Currently, WSS4J (and thus CXF) doesn't support encrypting/signing of attachments. Thus, for security sake, by default, the WSS4JOutInterceptor turns off MTOM to make sure any data is properly protected.
If you want, you can configure the WSS4JOutInterceptor to allow MTOM to remain on. There is an AllowMTOM property on it. Just set it to true. Just keep in mind that the attachments would not be signed/encrypted. Dan On Wed March 4 2009 11:25:14 am XyLus wrote: > Hi All > > I have client abd server that use MTOM to send message with attachment. (it > works fine I can see > <xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include"; > href="$reference"/> in message and attachment bytes afterwards in Outbound > log) > > I am wondering if it is possible to combine MTOM and WS-Security X.509 > Certificate Token Profile signing > > > I checked out WS-Security and MTOM tutorials available on CXF page and now > I have client code as follows: > > > UploadService ss = new UploadService(wsdlURL, SERVICE_NAME); > UploadServicePortType port = ss.getUploadServicePort(); > > > //WS-Security via API > > Map<String,Object> outProps = new HashMap<String,Object>(); > > outProps.put(WSHandlerConstants.ACTION, "Signature"); > outProps.put(WSHandlerConstants.USER, "myAlias"); > outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, > ClientPasswordCallback.class.getName()); > outProps.put(WSHandlerConstants.SIG_PROP_FILE, > "client_sign.properties"); > > org.apache.cxf.endpoint.Client client = > org.apache.cxf.frontend.ClientProxy.getClient(port); > org.apache.cxf.endpoint.Endpoint cxfEndpoint = > client.getEndpoint(); > > WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); > cxfEndpoint.getOutInterceptors().add(wssOut); > cxfEndpoint.getOutInterceptors().add(new SAAJOutInterceptor()); // > 2.0.x only; not needed in 2.1+ > > //WS-Security via API END > > Binding binding = ((BindingProvider)port).getBinding(); > ((SOAPBinding)binding).setMTOMEnabled(true); > > > I've made matching changes on server side and everything works fine. > However there is no > <xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include"; > href="$reference"/> > in client Inbound anymore. Instead of reference in message there is > attachment data coded with base64 :/ > > > Please confirm whether my client configuration is not correct or combining > MTOM and WS-Security at the same time is not possible. > > Any help would be appreciated, > Maciej -- Daniel Kulp [email protected] http://www.dankulp.com/blog
