Hello All, Are there any examples of secure MTOM (applying WS-Security encryption and MTOM)? When use Axis2 for such a service i see that the binary data is encrypted in payload i.o. in a seperate mime wrapper. This is the generated message with an base64 element applying encryption of body (rampart 1.4) and mtom. Everything is in one wrapper i.o. two. POST /test/service HTTP/1.1 Content-Type: multipart/related; boundary=MIMEBoundaryurn_uuid_B489F865E4213562B91232980745605; type="application/xop+xml"; start="<0.urn:uuid:[email protected]>"; start-info="text/xml" SOAPAction: "http://test/service"; User-Agent: Axis2 Host: 127.0.0.1:8888 Content-Length: 11759 --MIMEBoundaryurn_uuid_B489F865E4213562B91232980745605 Content-Type: application/xop+xml; charset=UTF-8; type="text/xml" Content-Transfer-Encoding: binary Content-ID: <0.urn:uuid:[email protected]> <?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope .... <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" soapenv:mustUnderstand="1"> <ds:Signature> ... </ds:Signature> </wsse:Security> ... </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" wsu:Id="Id-12621140"> <xenc:EncryptedData Id="EncDataId-12621140" Type="http://www.w3.org/2001/04/xmlenc#Content";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd"> <wsse:Reference URI="#EncKeyId-urn:uuid:03D30BDE6D1883576E12329807453902" /></wsse:SecurityTokenReference> </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>K6JM8sqzhjpMtBNspTNzblcF P8wWj ... </xenc:CipherValue> </xenc:CipherData></xenc:EncryptedData> </soapenv:Body> </soapenv:Envelope> --MIMEBoundaryurn_uuid_B489F865E4213562B91232980745605-- Thanks in advance. Kind regards, Erwin
_____ Van: Erwin Reinhoud Verzonden: donderdag 22 januari 2009 15:58 Aan: [email protected] Onderwerp: axis2 secureMTOM Hello, I've looked around but could not find expected behaviour of applying MTOM en WS-Security encryption. A while back i had this working and thought to remember that the binary data (base64binary element) was in a seperate mime wrapper. No, that i retest this i find that the whole encrypted message (encrypt soap:body) including the base64binary element is in one single wrapper. Is this as expected? I.e. no optimization possible when applying WS-Security encryption?. Thanks in advance. Kind regards, Erwin
