Hi, we are also trying to use WS-Security + MTOM in JBossWS 2.0.1 and 2.0.3, we are
sending big files so we need binary attachments instead of inline encoded data.
Here is the result of our tests:
- In JBossWS 2.0.1 you must change the configuration of the endpoint by adding
##SOAP11_HTTP_MTOM to the bindings protocol:
| <javaee:protocol-bindings>##SOAP11_HTTP
##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
|
If ##SOAP11_HTTP_MTOM is not present, the handler is ignored, and the signature is not
verified.
- In JBossWS 2.0.3 you don't need to add ##SOAP11_HTTP_MTOM, it seems to consider the
handler anyway.
- In both versions we had problems sending the binary as an attachment (using SoapUI), we
always receive: Signature is invalid
- Using a JBossWS client, we didn't find a way to send the binary data as an
attachment, it is sent always encoded inline.
- If the binary data is sent inline the signature is verified (from the JBossWS client and
also from SoapUI)
- So, we could not make MTOM + Attachments + WS-Security work together
Instead, we have moved to swaRef (simply annotating with @XmlAttachmentRef a DataHandler
field) and everything works fine, you can remove the BindingType for MTOM.
- So, we have now swaRef + WS-Security working fine
There is some important difference between MTOM and swaRef? swaRef comes from ws-i, so I
expect no interoperability problems.
Somebody has MTOM and WS-Security working?
Thanks,
Martin
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4131550#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...