Hi, Please help on this topic.
When CXF is not at both ends of the wire, MTOM upload is not working with WS-Security. I am testing a CXF Web service with SoapUI. It works fine when CXF is at both ends of the wire. Is this a CXF issue or a SoapUI issue. I can see SoapUI constructing a valid input SOAP message but Service after receiving request is not able to read the MTOM attachment. Regards Paul On Wednesday, April 23, 2014 2:45 PM, Paul Avijit <[email protected]> wrote: Hi, I have a CXF Web Service with MTOM (separate operations for upload and download) and WS-Security (UsernameToken Timestamp Signature Encrypt). Both upload and download operation with MTOM works fine when tested using CXF client. When testing with SoapUI, download operation works fine. There are no errors even for upload operation but the Web Service is not able to read the attached file. SoapUI is sending a well formed SOAP message with MTOM attachment. When SOAP message is sent by SoapUI to CXF Service, the service is able to: 1. Decrypt the message 2. Verify signature 3. Verify Timestamp 4. Verify Username token 5. Read all data elements in the SOAP body 6. Response back with a SOAP message (with Timestamp Signature Encrypt) SoapUI is able to Decrypt, verify signature and timestamp. Following are my CXF service In/Out Interceptors: <bean id="UT_TimestampSignEncrypt_Request" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <constructor-arg> <map> <entry key="action" value="UsernameToken Timestamp Signature Encrypt"/> <entry key="passwordType" value="PasswordDigest"/> <entry key="passwordCallbackRef" value-ref="myKeystorePasswordCallback"/> <entry key="signaturePropFile" value="serviceKeystore.properties"/> <entry key="signatureAlgorithm" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <entry key="decryptionPropFile" value="serviceKeystore.properties"/> <entry key="encryptionKeyTransportAlgorithm" value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> </map> </constructor-arg> </bean> <bean id="TimestampSignEncrypt_Response" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> <constructor-arg> <map> <entry key="action" value="Timestamp Signature Encrypt"/> <entry key="timeToLive" value="10" /> <entry key="passwordCallbackRef" value-ref="myKeystorePasswordCallback"/> <entry key="user" value="myservicekey"/> <entry key="signaturePropFile" value="serviceKeystore.properties"/> <entry key="signatureParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://www.w3.org/2003/05/soap-envelope}Body"/> <entry key="signatureAlgorithm" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <entry key="encryptionPropFile" value="serviceKeystore.properties"/> <entry key="encryptionUser" value="useReqSigCert"/> <entry key="encryptionParts" value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://www.w3.org/2003/05/soap-envelope}Body"/> <entry