Hello Colm, thanks. My configuration was wrong. I configured:
<entry key="encryptionParts" value="{Element}{ http://schemas.xmlsoap.org/soap/envelope/}Body; {}cid:Attachments" /> I oriented myself on https://ws.apache.org/wss4j/attachments.html Now I am using (like in your test): <entry key="encryptionParts" value="{}{ http://schemas.xmlsoap.org/soap/envelope/}Body;{Element}cid:Attachments;"> and it works fine. The documentation states {}cid:Attachments. Maybe it can be updated to {Element}cid:Attachments. Is there an special reason, why I have to use in signatureParts {Element}{ http://schemas.xmlsoap.org/soap/envelope/}Body and in encryptionParts {}{ http://schemas.xmlsoap.org/soap/envelope/}Body? Thanks. Best regards Kai 2016-06-27 12:10 GMT+02:00 Colm O hEigeartaigh <cohei...@apache.org>: > I can't reproduce...I added a similar test to CXF and it works fine: > > https://git1-us-west.apache.org/repos/asf?p=cxf.git;a=commit;h=0eafb7f8 > > Colm. > > On Mon, Jun 27, 2016 at 10:02 AM, Kai Rommel <krommel2...@googlemail.com> > wrote: > >> Hello Colm, >> >> I configured a WS-Consumer with WS-Security. >> Works fine for body encryption, when message is send to WS-Provider. The >> soap envelope contains beside soap header also soap body: >> >> ...</wsse:Security></soap:Header><soap:Body xmlns:wsu=" >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" >> wsu:Id="id-f2366587-d90a-44c5-9b03-22dccc6a177d"><xenc:EncryptedData ..... >> >> >> Now I enhanced my scenario by encrypting attachments, too. >> My WSS4J Interceptor looks like this: >> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor" >> id="Sign_Request"> >> <constructor-arg> >> <map> >> <entry key="action" value="Timestamp Signature Encrypt" /> >> <entry key="user" value="wss" /> >> <entry key="signatureUser" value="wss" /> >> <entry key="signaturePropFile" value="jks/client.properties" /> >> <entry key="signatureKeyIdentifier" value="DirectReference" /> >> <entry key="passwordCallbackClass" >> value="demo.ws_rm.client.CallBack" /> >> <!-- with attachments --> >> <entry key="signatureParts" >> value="{}cid:Attachments; >> {Element}{ >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp >> ; >> {Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/> >> <entry key="encryptionUser" value="wss" /> >> <entry key="encryptionPropFile" value="jks/client.properties" /> >> <entry key="encryptionParts" >> value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; >> {}cid:Attachments" /> >> </map> >> </constructor-arg> >> </bean> >> >> Now the soap:body is missing in the soap:envelope. Header element is >> closed, but body not opened >> ...</wsse:Security></soap:Header><xenc:EncryptedData xmlns:.... >> >> Attachments are encrypted fine. But message can not be decrypted on >> WS-Provider side, because of missing body element. >> >> I am using cxf 3.2.0-SNAPSHOT and wss4j 2.2.0-SNAPSHOT. >> >> Are you able to reproduce the error, or is my WSS4J interceptor >> configuration wrong? >> >> Thanks for your help. >> >> Best regards >> Kai >> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >