Thank you all for help and sharing your knowledge about WS-Security combined with MTOM in CXF.
Regards, Maciej dkulp wrote: > > > Currently, WSS4J (and thus CXF) doesn't support encrypting/signing of > attachments. Thus, for security sake, by default, the > WSS4JOutInterceptor > turns off MTOM to make sure any data is properly protected. > > If you want, you can configure the WSS4JOutInterceptor to allow MTOM to > remain > on. There is an AllowMTOM property on it. Just set it to true. Just > keep in mind that the attachments would not be signed/encrypted. > > Dan > > > > > On Wed March 4 2009 11:25:14 am XyLus wrote: >> Hi All >> >> I have client abd server that use MTOM to send message with attachment. >> (it >> works fine I can see >> <xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include"; >> href="$reference"/> in message and attachment bytes afterwards in >> Outbound >> log) >> >> I am wondering if it is possible to combine MTOM and WS-Security X.509 >> Certificate Token Profile signing >> >> >> I checked out WS-Security and MTOM tutorials available on CXF page and >> now >> I have client code as follows: >> >> >> UploadService ss = new UploadService(wsdlURL, SERVICE_NAME); >> UploadServicePortType port = ss.getUploadServicePort(); >> >> >> //WS-Security via API >> >> Map<String,Object> outProps = new HashMap<String,Object>(); >> >> outProps.put(WSHandlerConstants.ACTION, "Signature"); >> outProps.put(WSHandlerConstants.USER, "myAlias"); >> outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, >> ClientPasswordCallback.class.getName()); >> outProps.put(WSHandlerConstants.SIG_PROP_FILE, >> "client_sign.properties"); >> >> org.apache.cxf.endpoint.Client client = >> org.apache.cxf.frontend.ClientProxy.getClient(port); >> org.apache.cxf.endpoint.Endpoint cxfEndpoint = >> client.getEndpoint(); >> >> WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); >> cxfEndpoint.getOutInterceptors().add(wssOut); >> cxfEndpoint.getOutInterceptors().add(new SAAJOutInterceptor()); >> // >> 2.0.x only; not needed in 2.1+ >> >> //WS-Security via API END >> >> Binding binding = ((BindingProvider)port).getBinding(); >> ((SOAPBinding)binding).setMTOMEnabled(true); >> >> >> I've made matching changes on server side and everything works fine. >> However there is no >> <xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include"; >> href="$reference"/> >> in client Inbound anymore. Instead of reference in message there is >> attachment data coded with base64 :/ >> >> >> Please confirm whether my client configuration is not correct or >> combining >> MTOM and WS-Security at the same time is not possible. >> >> Any help would be appreciated, >> Maciej > > -- > Daniel Kulp > [email protected] > http://www.dankulp.com/blog > > -- View this message in context: http://www.nabble.com/MTOM-%2B-WS-Security-X.509-Certificate-Token-Profile-Question-tp22333460p22353204.html Sent from the cxf-user mailing list archive at Nabble.com.