key="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <entry key="encryptionKeyTransportAlgorithm" value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> </map> </constructor-arg> <property name="allowMTOM" value="true"/> </bean> But the CXF service is not able to read the file content which was uploaded as MTOM attachment. Is this a bug in CXF. Can the CXF experts in this mailing list, please help. Thanks in advance. The SOAP message sent by SoapUI is present below: INFO: Inbound Message ---------------------------- ID: 12 Address: http://localhost:7001/bes-hc-poc-caqhcore-web/services/Core Encoding: ISO-8859-1 Http-Method: POST Content-Type: multipart/related; type="application/soap+xml"; start="<[email protected]>"; boundary="----=_Part_16_808161854.1398278190760" Headers: {accept-encoding=[gzip,deflate], connection=[Keep-Alive], Content-Length=[9093], content-type=[multipart/related; type="application/soap+xml"; start="<[email protected]>"; boundary="----=_Part_16_808161854.1398278190760"], Host=[localhost:7001], MIME-Version=[1.0], User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]} Payload: ------=_Part_16_808161854.1398278190760 Content-Type: application/soap+xml; charset=UTF-8 Content-Transfer-Encoding: 8bit Content-ID: <[email protected]> <soap:Envelope xmlns:cor="http://www.caqh.org/SOAP/WSDL/CORERule2.2.0.xsd"; xmlns:soap="http://www.w3.org/2003/05/soap-envelope";> <soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><xenc:EncryptedKey Id="EK-E2522E1F1FA164BE57139827819075593" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>MIIBnzCCAQigAwIBAgIEU05SjzANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTQwNDE2MDk1MTExWhcNMTYwNDE1MDk1MTExWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAImydZjGWfawadlhFR5DCXEA704TmG9NVbIkmGZugNDH9NHOrnEpk9SAaaZ63lpy9Buow0dJZnlVvZao/LEGJSyFdHrL+gNQU0F1UF+dGsHSKV0PZw/7miH0qWEb9x7aSpK7RAsWAdLUGRbSQgQ3NgfJuExLjEc1ThXWEWO/DmENAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAg7aSHDXDuOgUU2qeg7T+VwCisz1EtJUSCS8Zb958+lRBpe2kbphqbcFsrLVB10/05ogx7s8G8w+73v6+HBUksf9GbPM/C9yaSdg1JmJ6mNO9NwxvJzD1HrAZ7bVCLy1YzXAmcF4QCny+tRrzTceEC4lI1cw+PqmjXPeGetw0YmI=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>CUVqfx2tci9+qt9k2KQjWSjoUcAWU35jozfAqmGwy6B2PuolHuVPBuHmV1lF58sLlH0dFXr1twywlJfOdwg/wIem5qfPENxNB9U8A+gAqDUpRrOE88kvJ4LUk0ksplhp+rcpSCm3Kt0EvIe9RMSCbJLTwkp6LUT87cvE63kT87E=< /xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#ED-133"/><xenc:DataReference URI="#ED-134"/></xenc:ReferenceList></xenc:EncryptedKey><xenc:EncryptedData Id="ED-133" Type="http://www.w3.org/2001/04/xmlenc#Element"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";><wsse:Reference