I'd suggest trying to get the simplest possible use-case failing. So for example, if you were to remove encryption does it still fail? If you remove WS-Security altogether does it still fail? It might help to pinpoint where the error is. What does the logging tell you?
Beyond that, you could create a SOAP UI project + CXF endpoint testcase and I will take a look. Colm. On Sat, Apr 26, 2014 at 12:55 PM, Paul Avijit <[email protected]> wrote: > Hi, > > Please help on this topic. > > When CXF is not at both ends of the wire, MTOM upload is not working with > WS-Security. This happens when I am testing a CXF Web service with SoapUI. > It works fine when CXF is at both ends of the wire. > > Is this a CXF issue or a SoapUI issue. I can see SoapUI constructing a > valid input SOAP message but Service after receiving request is not able to > read the MTOM attachment. Following are the details of the Web Service. > > I have a CXF Web Service with MTOM (separate operations for upload and > download) and WS-Security (UsernameToken Timestamp Signature Encrypt). > > Both upload and download operation with MTOM works fine when tested using > CXF client. > > When testing with SoapUI, download operation works fine. > > There are no errors even for upload operation but the Web Service is not > able to read the attached file. SoapUI is sending a well formed SOAP > message with MTOM attachment. When SOAP message is sent by SoapUI to CXF > Service, the service is able to: > > 1. Decrypt the message > 2. Verify signature > 3. Verify Timestamp > 4. Verify Username token > 5. Read all data elements in the SOAP body > 6. Not able to read the file sent as MTOM attachment > 7. Response back with a SOAP message (with Timestamp Signature Encrypt) > > SoapUI is able to Decrypt, verify signature and timestamp. > > Following are my CXF service In/Out Interceptors: > > <bean id="UT_TimestampSignEncrypt_Request" > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="UsernameToken Timestamp Signature > Encrypt"/> > <entry key="passwordType" value="PasswordDigest"/> > <entry key="passwordCallbackRef" > value-ref="myKeystorePasswordCallback"/> > <entry key="signaturePropFile" > value="serviceKeystore.properties"/> > <entry key="signatureAlgorithm" value=" > http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <entry key="decryptionPropFile" > value="serviceKeystore.properties"/> > <entry key="encryptionKeyTransportAlgorithm" value=" > http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> > </map> > </constructor-arg> > </bean> > > <bean id="TimestampSignEncrypt_Response" > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="Timestamp Signature Encrypt"/> > <entry key="timeToLive" value="10" /> > <entry key="passwordCallbackRef" > value-ref="myKeystorePasswordCallback"/> > <entry key="user" value="myservicekey"/> > <entry key="signaturePropFile" > value="serviceKeystore.properties"/> > <entry key="signatureParts" value="{Element}{ > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://www.w3.org/2003/05/soap-envelope}Body > "/> > <entry key="signatureAlgorithm" value=" > http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <entry key="encryptionPropFile" > value="serviceKeystore.properties"/> > <entry key="encryptionUser" value="useReqSigCert"/> > <entry key="encryptionParts" value="{Element}{ > http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://www.w3.org/2003/05/soap-envelope}Body > "/> > <entry key="encryptionSymAlgorithm" value=" > http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> > <entry key="encryptionKeyTransportAlgorithm" value=" > http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> > </map> > </constructor-arg> > <property name="allowMTOM" value="true"/> > </bean> > > > > The SOAP message sent by SoapUI is present below: > > INFO: Inbound Message > ---------------------------- > ID: 3 > Address: https://localhost:7002/bes-hc-poc-caqhcore-web/services/Core > Encoding: ISO-8859-1 > Http-Method: POST > Content-Type: multipart/related; type="application/xop+xml"; start="< > [email protected]>"; start-info="application/soap+xml"; > action="BatchSubmitTransaction"; > boundary="----=_Part_2_1401538319.1398513008102" > Headers: {accept-encoding=[gzip,deflate], connection=[Keep-Alive], > Content-Length=[9142], content-type=[multipart/related; > type="application/xop+xml"; start="<[email protected]>"; > start-info="application/soap+xml"; action="BatchSubmitTransaction"; > boundary="----=_Part_2_1401538319.1398513008102"], Host=[localhost:7002], > MIME-Version=[1.0], User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]} > Payload: > ------=_Part_2_1401538319.1398513008102 > Content-Type: application/xop+xml; charset=UTF-8; > type="application/soap+xml; action=\"BatchSubmitTransaction\"" > Content-Transfer-Encoding: 8bit > Content-ID: <[email protected]> > > <soap:Envelope xmlns:cor="http://www.caqh.org/SOAP/WSDL/CORERule2.2.0.xsd"; > xmlns:soap="http://www.w3.org/2003/05/soap-envelope";> > <soap:Header><wsse:Security xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><xenc:EncryptedKey > Id="EK-C60D03DB1FCA570C29139851300809612" xmlns:xenc=" > http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm=" > http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds=" > http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference><wsse:KeyIdentifier > EncodingType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > " > ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 > ">MIIBnzCCAQigAwIBAgIEU05SjzANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTQwNDE2MDk1MTExWhcNMTYwNDE1MDk1MTExWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAImydZjGWfawadlhFR5DCXEA704TmG9NVbIkmGZugNDH9NHOrnEpk9SAaaZ63lpy9Buow0dJZnlVvZao/LEGJSyFdHrL+gNQU0F1UF+dGsHSKV0PZw/7miH0qWEb9x7aSpK7RAsWAdLUGRbSQgQ3NgfJuExLjEc1ThXWEWO/DmENAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAg7aSHDXDuOgUU2qeg7T+VwCisz1EtJUSCS8Zb958+lRBpe2kbphqbcFsrLVB10/05ogx7s8G8w+73v6+HBUksf9GbPM/C9yaSdg1JmJ6mNO9NwxvJzD1HrAZ7bVCLy1YzXAmcF4QCny+tRrzTceEC4lI1cw+PqmjXPeGetw0YmI=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Dd5JFnmx4ra0lJFtfD8tW2FrgWe9wjXahKzgX0B8b6yUW0DqDYO7f/da2nVG1HrlEgmoT0oWj8kucoudtJnTKzqBs43qgV36anDwfxvP8KZHtgNqDE7UYQAweeJntFJW6o/gPWgFEFznqEI/04gJWtKvHPkJ/HZCCSfLi4Xqy9I=</xenc:CipherValue></xenc:CipherData> > <xenc:ReferenceList><xenc:DataReference URI="#ED-17"/><xenc:DataReference > URI="#ED-18"/></xenc:ReferenceList></xenc:EncryptedKey><xenc:EncryptedData > Id="ED-17" Type="http://www.w3.org/2001/04/xmlenc#Element"; xmlns:xenc=" > http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm=" > http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds=" > http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference > wsse11:TokenType=" > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"; > xmlns:wsse11=" > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd > "><wsse:Reference > > > URI="#EK-C60D03DB1FCA570C29139851300809612"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>wfdQpa8Yx0vhRMVL73KMtCuqJunjZ61Ea/gAWIvdj5bDfMUO7VB+XWRh+IJZP66uaK9otRy3RrYzDKUAx+k16K95INGMglXw08jnZNM0Sg1XNcZJkEyqy32euruHmv1zcTEIKn3gE747PSKkujL4/fKdQ1D2qIYG/9ksz0JnxdeshLof++0wngMSeAKM2C9mpSRli/ifr2Zzm/FOlVp71CyL5F93IQ90fwxshknMEZPNw1THYlJDVx2okFRGEmV5aO5bWV4DTAqZO5DI+E+fKPeIAiaqemRtJSZC1ltdrSxccPJCf+enEMMbKDUW158GdjycvfldNInQ1+AyH7QIivuRz9Uc4WqPq+1rkdGlmVsAqZ9bGtSxp88avz08tit2Vl36nJUYl+ecfXC7o0ACjJH5X3umm0t93xOK9rZ9sMdCKiC+mgqUwIGRlKyR22vq+PxIYq+YhDbv1D2sKRjshBV6SKmf7dhyznSxN36dqC6Oq3exOCpXb5s6CE+fdQpDy7B46sGNSU41DR9V1P+1VeM0WOmAy8TyZ3CkWQb142+etgBzvmrrJGaPeIjV0+1fKCfLTmuuWTcLPE6NMuFzOZogY44xN4abT/2Mxlm53weA446JriqxWWVexhImDFgHLaY4kxPKWcVNFaS0YM+ikpz1kh4mTOTAFBsY/Nc59BbcMBhKhrd0nBRmZ3KIvXHudB05Nhg9wAJzpSrcd5hAr2wQGszd6Ru7DC+KvdEU88FO4kdNPrcTBZEdZ1oLKoZE/NOwQ6RRPcj6AAldjzd5V3DjwapQaNOn9T79bJySmRQX7Rr3Ph5Kd2YjNZ6nRVul7RlZqxEQdCT > > MTjBh83J2dQxQVsi8l+pFapFLlBr5dQv2OLgrY0S/8qGAbkE3iOidhdmRpz2tw+lmcxn6ijt+JxiD45WLPx1dNTDMB7V6wqBP3Ql10LaKvBJf+i5u7eIjxm5KNlf1zkGJqd/078aU527uZT0BkC7wpsN3TT7pc/YlsAu1rcfX1Lfs0uGeM/WNOX/kDv2DK7rvaFxcGDm7d8N/2QpaMmc9+q0gWsnac/wO4KGLuFYlK52GW0qXjshqz3EOHiibxgHRNf/Y2F1XMZrmmU6BLPMuBsYE7KqfBpGWgrKBjeNwRt5espj1sPnzBAmEdmj19b3IDRAHDyJRK6FnMcPT8wwo7PHaTWbm8a1qUqQOWFNw8UFBCTTuCfQKvryyNaZIMstWaB+SsJSaNVDr4oxcIjA0Ky6EvYWFMeIPCd2vrLrujITREiY9Nv8TkrBiOdn6Xf17zmNsxhtEf1Ry8N76xsmopTf/59QeaOgInH8C5A9Jh+8XoJuDYol88MNPi1qbSpQwYGsCibUX4ykZ8KI1wpGg9NxiW4RA4CtWgdGwYqBR05hPgHfWPIiYC65zctjjVAPrMj1wvAoSvj1Vxfy4P1DfayF2a1+uc9WVX6cT7sMCOPqKiN3kvgRB3TF06zd/yiHW/1sxbG4j+v1YVRmqfxf7xkXoKovqfMi8D8BtUQZ2GtxxsBPBJx1yuMEz86owN0kIUSSdCJFgaELTqBYce6FrMsrBbumk3c5B8N/GTgyG8WrOhTujCedpuAk/7B0dkm5QQa92X+1J2kYZsG+RLZqrF+LWD7MM/YgICPSsrI+BCwnAVsQPDH596CLdir6eeMGh+QE/2Ttop4gLpU4Vzd4A4CDbjaj/AHkxjKAWBQViubkWixccN5YRCH3Cfh/GDEwxKUXesq4JsA+tAISobVe8wqbi8sjyVZaGnb04RI3xn9OnE/rzQEdcFzefj0J9G+bG2ofO3a > > 6RbWQVkAkphmJIxpGNtr82BnOWfcJJlFZLsqJlPBR7DluSbJt9Ui23KMMXj4zXjWdqntJX2F0Z3u8Ewp/30760lLYzb/bXe4dGtKFjNGMNgecCcdeAQnhgJWd2pJbfsH97r0Vl2HMrddXHs9/MD8EF6oynCBP8sdqLuxxEkUE5xeSZlIURo/SXaG124CcS9eg2cb38JStITcbDoSz9ItMEEc2c0dIz5p6veeXB/jzjlz0mDbgy8WrawMQIe1KAmu8HazUZ6S24ZveCK5vRzY5uoc17QtaDrAby06AUboouBy28sK6tES03nYKgNxQIhdfVTIwoIUQ65jBFx/OCw2R1IzETNsz4igbA3kcuj4I3LOCFqdDGERKW/4QLI+/x5mRd4lc6k3q1sb8Et4TCYoo81edn/q7GEAZaNvFD2LwK0JWeDCzWuxx9wfjfWPi4E9WZAdJIBPHerh/CIPmU2zc5Tdc6d9/k+0mN35JseD+Au4c17Lhs/CMb7jodmVq9Oik8JvaSEAmjShnlFli4tjN9MaJTcBmzUHWDfYYTn79Uo9jJK1jLirxYqJwt3i+oUMvQCJLJ97+NiHciFeBi37TvRWJrxT4PzVlY/fhew2mZXd4yeyQbj2LtyoOKBsUsoeIFnYIJLKT3CQCcHNtA2gTp+CbMNZ1y9geWLz8w/OdrLW13eXWBipWmlUOpwOR43ESjonz9w4M7y3RvlXvFTesviHgL0MEV/GnVBV/4y9JrUGrOvjb8yfscOoI2k5opNIoJFSwtBlSoxwYvhwg5rgCFO6KY8hq+huh3zx88Ow0kDfVLbiE8aIcx1qodCl/0N1pvjClzHOO7wCCLxPX0oBKoclA8/z9tW/4raIlze/ZbkATKojdmdCwxPgsL6b21zlkDtAlpdykHZUCO6KrHRQso0Pm2n+aX4inODadbw4H86NVhRgC0kt16+6GO1mB+7rm7c+d2r > > GprmrxtzlS40smaBSbIiiwdoAd5F5BwBfiMGRBfIiCQiGLjDRBJi/P+ufh4iOpMxwrT1gupnl8uwK1cqM7MaNrp+REPxpQS4O9boNtw5W1ZoD3HxqT95rNA+GwN0w2DkchWgzaZo0/uALVKIJa/JwtGv9j6HSn7hFYseUMtNU7RxHs4+Gj+KYX6hJ0GbUpYSRRD/UXT20gqzfA5GobQ9NfnrsDwVCUxFGn2TGapS5X93TQEf+D97W1qAkCww6emrkCIMrU31LQmUvlmBu0aIQLT6h59wRDlRBGMzsKaj3KAKuI4kwdLt8iiJTEpzbOceRcB0mUzNTbOXZdgAKzuiC3lda9ChGfA+jwQAYGvkbpeIYWhCcxAV7gVYXjvRdB4k3u+xe5W4Ubv5b1mGYVCCRQWNpDC06sNvnwzPt6Qa9kAMYC9pB/iw6Oy8XEzbzpbxqFpxT4jxv41v6leX3T/KgTXO1XaQHwsEEAtSk6kCMzLxaGWdQd78vOR/GWPjiCKSC+hDDKmlIPuFQ65TKw9I2cWmQMqC7maVRQq4+7RMPHt+iwJGofDDYyxTpdqdo1miqHHC44Y2XqhnxubajR37pXavbv/W2YJkNKptFJHZv1cYTBdlR+f0GnqgqFvAyZzs4+pKv/YiQ68E4dBVqXy4cVx0DLjHLFzETJeWUFsiX+P81s4fB4RB5r6vwtfaPPDjUHjvGaQMC+14H3ZmcMW+2t5VuDpqMIHt4XcDqayWCvBrcgEOz9mcq0hmjAogslad7dhe0J2y6iL5guoUavvaUZDewzkpdp3l2YGPnF1IB1m4+idkDKCgH9CYbufKo+UR/7OeIyEjfMNqGnwp157VGSwzXBMCVK7L113P+s5OUG8Tb0R8oDy2KslJ5y7HWN4CF5/QuYI3Ja5UGIDlr0mQy6VN1cA8MJ8Hf1o0CYgPkEzUamk8dHJqHFl4BX4/Q==</xenc:C > ipherValue></xenc:CipherData></xenc:EncryptedData><wsu:Timestamp > wsu:Id="TS-14"><wsu:Created>2014-04-26T11:50:08.080Z</wsu:Created><wsu:Expires>2014-04-26T11:50:18.080Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken > wsu:Id="UsernameToken-13"><wsse:Username>POC-Username</wsse:Username><wsse:Password > Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";>I2Pw32RLANbTrH6sF3OZakPNnFA=</wsse:Password><wsse:Nonce > EncodingType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > ">56mNOeA3JWwvapjrF1H8Bg==</wsse:Nonce><wsu:Created>2014-04-26T11:50:08.080Z</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header> > <soap:Body wsu:Id="id-15" xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><xenc:EncryptedData > Id="ED-18" Type="http://www.w3.org/2001/04/xmlenc#Content"; xmlns:xenc=" > http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm=" > http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds=" > http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference > wsse11:TokenType=" > http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"; > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > xmlns:wsse11=" > http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd > "><wsse:Reference > > > URI="#EK-C60D03DB1FCA570C29139851300809612"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>3R70hTNEIGMzN+wskHGSb3I6H8ULadOmn9/txdvhUIjbF4Fu+eGCmmllaDqdjnrdmCnTrRN6cj37FXIpw6htANJgg+A1tIcS23hNFekc9Yz03CA4RK3E2BYbFr8rUjnSCdwU+Y40cTUUvqVz7Xy9pDWsQUk/1kuKK7sNezZHoKiqROtLBSAh/942JYTaagHJvjmJeaVrmYthzfah4FnyADGRgPsOGU45nNg+ZbhaHC8TZ1NdxBPas4GsefH5GaJRji5R2pOQQOZk0sTtyI/7g79HSlaw7VPO105HwIGD1QHrmKlqCO4JgJ1cwG98bgE/7yCub8DTezIe5y1de3AXEC7sjt7F1+KPeirTlzi6QiASKQI7YeWsKZ/vj/fp1nGtjie4S45m7T4Y9p4cpFVgNO1uM1jppLmUJzh7vra+feLI7CItZtv3wMePnSz8IZvc/9Js2AFH3muK2gA6ScvlC+v3zrpY/SSEiyfS8dxb8fSopi27jasvQOlFr6DESYQ7aO9aWXpOqeh0Jzy8YFUw0INa0MON5Gs6TzafOLAEnm7B5ocP9y3tL8Xmv9aX90KdWo9V1bP7HBDMFNgVIWyp6mVt4ds4K58pRpikgvhoncv0b8xm50SnghOu+ubpS4TGurt31idv4zkpn8pNYj5fhkk1DXoMO/c8WSPvURgDiu+2GakRztTaxNOUv5o99LzGlqM8y2jjKwS/76Jy7AJceeUFagF+5dN9</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body> > </soap:Envelope> > ------=_Part_2_1401538319.1398513008102 > Content-Type: text/plain; charset=us-ascii; name=test.txt > Content-Transfer-Encoding: 7bit > Content-ID: <249996952948> > Content-Disposition: attachment; name="test.txt"; filename="test.txt" > > This is Test file for testing MTOM File Upload... > ------=_Part_2_1401538319.1398513008102-- > > -------------------------------------- > > Regards > Paul > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
