MTOM + WS-Security does not work in CXF at this point in time. WSS4J is currently developing a streaming WS-Security solution, and so we should be able to offer MTOM + WS-Security in a later CXF release.
Colm. On Thu, Jan 10, 2013 at 1:44 PM, WIELGUS Franck <[email protected]>wrote: > Hi > > I am testing CXF capabilities when combining MTOM and WS-Security > > I saw your answer about that topic here : > > http://stackoverflow.com/questions/1264992/sending-binary-data-through-web-service-and-using-ws-security< > http://stackoverflow.com/questions/1264992/sending-binary-data-through-web-service-and-using-ws-security > > > > Is it still true with the latest release of CXF ? > > I tested a CXF service with a MTOM attachment and WS-Security enabled > (signature / encryption / signature + encryption) and the attachment is not > inlined and thus is not secured... It seems this behaviour is caused by my > WSDL definition which defines a MTOM policy : > > <wsoma:OptimizedMimeSerialization /> > > (the problem is the same if the service definition class is annotated with > @MTOM) > > Without this policy, CXF inlines the attachment as you described. > > > > So what is the best pratice with MTOM and WS-Security if a WSDL defines a > MTOM policy ? Is it a bug ? > > Do I have to manually disable MTOM support on my CXF client/service ? It > may be risky if developpers uses CXF without being aware of this particular > problem. > > > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
