I'd suggest trying to get the simplest possible use-case failing. So for
example, if you were to remove encryption does it still fail? If you remove
WS-Security altogether does it still fail? It might help to pinpoint where
the error is. What does the logging tell you?

Beyond that, you could create a SOAP UI project + CXF endpoint testcase and
I will take a look.

Colm.


On Sat, Apr 26, 2014 at 12:55 PM, Paul Avijit <[email protected]> wrote:

> Hi,
>
> Please help on this topic.
>
> When CXF is not at both ends of the wire, MTOM upload is not working with
> WS-Security. This happens when I am testing a CXF Web service with SoapUI.
> It works fine when CXF is at both ends of the wire.
>
> Is this a CXF issue or a SoapUI issue. I can see SoapUI constructing a
> valid input SOAP message but Service after receiving request is not able to
> read the MTOM attachment. Following are the details of the Web Service.
>
> I have a CXF Web Service with MTOM (separate operations for upload and
> download) and WS-Security (UsernameToken Timestamp Signature Encrypt).
>
> Both upload and download operation with MTOM works fine when tested using
> CXF client.
>
> When testing with SoapUI, download operation works fine.
>
> There are no errors even for upload operation but the Web Service is not
> able to read the attached file. SoapUI is sending a well formed SOAP
> message with MTOM attachment. When SOAP message is sent by SoapUI to CXF
> Service, the service is able to:
>
> 1. Decrypt the message
> 2. Verify signature
> 3. Verify Timestamp
> 4. Verify Username token
> 5. Read all data elements in the SOAP body
> 6. Not able to read the file sent as MTOM attachment
> 7. Response back with a SOAP message (with Timestamp Signature Encrypt)
>
> SoapUI is able to Decrypt, verify signature and timestamp.
>
> Following are my CXF service In/Out Interceptors:
>
> <bean id="UT_TimestampSignEncrypt_Request"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>     <constructor-arg>
>         <map>
>             <entry key="action" value="UsernameToken Timestamp Signature
> Encrypt"/>
>             <entry key="passwordType" value="PasswordDigest"/>
>             <entry key="passwordCallbackRef"
> value-ref="myKeystorePasswordCallback"/>
>             <entry key="signaturePropFile"
> value="serviceKeystore.properties"/>
>             <entry key="signatureAlgorithm" value="
> http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>             <entry key="decryptionPropFile"
> value="serviceKeystore.properties"/>
>             <entry key="encryptionKeyTransportAlgorithm" value="
> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
>         </map>
