Hi, I have a CXF Web Service with MTOM (separate operations for upload and download) and WS-Security (UsernameToken Timestamp Signature Encrypt).
Both upload and download operation with MTOM works fine when tested using CXF client. When testing with SoapUI, download operation works fine. There are no errors even for upload operation but the Web Service is not able to read the attached file. SoapUI is sending a well formed SOAP message with MTOM attachment. When SOAP message is sent by SoapUI to CXF Service, the service is able to: 1. Decrypt the message 2. Verify signature 3. Verify Timestamp 4. Verify Username token 5. Read all data elements in the SOAP body 6. Response back with a SOAP message (with Timestamp Signature Encrypt) SoapUI is able to Decrypt, verify signature and timestamp. Following are my CXF service In/Out Interceptors: <bean id="UT_TimestampSignEncrypt_Request" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <constructor-arg> <map> <entry key="action" value="UsernameToken Timestamp Signature Encrypt"/> <entry key="passwordType" value="PasswordDigest"/> <entry key="passwordCallbackRef" value-ref="myKeystorePasswordCallback"/> <entry key="signaturePropFile" value="serviceKeystore.properties"/> <entry key="signatureAlgorithm" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <entry key="decryptionPropFile" value="serviceKeystore.properties"/> <entry key="encryptionKeyTransportAlgorithm" value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> </map> </constructor-arg> </bean> <bean id="TimestampSignEncrypt_Response" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> <constructor-arg> <map> <entry key="action" value="Timestamp Signature Encrypt"/> <entry key="timeToLive" value="10" /> <entry key="passwordCallbackRef" value-ref="myKeystorePasswordCallback"/> <entry key="user" value="myservicekey"/> <entry key="signaturePropFile" value="serviceKeystore.properties"/> <entry key="signatureParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://www.w3.org/2003/05/soap-envelope}Body"/> <entry key="signatureAlgorithm" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <entry key="encryptionPropFile" value="serviceKeystore.properties"/> <entry key="encryptionUser" value="useReqSigCert"/> <entry key="encryptionParts" value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://www.w3.org/2003/05/soap-envelope}Body"/> <entry key="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <entry key="encryptionKeyTransportAlgorithm" value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> </map> </constructor-arg> <property name="allowMTOM" value="true"/> </bean> But the CXF service is not able to read the file content which was uploaded as MTOM attachment. Is this a bug in CXF. Can the