Hello, Thanks for your answers, @richard_opalka: I agree, they are compatible, so to use attachments with WS Security, MTOM is the only and right way. @davideling: I have the same config. As I said on my first post, mtom only works, and ws security only also works. Are you sure that your encrypted soap envelope is created using mtom? Can you post one of your soap messages? And also the parameters of the exposed method or the wsdl file? I tried to get some soap message examples where mtom + ws security are enabled. I found two: -http://wso2.org/files/rampart-tute.pdf [page 81] -http://msdn2.microsoft.com/en-US/library/aa738574.aspx[bottom of the page] In these two message, we can see that: -Content-Type contains "multipart/related" and "type="application/xop+xml" -In the body of the soap message, there is a "xop:Include" element -In the body of the soap message, there is a "CipherData" and a "CipherValue" element -The attachment is in an encrypted mime part The two first points are the proof that mtom is enabled. The last ones indicate that ws security is active too. Im trying to achieve this kind of message with JbossWS. So far, no luck. :oD. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4057334#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...