>     </constructor-arg>
> </bean>
>
> <bean id="TimestampSignEncrypt_Response"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>     <constructor-arg>
>         <map>
>             <entry key="action" value="Timestamp Signature Encrypt"/>
>             <entry key="timeToLive" value="10" />
>             <entry key="passwordCallbackRef"
> value-ref="myKeystorePasswordCallback"/>
>             <entry key="user" value="myservicekey"/>
>             <entry key="signaturePropFile"
> value="serviceKeystore.properties"/>
>             <entry key="signatureParts" value="{Element}{
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://www.w3.org/2003/05/soap-envelope}Body
> "/>
>             <entry key="signatureAlgorithm" value="
> http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>             <entry key="encryptionPropFile"
> value="serviceKeystore.properties"/>
>             <entry key="encryptionUser" value="useReqSigCert"/>
>             <entry key="encryptionParts" value="{Element}{
> http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://www.w3.org/2003/05/soap-envelope}Body
> "/>
>             <entry key="encryptionSymAlgorithm" value="
> http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
>             <entry key="encryptionKeyTransportAlgorithm" value="
> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
>         </map>
>     </constructor-arg>
>     <property name="allowMTOM" value="true"/>
> </bean>
>
>
>
> The SOAP message sent by SoapUI is present below:
>
> INFO: Inbound Message
> ----------------------------
> ID: 3
> Address: https://localhost:7002/bes-hc-poc-caqhcore-web/services/Core
> Encoding: ISO-8859-1
> Http-Method: POST
> Content-Type: multipart/related; type="application/xop+xml"; start="<
> [email protected]>"; start-info="application/soap+xml";
> action="BatchSubmitTransaction";
> boundary="----=_Part_2_1401538319.1398513008102"
> Headers: {accept-encoding=[gzip,deflate], connection=[Keep-Alive],
> Content-Length=[9142], content-type=[multipart/related;
> type="application/xop+xml"; start="<[email protected]>";
> start-info="application/soap+xml"; action="BatchSubmitTransaction";
> boundary="----=_Part_2_1401538319.1398513008102"], Host=[localhost:7002],
> MIME-Version=[1.0], User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]}
> Payload:
> ------=_Part_2_1401538319.1398513008102
> Content-Type: application/xop+xml; charset=UTF-8;
> type="application/soap+xml; action=\"BatchSubmitTransaction\""
> Content-Transfer-Encoding: 8bit
> Content-ID: <[email protected]>
>
> <soap:Envelope xmlns:cor="http://www.caqh.org/SOAP/WSDL/CORERule2.2.0.xsd";
> xmlns:soap="http://www.w3.org/2003/05/soap-envelope";>