CXF experts in this mailing list, please help. Thanks in advance. The SOAP message sent by SoapUI is present below: INFO: Inbound Message ---------------------------- ID: 12 Address: http://localhost:7001/bes-hc-poc-caqhcore-web/services/Core Encoding: ISO-8859-1 Http-Method: POST Content-Type: multipart/related; type="application/soap+xml"; start="<[email protected]>"; boundary="----=_Part_16_808161854.1398278190760" Headers: {accept-encoding=[gzip,deflate], connection=[Keep-Alive], Content-Length=[9093], content-type=[multipart/related; type="application/soap+xml"; start="<[email protected]>"; boundary="----=_Part_16_808161854.1398278190760"], Host=[localhost:7001], MIME-Version=[1.0], User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]} Payload: ------=_Part_16_808161854.1398278190760 Content-Type: application/soap+xml; charset=UTF-8 Content-Transfer-Encoding: 8bit Content-ID: <[email protected]> <soap:Envelope xmlns:cor="http://www.caqh.org/SOAP/WSDL/CORERule2.2.0.xsd"; xmlns:soap="http://www.w3.org/2003/05/soap-envelope";> <soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><xenc:EncryptedKey Id="EK-E2522E1F1FA164BE57139827819075593" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>MIIBnzCCAQigAwIBAgIEU05SjzANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTQwNDE2MDk1MTExWhcNMTYwNDE1MDk1MTExWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAImydZjGWfawadlhFR5DCXEA704TmG9NVbIkmGZugNDH9NHOrnEpk9SAaaZ63lpy9Buow0dJZnlVvZao/LEGJSyFdHrL+gNQU0F1UF+dGsHSKV0PZw/7miH0qWEb9x7aSpK7RAsWAdLUGRbSQgQ3NgfJuExLjEc1ThXWEWO/DmENAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAg7aSHDXDuOgUU2qeg7T+VwCisz1EtJUSCS8Zb958+lRBpe2kbphqbcFsrLVB10/05ogx7s8G8w+73v6+HBUksf9GbPM/C9yaSdg1JmJ6mNO9NwxvJzD1HrAZ7bVCLy1YzXAmcF4QCny+tRrzTceEC4lI1cw+PqmjXPeGetw0YmI=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>CUVqfx2tci9+qt9k2KQjWSjoUcAWU35jozfAqmGwy6B2PuolHuVPBuHmV1lF58sLlH0dFXr1twywlJfOdwg/wIem5qfPENxNB9U8A+gAqDUpRrOE88kvJ4LUk0ksplhp+rcpSCm3Kt0EvIe9RMSCbJLTwkp6LUT87cvE63kT87E=</xenc:CipherValue></xenc:CipherData> <xenc:ReferenceList><xenc:DataReference URI="#ED-133"/><xenc:DataReference URI="#ED-134"/></xenc:ReferenceList></xenc:EncryptedKey><xenc:EncryptedData Id="ED-133" Type="http://www.w3.org/2001/04/xmlenc#Element"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";><wsse:Reference