Hi, I have a question about MTOM and WS-Security. I understand that CXF doesn't include the attachment when generating a signature to allow streaming large attachments. But what does it do during verification when it receives a signed request with MTOM? I assume that it can process signatures that do not include the attachment, but is it able to process one that does include it (i.e. the "correct" way)? We're trying to get a Metro 1.5 client to communicate with a CXF 2.6 service, and we're getting a "The signature or decryption was invalid" errors when the request contains xop elements. If that is indeed what is happening, any suggestion for a workaround that I can implement?
Thanks! -- View this message in context: http://cxf.547215.n5.nabble.com/MTOM-and-XML-Signatures-tp5720459.html Sent from the cxf-user mailing list archive at Nabble.com.
