file should contain a Encrypt + element. This element can further carry a EncryptionTarget element which indicates + which part of the message should be encrypted, a SymmetricKey to indicate that a + shared secret instead of the regular private key should be used to decrypt the message. You can read a + description of the other elements + here. + + + +]]> + + The XwsSecurityInterceptor will fire a + EncryptionKeyCallback to the registered handlers in order to retrieve the + encryption information. Within Spring-WS, there is one class which handled this particular callback: the + KeyStoreCallbackHandler. + +
+ KeyStoreCallbackHandler + + As described in , the + KeyStoreCallbackHandler uses a java.security.KeyStore + for handling various cryptographic callbacks, including encryption. For encryption based on public + keys, the handler uses the trustStore property. For encryption based on + symmetric keys, it will use the symmetricStore. + + + + + + + + + + +]]> +
+
+ +
+
+ diff --git a/src/docbkx/server.xml b/src/docbkx/server.xml new file mode 100644 index 00000000..953c2bcc --- /dev/null +++ b/src/docbkx/server.xml @@ -0,0 +1,345 @@ + + + + Creating a Web service with Spring-WS +
+ Web service messages +
+ + <interfacename>WebServiceMessage</interfacename> and <interfacename>SoapMessage</interfacename> + + + One of the core interfaces within Spring Web Services is the + WebServiceMessage. This interface represents a protocol agnostic XML + message. The interface contains methods that provide access to the payload of the message, in the form + of a javax.xml.transform.Source or a + javax.xml.transform.Result. Source and + Result are tagging interfaces that represent an abstraction over XML + input and output. Concrete implementations wrap various XML representations, as indicated in the table + below. + + + + + Source/Result implementation + Wraps XML representation + + + + + + javax.xml.transform.dom.DOMSource + + + org.w3c.dom.Node + + + + + javax.xml.transform.dom.DOMResult + + + org.w3c.dom.Node + + + + + javax.xml.transform.sax.SAXSource + + + org.xml.sax.InputSource + and + org.xml.sax.XMLReader + + + + + javax.xml.transform.sax.SAXResult + + + org.xml.sax.ContentHandler + + + + + javax.xml.transform.stream.StreamSource + + + java.io.File, java.io.InputStream, or + java.io.Reader + + + + + javax.xml.transform.stream.StreamResult + + + java.io.File, java.io.OutputStream, or + java.io.Writer + + + + + + In addition to reading from and writing to the payload, a Web service message can write itself to an + output stream. + + + The SoapMessage is an extension of + WebServiceMessage. It contains SOAP-specific methods, such as getting + SOAP Headers, SOAP Faults, etc. Generally, your code should only not be dependent on + SoapMessage, because the content of the SOAP Body can be obtained via + getPayloadSource() and getPayloadResult() in the + WebServiceMessage. Only when it is necessary to perform SOAP-specific + actions, such as adding a header, get an attachment, etc., should you need to cast + WebServiceMessage to SoapMessage. + +
+
+ Message Factories + + Concrete message implementation are created by a + WebServiceMessageFactory. This factory can create an empty message, or + read a message based on an input stream. + There are two concrete implementations of WebServiceMessageFactory. + One is based on SAAJ, the SOAP with Attachments API for Java, the other based on Axis 2's AXIOM, the + AXis Object Model. + +
+ <classname>SaajSoapMessageFactory</classname> + + The SaajSoapMessageFactory uses the SOAP with Attachments API for Java to + create SoapMessage implementations. SAAJ is part of J2EE 1.4, so it should be + supported under most modern application servers. You wire up a + SaajSoapMessageFactory like so: + + ]]> + + + + SAAJ is based on DOM, the Document Object Model. This means that all SOAP messages are + stored in memory as a whole. For larger SOAP messages, this may not be very performant. + In that case, the AxiomSoapMessageFactory might be more applicable. + + +
+
+ <classname>AxiomSoapMessageFactory</classname> + + The AxiomSoapMessageFactory uses the AXis 2 Object Model to create + SoapMessage implementations. AXIOM uses StAX, the Streaming API for + XML. StAX provides a pull-based mechanism for reading XML messages, which can be more efficient + for larger messages. + + + To increase reading performance on the AxiomSoapMessageFactory, + you can set the payloadCaching property to false (default is true). + This this will read the contents of the SOAP body directly from the stream. + When this setting is enabled, the payload can only be read once. + This means that you have to make sure that any preprocessing of the message does not consume it. + + + You use the AxiomSoapMessageFactory as follows: + + +]]> + +
+
+
+ +
\ No newline at end of file