URI="#EK-E2522E1F1FA164BE57139827819075593"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>gKCxK4+oKTcIelErCFz/EljSnr3IQ0XUZmt/WW0fl5AntuJOFQxFQg7gbGwUYpeI1o5vAFyyANS4jcOSJEna9HQmpVG5ZQsmkp8yoimyANdP4MteGWT3OPPlXjDxOkD3Th9k+QojobToSAiVaC+EEHeENycDJF0qg/IxFxu7E/+MMjaK7oeNnHING5CiyRyNqGI+N/PUmrVFp4AhgpKpyv4PddkKxsm7/aR1A2vF2t6BO7TSrkKyrLeTvGcC7zZspkPXNlT2WD7nYKEO25TLMge3EEmQYCDIHrKOx+cOIpOOp+Oh1b5QV5/hTdObLHxVtkabCl9+ggJelghoT2zBrPl4C8GCpLGPP9CqSxie19uSP4eIg6qnJ/mdlg/grY/bX1qdV7GNLkj0lGst4gMJ0Z6rrrveRMszhP4J4O3E5OrKaXLo455aQEpOX8BV4cjXnXcwS+mLd4M7KOus402sCEE8LbX8/D4Wa+qgmyZ4FElRIdkbERL29UxFbN8FgjLUMHugCppZyutgHUdJor6TazixqlAfKxOYtkjp35+KEQtIiOfPbr+v8e73DmvJOi4kSY8RyVFfm6fR2WWpzy/QW1zt12jPVo7tIwjDepGIMDrQ50r8rErWSAoWLn6zSVZb+B+LntvK8i5sMwaHEasedsI8lGEtfj6WySUTGDw4NYsBLYEXrsZX2RCp9FzGlmjLc5CkHi5AeYczqF3QP7i5IvsJFakzC770zyYPnIWDjUfIsOKzZAtP9K1KmU6KMw6t8bAYNUiWxgHcQqvbgRf8O8HUHrUYI/3GG959mKm1OvodFuAqMQK7DHQ6dY2Ltfkzfi/ZYx5oFci GiH8WTcJmOHFoqR/llOHeFhuuJx6E3hDr1v6UjWjLt17VTbaAuu917wsc36sMffgcDBafxsL2I/XM8FbwUUGkI+jvot14QIdkguuiHehSvulLWaC6Fg8uAZnvFFlV8hyJ9axL+YTk7Kj01/uW93b3NMd3kECiirdJmZjrJQP1zthrLB834xUVjp6xOJ8UooB859IMOS+RlgWfZRKJ/aQJKYQGydrAsn8zO5M0gRtgVpWLajqPI0adEX8JXoRkmganr9zwQc6aXcoroWnwRkw1yY118JprXtW4SXbvPF2t2cv9/mJ0Wi/GQ50yxqUncvlSxiRcdfrvGCsz6TEeu1Dm99t73rscTq3yHCxJJVZ5bffaN36ApeT7IGLKPkDLxECoSkiVItdqpfI1hjXUvcIg7R+Sg8OtVTGshny7di6p7wlfWmThcrMph4IoRazzmAXrs3bsTiGM4Gk1YXjos5655Rf2/UAjkxilAAYW/pHAyqEMckwnNj3jhP9azuq0vNL9334LEuiQY+VDJ59d9oonfaCw88EdkZYJcYKFgXv/SOL+mncXeFwnH3CWGhu+todn4Av/QyWJ4SVAttAgwR85IctTMSt7b0wPhX3CDQ/8HvPuYTW4hco7Zp3TNzGId0YXxJaKeuakGxWAk6Sh8d9lRISjLgZRDndq7Zw2fiIUkI6jlKGR2uiNJoK5vqx6CuBvfEOOkP9V+881H1qXD4Xu6LQqz3427P0tyL2Zs/XVzuFY9uS44nriOHHskHOSIlOcijEdyarE0yZTnrJD3Vbb7Vnp9VCHIq6UWzhb48Rth1HSQzrD7CMMB8BBmCPfScYXoUgfdvSaN+7tFKLiNdWDi3fbFfmFA5oJKJ6zV4dzF9M0gWWK0QHINDzdrZUJIx/cGgsODZvG1z6VATmY9EGbDi3Iw1J/RnKgJ1r9IQlf7Gs7wYL+UZVcSLy5IG4Ny5dcvQyPFN 3OzWx7HwNNPYiW9sEBE8UNT3+gIgkRYxHCkRa1ZZ66BrRQ/Nj17gAELu48DTR2mRYMvvIeoXS9e6xHD0HcfqCNzBo9QATzEVghrptcQY9qCcpEOGd6jQ6nEWp/3je1pk0umMAT5ls3iDsAvj5D1MCLKA5BjU/4OGltSJBlEjouC7r442xPI9X9QqvE1PLT1ScKRUG+l7o9CJf08NjK23SFdbml4ZYNfL1Go/CbMrWJmy5qRgmkD2/BUj6WewVUfd0yEhYM1qhVYkZPX3dLbBTltoj6GjK4cr1Rwostz+zwYF9DbnltFOANPSAkNdZmkXo1gBfBt+GKis/diftnSgflKm2tQqH27mUdzfZkOex3pEdh5yaiZbxO7bYQwveDvpCnzBn8CfaWWDwi4kZ79ND1A75hvW+z6pqlEgavm4C9X+xgobjfhOe9xQtzY8P5NEMEvIFDXorGWciz5y6RJk6SVlvADF53+8VGWkt62OBXIP6QhoF9u2Q1i429rgUDJRJ/XA2yX9u9cf7WpXWzp+5pxBiP54MhD9AVUnZ0W48iKTIiKACgteq+no0qprQRXhT47EdWxfnjbaEd4AyM6xioFLzuTOz6E5EkDw0hEIzmukJIDJiY48E+ggJEiuUhCKeyjIy1SXiL1FqYFFSKsAswwt9v+yDCDZGM8HpEn4bTugFOnqRT5x98iHn8IBTY6nb+BVyluGLIJtBLncZHKiPFlk7khDswrEpc3zeoXw+PPU1h8SAQiOK8XwARN9GNQA+QYKeFt5j8favMdqzNdBKPPs0FXnrhq3I7iCYeu6w9mAtnfkCIouRQSshMGtQ3uRGH06eGxFwPiSiBx/MKCx2Z9P31nuNLnyhHkwCym9yd4qrY8TLewpb4SEMjXZ5RbfFGN2muLDMeC4MAbj8cezgIZNDiwE4zTZjESjnw3B3AR1ZoGtY+rLwi8AtyV5eT9tDYbLLq2 