>    <soap:Header><wsse:Security xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><xenc:EncryptedKey
> Id="EK-C60D03DB1FCA570C29139851300809612" xmlns:xenc="
> http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference><wsse:KeyIdentifier
> EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> "
>  ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
> ">MIIBnzCCAQigAwIBAgIEU05SjzANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTQwNDE2MDk1MTExWhcNMTYwNDE1MDk1MTExWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAImydZjGWfawadlhFR5DCXEA704TmG9NVbIkmGZugNDH9NHOrnEpk9SAaaZ63lpy9Buow0dJZnlVvZao/LEGJSyFdHrL+gNQU0F1UF+dGsHSKV0PZw/7miH0qWEb9x7aSpK7RAsWAdLUGRbSQgQ3NgfJuExLjEc1ThXWEWO/DmENAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAg7aSHDXDuOgUU2qeg7T+VwCisz1EtJUSCS8Zb958+lRBpe2kbphqbcFsrLVB10/05ogx7s8G8w+73v6+HBUksf9GbPM/C9yaSdg1JmJ6mNO9NwxvJzD1HrAZ7bVCLy1YzXAmcF4QCny+tRrzTceEC4lI1cw+PqmjXPeGetw0YmI=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Dd5JFnmx4ra0lJFtfD8tW2FrgWe9wjXahKzgX0B8b6yUW0DqDYO7f/da2nVG1HrlEgmoT0oWj8kucoudtJnTKzqBs43qgV36anDwfxvP8KZHtgNqDE7UYQAweeJntFJW6o/gPWgFEFznqEI/04gJWtKvHPkJ/HZCCSfLi4Xqy9I=</xenc:CipherValue></xenc:CipherData>
> <xenc:ReferenceList><xenc:DataReference URI="#ED-17"/><xenc:DataReference
> URI="#ED-18"/></xenc:ReferenceList></xenc:EncryptedKey><xenc:EncryptedData
> Id="ED-17" Type="http://www.w3.org/2001/04/xmlenc#Element"; xmlns:xenc="
> http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference
> wsse11:TokenType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";
> xmlns:wsse11="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
> "><wsse:Reference
>
>  
> URI="#EK-C60D03DB1FCA570C29139851300809612"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>wfdQpa8Yx0vhRMVL73KMtCuqJunjZ61Ea/gAWIvdj5bDfMUO7VB+XWRh+IJZP66uaK9otRy3RrYzDKUAx+k16K95INGMglXw08jnZNM0Sg1XNcZJkEyqy32euruHmv1zcTEIKn3gE747PSKkujL4/fKdQ1D2qIYG/9ksz0JnxdeshLof++0wngMSeAKM2C9mpSRli/ifr2Zzm/FOlVp71CyL5F93IQ90fwxshknMEZPNw1THYlJDVx2okFRGEmV5aO5bWV4DTAqZO5DI+E+fKPeIAiaqemRtJSZC1ltdrSxccPJCf+enEMMbKDUW158GdjycvfldNInQ1+AyH7QIivuRz9Uc4WqPq+1rkdGlmVsAqZ9bGtSxp88avz08tit2Vl36nJUYl+ecfXC7o0ACjJH5X3umm0t93xOK9rZ9sMdCKiC+mgqUwIGRlKyR22vq+PxIYq+YhDbv1D2sKRjshBV6SKmf7dhyznSxN36dqC6Oq3exOCpXb5s6CE+fdQpDy7B46sGNSU41DR9V1P+1VeM0WOmAy8TyZ3CkWQb142+etgBzvmrrJGaPeIjV0+1fKCfLTmuuWTcLPE6NMuFzOZogY44xN4abT/2Mxlm53weA446JriqxWWVexhImDFgHLaY4kxPKWcVNFaS0YM+ikpz1kh4mTOTAFBsY/Nc59BbcMBhKhrd0nBRmZ3KIvXHudB05Nhg9wAJzpSrcd5hAr2wQGszd6Ru7DC+KvdEU88FO4kdNPrcTBZEdZ1oLKoZE/NOwQ6RRPcj6AAldjzd5V3DjwapQaNOn9T79bJySmRQX7Rr3Ph5Kd2YjNZ6nRVul7RlZqxEQdCT
>
