What are the Axis2, Rampart and Axiom versions that you are using? Andreas
On Tue, Dec 27, 2011 at 23:18, Jaime Hablutzel Egoavil <[email protected]> wrote: > Hi I want to post an apparent bug when DOOM option is activated in the > client, so the SOAP message include xop:Include even when using WS-Signature > and doesn't send the message in base64, this way getting advantage of MTOM. > > When using DOOM the canonicalized data to create the digest is: > > <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="id-2"><echo > xmlns="http://client.mtom.sample";><arg0>b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body> > > But when DOOM is disabled the data is: > > <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample";><arg0 > xmlns="">b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body> > > Look at the difference in red color. This causes the digest value to be > different so the server gets confused and is unable to validate the > signature when using DOOM in the client. A workaround seems to be to use > only namespaced elements so the xmlns="" doesn't get generated never. > > I would like to know if someone has reached this problem when using MTOM + > WS-Signature in axis 2. > > Other thing, DOOM option is not really well documented anywhere in axis2 > website and I just found that it was available to make real MTOM with > WS-Signature debugging the source code for three days u.u. > > Good bye > > > > -- > Jaime Hablutzel - 9-9956-3299 > > (tildes omitidas intencionalmente) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