e5QHIKoyg8ZilEcWkW1jRyiuqLAvjI//urz6O6MvX5G4XQhhaT5MF52BWcdE5WUwYBLY8Qdst4Y9qioj1r8WytNtTJTceqEImuFTImcL8GhbDLnX72CFRkMVM24sUprMPDpvISB60DOid+KsYSgmWnGOC+pgkylDMVLcmIMTSESGOtrFFvemltbv3LwAjj5qNEi6cwsZjhPNra9I4UU+Za430NKYBugVAlRR738UrOtktmRwY7DSXpc1MWQVoBJUpggIoL1kbQ1wSirP8TWerBxGB1rincrSNOec56iAq+Jzfxz3g2ijjdwJ8dJTG7SQbsCA8wUYbssH0KVKPNnOeb2YbfGGDQYQYGpXnq4DOfU4rvD4uw2dazNy4kp301ewZ+i7nS+d9IaO53Bgr0g/iVR+NUw5XZQ/H08Z7You8tVCfnNQE6+CzZasGiqmfyK22ANJF5zHQChA9RIr2hXPzd0brfoxfHv81Mqnf70w93zq7tEP/AdeWfhq19HzjcubibADVrXfutcbG4jlyY2bP/2nmPzDv8PfRNnNp/8t43UHbzPE6e4y/BPtdoyxCRNikubbqU0W1y54YcTHHg5qai6oQYldaTtw3uaRwZSBeV/+cB7mjmQdHUImvXKpE60jN61dj5eQumFBOC9y0sYBrYH7NljMJMkFE9RojJhGQbHxsXmM5C+a9DPYnCQpYkusCCgyc4iQyUIC3XMr+PrvnLf8nQQo7Ub8YCVYkuS7TRj3gNtfuOMd64ibMUR9Eb5EDksm7ft/Y4m+0qYaiw7vxtAWgjeTGJ7Ginf3nFS7BRDfgTMk+04LwjiwwqK6+ex28RYoKdjpLNwabIxic0SqaI0EC9LEzGIe34CsrsXg8gqBMA1tr5b8eNIkU504SRXcvfRhUKHPwFEhjcuoJWeO/r9xSi2Ng4B/bTp/0CneT9djjG7agfnDnknA8s+Sn+Sw3gx7WnV </xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><wsu:Timestamp wsu:Id="TS-130"><wsu:Created>2014-04-23T18:36:30.742Z</wsu:Created><wsu:Expires>2014-04-23T18:36:35.742Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id="UsernameToken-129"><wsse:Username>POC-Username</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";>tCrB/vJpre8aByMQKsrZ3I6e//M=</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>1ytxvtj+pZkkAP65sxkoQg==</wsse:Nonce><wsu:Created>2014-04-23T18:36:30.741Z</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header> <soap:Body wsu:Id="id-131" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><xenc:EncryptedData Id="ED-134" Type="http://www.w3.org/2001/04/xmlenc#Content"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";><wsse:Reference URI="#EK-E2522E1F1FA164BE57139827819075593"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Q3xcabuAsMPxc623YPtXNXPewOg1Zew2i5lc6pCZSFW93gu8t8Q2S5GsP+J0sHFXbHVdU2KwiBSZGReK0oAa3U73oHs5T2YB2Ib0x7C9Ygi2amt1WU3mP782znUWdAaKlsS7U+/hY6PJOHc6WGUQP/sqW6ncZ20VquVsw7ZGBAcxYluUAahzxGlyDD2v9rmBSK7hX+uFe93avwg4vJbsCqhaBrN1gkvbWBC0gDg+Pybm1CIgf3tfOmfNmY0qESuw3ljljMy8zMpRb/qfHdf2wLDkrs+0vs26C0qotXhKKS+4i9qUGg3HaGM/sCl4rcCM+/HNYL9c1am+vJsKfhBu8fEewCQEJui+spPUxIRYM2cp9GpZOL0pK2M9V3BT/9inuJzxj8V3ckp1f3S9fuFk8vgZNfYCHtQXmajtJ4MWOlMeHE2KtcSpRLuFbLDGn0DNtugZx7aonheKIRpXNYqBskAwSETWpIxGMvoLYnH9PIjB3T4HUB+4mwc724PJ1wVMDwu45zVeO4pUNeL7XQ98gfMC+C0tfitDIBOv75d/YsgigMnc+sGKBtoX4Y7F6j1tEM4BdqA58S/AEyRoMdOoRVP4YJq+VTRbetIVIutpBK+nJGJ7MweDlkLZT7+sxEHoptqLLDfZg7Y/cwL7ro0S4UxVz7I2H2dZo26D5r/nhGzhzLei5VvNYvEG/YYSUyE1uuR/sGxzxavFQ2ssA72RltMqy5C9z5y5</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body> </soap:Envelope> ------=_Part_16_808161854.1398278190760 Content-Type: text/plain; charset=us-ascii; name=test.txt Content-Transfer-Encoding: 7bit Content-ID: <85277029681> Content-Disposition: attachment; name="test.txt"; filename="test.txt" This is Test file for testing MTOM File Upload... ------=_Part_16_808161854.1398278190760-- -------------------------------------- Regards Paul