URI="#EK-E2522E1F1FA164BE57139827819075593"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>gKCxK4+oKTcIelErCFz/EljSnr3IQ0XUZmt/WW0fl5AntuJOFQxFQg7gbGwUYpeI1o5vAFyyANS4jcOSJEna9HQmpVG5ZQsmkp8yoimyANdP4MteGWT3OPPlXjDxOkD3Th9k+QojobToSAiVaC+EEHeENycDJF0qg/IxFxu7E/+MMjaK7oeNnHING5CiyRyNqGI+N/PUmrVFp4AhgpKpyv4PddkKxsm7/aR1A2vF2t6BO7TSrkKyrLeTvGcC7zZspkPXNlT2WD7nYKEO25TLMge3EEmQYCDIHrKOx+cOIpOOp+Oh1b5QV5/hTdObLHxVtkabCl9+ggJelghoT2zBrPl4C8GCpLGPP9CqSxie19uSP4eIg6qnJ/mdlg/grY/bX1qdV7GNLkj0lGst4gMJ0Z6rrrveRMszhP4J4O3E5OrKaXLo455aQEpOX8BV4cjXnXcwS+mLd4M7KOus402sCEE8LbX8/D4Wa+qgmyZ4FElRIdkbERL29UxFbN8FgjLUMHugCppZyutgHUdJor6TazixqlAfKxOYtkjp35+KEQtIiOfPbr+v8e73DmvJOi4kSY8RyVFfm6fR2WWpzy/QW1zt12jPVo7tIwjDepGIMDrQ50r8rErWSAoWLn6zSVZb+B+LntvK8i5sMwaHEasedsI8lGEtfj6WySUTGDw4NYsBLYEXrsZX2RCp9FzGlmjLc5CkHi5AeYczqF3QP7i5IvsJFakzC770zyYPnIWDjUfIsOKzZAtP9K1KmU6KMw6t8bAYNUiWxgHcQqvbgRf8O8HUHrUYI/3GG959mKm1OvodFuAq MQK7DHQ6dY2Ltfkzfi/ZYx5oFciGiH8WTcJmOHFoqR/llOHeFhuuJx6E3hDr1v6UjWjLt17VTbaAuu917wsc36sMffgcDBafxsL2I/XM8FbwUUGkI+jvot14QIdkguuiHehSvulLWaC6Fg8uAZnvFFlV8hyJ9axL+YTk7Kj01/uW93b3NMd3kECiirdJmZjrJQP1zthrLB834xUVjp6xOJ8UooB859IMOS+RlgWfZRKJ/aQJKYQGydrAsn8zO5M0gRtgVpWLajqPI0adEX8JXoRkmganr9zwQc6aXcoroWnwRkw1yY118JprXtW4SXbvPF2t2cv9/mJ0Wi/GQ50yxqUncvlSxiRcdfrvGCsz6TEeu1Dm99t73rscTq3yHCxJJVZ5bffaN36ApeT7IGLKPkDLxECoSkiVItdqpfI1hjXUvcIg7R+Sg8OtVTGshny7di6p7wlfWmThcrMph4IoRazzmAXrs3bsTiGM4Gk1YXjos5655Rf2/UAjkxilAAYW/pHAyqEMckwnNj3jhP9azuq0vNL9334LEuiQY+VDJ59d9oonfaCw88EdkZYJcYKFgXv/SOL+mncXeFwnH3CWGhu+todn4Av/QyWJ4SVAttAgwR85IctTMSt7b0wPhX3CDQ/8HvPuYTW4hco7Zp3TNzGId0YXxJaKeuakGxWAk6Sh8d9lRISjLgZRDndq7Zw2fiIUkI6jlKGR2uiNJoK5vqx6CuBvfEOOkP9V+881H1qXD4Xu6LQqz3427P0tyL2Zs/XVzuFY9uS44nriOHHskHOSIlOcijEdyarE0yZTnrJD3Vbb7Vnp9VCHIq6UWzhb48Rth1HSQzrD7CMMB8BBmCPfScYXoUgfdvSaN+7tFKLiNdWDi3fbFfmFA5oJKJ6zV4dzF9M0gWWK0QHINDzdrZUJIx/cGgsODZvG1z6VATmY9EGbDi3Iw1J/RnKgJ1r9IQlf7Gs 7wYL+UZVcSLy5IG4Ny5dcvQyPFN3OzWx7HwNNPYiW9sEBE8UNT3+gIgkRYxHCkRa1ZZ66BrRQ/Nj17gAELu48DTR2mRYMvvIeoXS9e6xHD0HcfqCNzBo9QATzEVghrptcQY9qCcpEOGd6jQ6nEWp/3je1pk0umMAT5ls3iDsAvj5D1MCLKA5BjU/4OGltSJBlEjouC7r442xPI9X9QqvE1PLT1ScKRUG+l7o9CJf08NjK23SFdbml4ZYNfL1Go/CbMrWJmy5qRgmkD2/BUj6WewVUfd0yEhYM1qhVYkZPX3dLbBTltoj6GjK4cr1Rwostz+zwYF9DbnltFOANPSAkNdZmkXo1gBfBt+GKis/diftnSgflKm2tQqH27mUdzfZkOex3pEdh5yaiZbxO7bYQwveDvpCnzBn8CfaWWDwi4kZ79ND1A75hvW+z6pqlEgavm4C9X+xgobjfhOe9xQtzY8P5NEMEvIFDXorGWciz5y6RJk6SVlvADF53+8VGWkt62OBXIP6QhoF9u2Q1i429rgUDJRJ/XA2yX9u9cf7WpXWzp+5pxBiP54MhD9AVUnZ0W48iKTIiKACgteq+no0qprQRXhT47EdWxfnjbaEd4AyM6xioFLzuTOz6E5EkDw0hEIzmukJIDJiY48E+ggJEiuUhCKeyjIy1SXiL1FqYFFSKsAswwt9v+yDCDZGM8HpEn4bTugFOnqRT5x98iHn8IBTY6nb+BVyluGLIJtBLncZHKiPFlk7khDswrEpc3zeoXw+PPU1h8SAQiOK8XwARN9GNQA+QYKeFt5j8favMdqzNdBKPPs0FXnrhq3I7iCYeu6w9mAtnfkCIouRQSshMGtQ3uRGH06eGxFwPiSiBx/MKCx2Z9P31nuNLnyhHkwCym9yd4qrY8TLewpb4SEMjXZ5RbfFGN2muLDMeC4MAbj8cezgIZNDiwE4zTZjESjnw3B3AR1 