> MTjBh83J2dQxQVsi8l+pFapFLlBr5dQv2OLgrY0S/8qGAbkE3iOidhdmRpz2tw+lmcxn6ijt+JxiD45WLPx1dNTDMB7V6wqBP3Ql10LaKvBJf+i5u7eIjxm5KNlf1zkGJqd/078aU527uZT0BkC7wpsN3TT7pc/YlsAu1rcfX1Lfs0uGeM/WNOX/kDv2DK7rvaFxcGDm7d8N/2QpaMmc9+q0gWsnac/wO4KGLuFYlK52GW0qXjshqz3EOHiibxgHRNf/Y2F1XMZrmmU6BLPMuBsYE7KqfBpGWgrKBjeNwRt5espj1sPnzBAmEdmj19b3IDRAHDyJRK6FnMcPT8wwo7PHaTWbm8a1qUqQOWFNw8UFBCTTuCfQKvryyNaZIMstWaB+SsJSaNVDr4oxcIjA0Ky6EvYWFMeIPCd2vrLrujITREiY9Nv8TkrBiOdn6Xf17zmNsxhtEf1Ry8N76xsmopTf/59QeaOgInH8C5A9Jh+8XoJuDYol88MNPi1qbSpQwYGsCibUX4ykZ8KI1wpGg9NxiW4RA4CtWgdGwYqBR05hPgHfWPIiYC65zctjjVAPrMj1wvAoSvj1Vxfy4P1DfayF2a1+uc9WVX6cT7sMCOPqKiN3kvgRB3TF06zd/yiHW/1sxbG4j+v1YVRmqfxf7xkXoKovqfMi8D8BtUQZ2GtxxsBPBJx1yuMEz86owN0kIUSSdCJFgaELTqBYce6FrMsrBbumk3c5B8N/GTgyG8WrOhTujCedpuAk/7B0dkm5QQa92X+1J2kYZsG+RLZqrF+LWD7MM/YgICPSsrI+BCwnAVsQPDH596CLdir6eeMGh+QE/2Ttop4gLpU4Vzd4A4CDbjaj/AHkxjKAWBQViubkWixccN5YRCH3Cfh/GDEwxKUXesq4JsA+tAISobVe8wqbi8sjyVZaGnb04RI3xn9OnE/rzQEdcFzefj0J9G+bG2ofO3a
>
> 6RbWQVkAkphmJIxpGNtr82BnOWfcJJlFZLsqJlPBR7DluSbJt9Ui23KMMXj4zXjWdqntJX2F0Z3u8Ewp/30760lLYzb/bXe4dGtKFjNGMNgecCcdeAQnhgJWd2pJbfsH97r0Vl2HMrddXHs9/MD8EF6oynCBP8sdqLuxxEkUE5xeSZlIURo/SXaG124CcS9eg2cb38JStITcbDoSz9ItMEEc2c0dIz5p6veeXB/jzjlz0mDbgy8WrawMQIe1KAmu8HazUZ6S24ZveCK5vRzY5uoc17QtaDrAby06AUboouBy28sK6tES03nYKgNxQIhdfVTIwoIUQ65jBFx/OCw2R1IzETNsz4igbA3kcuj4I3LOCFqdDGERKW/4QLI+/x5mRd4lc6k3q1sb8Et4TCYoo81edn/q7GEAZaNvFD2LwK0JWeDCzWuxx9wfjfWPi4E9WZAdJIBPHerh/CIPmU2zc5Tdc6d9/k+0mN35JseD+Au4c17Lhs/CMb7jodmVq9Oik8JvaSEAmjShnlFli4tjN9MaJTcBmzUHWDfYYTn79Uo9jJK1jLirxYqJwt3i+oUMvQCJLJ97+NiHciFeBi37TvRWJrxT4PzVlY/fhew2mZXd4yeyQbj2LtyoOKBsUsoeIFnYIJLKT3CQCcHNtA2gTp+CbMNZ1y9geWLz8w/OdrLW13eXWBipWmlUOpwOR43ESjonz9w4M7y3RvlXvFTesviHgL0MEV/GnVBV/4y9JrUGrOvjb8yfscOoI2k5opNIoJFSwtBlSoxwYvhwg5rgCFO6KY8hq+huh3zx88Ow0kDfVLbiE8aIcx1qodCl/0N1pvjClzHOO7wCCLxPX0oBKoclA8/z9tW/4raIlze/ZbkATKojdmdCwxPgsL6b21zlkDtAlpdykHZUCO6KrHRQso0Pm2n+aX4inODadbw4H86NVhRgC0kt16+6GO1mB+7rm7c+d2r
>
> GprmrxtzlS40smaBSbIiiwdoAd5F5BwBfiMGRBfIiCQiGLjDRBJi/P+ufh4iOpMxwrT1gupnl8uwK1cqM7MaNrp+REPxpQS4O9boNtw5W1ZoD3HxqT95rNA+GwN0w2DkchWgzaZo0/uALVKIJa/JwtGv9j6HSn7hFYseUMtNU7RxHs4+Gj+KYX6hJ0GbUpYSRRD/UXT20gqzfA5GobQ9NfnrsDwVCUxFGn2TGapS5X93TQEf+D97W1qAkCww6emrkCIMrU31LQmUvlmBu0aIQLT6h59wRDlRBGMzsKaj3KAKuI4kwdLt8iiJTEpzbOceRcB0mUzNTbOXZdgAKzuiC3lda9ChGfA+jwQAYGvkbpeIYWhCcxAV7gVYXjvRdB4k3u+xe5W4Ubv5b1mGYVCCRQWNpDC06sNvnwzPt6Qa9kAMYC9pB/iw6Oy8XEzbzpbxqFpxT4jxv41v6leX3T/KgTXO1XaQHwsEEAtSk6kCMzLxaGWdQd78vOR/GWPjiCKSC+hDDKmlIPuFQ65TKw9I2cWmQMqC7maVRQq4+7RMPHt+iwJGofDDYyxTpdqdo1miqHHC44Y2XqhnxubajR37pXavbv/W2YJkNKptFJHZv1cYTBdlR+f0GnqgqFvAyZzs4+pKv/YiQ68E4dBVqXy4cVx0DLjHLFzETJeWUFsiX+P81s4fB4RB5r6vwtfaPPDjUHjvGaQMC+14H3ZmcMW+2t5VuDpqMIHt4XcDqayWCvBrcgEOz9mcq0hmjAogslad7dhe0J2y6iL5guoUavvaUZDewzkpdp3l2YGPnF1IB1m4+idkDKCgH9CYbufKo+UR/7OeIyEjfMNqGnwp157VGSwzXBMCVK7L113P+s5OUG8Tb0R8oDy2KslJ5y7HWN4CF5/QuYI3Ja5UGIDlr0mQy6VN1cA8MJ8Hf1o0CYgPkEzUamk8dHJqHFl4BX4/Q==</xenc:C