ZoGtY+rLwi8AtyV5eT9tDYbLLq2e5QHIKoyg8ZilEcWkW1jRyiuqLAvjI//urz6O6MvX5G4XQhhaT5MF52BWcdE5WUwYBLY8Qdst4Y9qioj1r8WytNtTJTceqEImuFTImcL8GhbDLnX72CFRkMVM24sUprMPDpvISB60DOid+KsYSgmWnGOC+pgkylDMVLcmIMTSESGOtrFFvemltbv3LwAjj5qNEi6cwsZjhPNra9I4UU+Za430NKYBugVAlRR738UrOtktmRwY7DSXpc1MWQVoBJUpggIoL1kbQ1wSirP8TWerBxGB1rincrSNOec56iAq+Jzfxz3g2ijjdwJ8dJTG7SQbsCA8wUYbssH0KVKPNnOeb2YbfGGDQYQYGpXnq4DOfU4rvD4uw2dazNy4kp301ewZ+i7nS+d9IaO53Bgr0g/iVR+NUw5XZQ/H08Z7You8tVCfnNQE6+CzZasGiqmfyK22ANJF5zHQChA9RIr2hXPzd0brfoxfHv81Mqnf70w93zq7tEP/AdeWfhq19HzjcubibADVrXfutcbG4jlyY2bP/2nmPzDv8PfRNnNp/8t43UHbzPE6e4y/BPtdoyxCRNikubbqU0W1y54YcTHHg5qai6oQYldaTtw3uaRwZSBeV/+cB7mjmQdHUImvXKpE60jN61dj5eQumFBOC9y0sYBrYH7NljMJMkFE9RojJhGQbHxsXmM5C+a9DPYnCQpYkusCCgyc4iQyUIC3XMr+PrvnLf8nQQo7Ub8YCVYkuS7TRj3gNtfuOMd64ibMUR9Eb5EDksm7ft/Y4m+0qYaiw7vxtAWgjeTGJ7Ginf3nFS7BRDfgTMk+04LwjiwwqK6+ex28RYoKdjpLNwabIxic0SqaI0EC9LEzGIe34CsrsXg8gqBMA1tr5b8eNIkU504SRXcvfRhUKHPwFEhjcuoJWeO/r9xSi2Ng4B/bTp/0CneT9dj jG7agfnDnknA8s+Sn+Sw3gx7WnV</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><wsu:Timestamp wsu:Id="TS-130"><wsu:Created>2014-04-23T18:36:30.742Z</wsu:Created><wsu:Expires>2014-04-23T18:36:35.742Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken wsu:Id="UsernameToken-129"><wsse:Username>POC-Username</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";>tCrB/vJpre8aByMQKsrZ3I6e//M=</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>1ytxvtj+pZkkAP65sxkoQg==</wsse:Nonce><wsu:Created>2014-04-23T18:36:30.741Z</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header> <soap:Body wsu:Id="id-131" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><xenc:EncryptedData Id="ED-134" Type="http://www.w3.org/2001/04/xmlenc#Content"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";><wsse:Reference URI="#EK-E2522E1F1FA164BE57139827819075593"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Q3xcabuAsMPxc623YPtXNXPewOg1Zew2i5lc6pCZSFW93gu8t8Q2S5GsP+J0sHFXbHVdU2KwiBSZGReK0oAa3U73oHs5T2YB2Ib0x7C9Ygi2amt1WU3mP782znUWdAaKlsS7U+/hY6PJOHc6WGUQP/sqW6ncZ20VquVsw7ZGBAcxYluUAahzxGlyDD2v9rmBSK7hX+uFe93avwg4vJbsCqhaBrN1gkvbWBC0gDg+Pybm1CIgf3tfOmfNmY0qESuw3ljljMy8zMpRb/qfHdf2wLDkrs+0vs26C0qotXhKKS+4i9qUGg3HaGM/sCl4rcCM+/HNYL9c1am+vJsKfhBu8fEewCQEJui+spPUxIRYM2cp9GpZOL0pK2M9V3BT/9inuJzxj8V3ckp1f3S9fuFk8vgZNfYCHtQXmajtJ4MWOlMeHE2KtcSpRLuFbLDGn0DNtugZx7aonheKIRpXNYqBskAwSETWpIxGMvoLYnH9PIjB3T4HUB+4mwc724PJ1wVMDwu45zVeO4pUNeL7XQ98gfMC+C0tfitDIBOv75d/YsgigMnc+sGKBtoX4Y7F6j1tEM4BdqA58S/AEyRoMdOoRVP4YJq+VTRbetIVIutpBK+nJGJ7MweDlkLZT7+sxEHoptqLLDfZg7Y/cwL7ro0S4UxVz7I2H2dZo26D5r/nhGzhzLei5VvNYvEG/YYSUyE1uuR/sGxzxavFQ2ssA72RltMqy5C9z5y5</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>< /soap:Body> </soap:Envelope> ------=_Part_16_808161854.1398278190760 Content-Type: text/plain; charset=us-ascii; name=test.txt Content-Transfer-Encoding: 7bit Content-ID: <85277029681> Content-Disposition: attachment; name="test.txt"; filename="test.txt" This is Test file for testing MTOM File Upload... ------=_Part_16_808161854.1398278190760-- -------------------------------------- Regards Paul