> ipherValue></xenc:CipherData></xenc:EncryptedData><wsu:Timestamp
> wsu:Id="TS-14"><wsu:Created>2014-04-26T11:50:08.080Z</wsu:Created><wsu:Expires>2014-04-26T11:50:18.080Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken
> wsu:Id="UsernameToken-13"><wsse:Username>POC-Username</wsse:Username><wsse:Password
> Type="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";>I2Pw32RLANbTrH6sF3OZakPNnFA=</wsse:Password><wsse:Nonce
> EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
> ">56mNOeA3JWwvapjrF1H8Bg==</wsse:Nonce><wsu:Created>2014-04-26T11:50:08.080Z</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header>
>    <soap:Body wsu:Id="id-15" xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><xenc:EncryptedData
> Id="ED-18" Type="http://www.w3.org/2001/04/xmlenc#Content"; xmlns:xenc="
> http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm="
> http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference
> wsse11:TokenType="
> http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> xmlns:wsse11="
> http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
> "><wsse:Reference
>
>  
> URI="#EK-C60D03DB1FCA570C29139851300809612"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>3R70hTNEIGMzN+wskHGSb3I6H8ULadOmn9/txdvhUIjbF4Fu+eGCmmllaDqdjnrdmCnTrRN6cj37FXIpw6htANJgg+A1tIcS23hNFekc9Yz03CA4RK3E2BYbFr8rUjnSCdwU+Y40cTUUvqVz7Xy9pDWsQUk/1kuKK7sNezZHoKiqROtLBSAh/942JYTaagHJvjmJeaVrmYthzfah4FnyADGRgPsOGU45nNg+ZbhaHC8TZ1NdxBPas4GsefH5GaJRji5R2pOQQOZk0sTtyI/7g79HSlaw7VPO105HwIGD1QHrmKlqCO4JgJ1cwG98bgE/7yCub8DTezIe5y1de3AXEC7sjt7F1+KPeirTlzi6QiASKQI7YeWsKZ/vj/fp1nGtjie4S45m7T4Y9p4cpFVgNO1uM1jppLmUJzh7vra+feLI7CItZtv3wMePnSz8IZvc/9Js2AFH3muK2gA6ScvlC+v3zrpY/SSEiyfS8dxb8fSopi27jasvQOlFr6DESYQ7aO9aWXpOqeh0Jzy8YFUw0INa0MON5Gs6TzafOLAEnm7B5ocP9y3tL8Xmv9aX90KdWo9V1bP7HBDMFNgVIWyp6mVt4ds4K58pRpikgvhoncv0b8xm50SnghOu+ubpS4TGurt31idv4zkpn8pNYj5fhkk1DXoMO/c8WSPvURgDiu+2GakRztTaxNOUv5o99LzGlqM8y2jjKwS/76Jy7AJceeUFagF+5dN9</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body>
> </soap:Envelope>
> ------=_Part_2_1401538319.1398513008102
> Content-Type: text/plain; charset=us-ascii; name=test.txt
> Content-Transfer-Encoding: 7bit
> Content-ID: <249996952948>
> Content-Disposition: attachment; name="test.txt"; filename="test.txt"
>
> This is Test file for testing MTOM File Upload...
> ------=_Part_2_1401538319.1398513008102--
>
> --------------------------------------
>
> Regards
> Paul
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to