[jboss-user] [JBossWS] - Re: MTOM + WS Security = problem

richard_opalka do-not-reply at jboss.com
Tue Jun 26 03:18:48 EDT 2007


"davideling" wrote : Ok,
  | but have the MTOM attachment to be inlined  or not
  | when WS-Security signature or encryption is activated?
  | 
  | Thanks
  | 

MTOM attachments do not need to be inlined.

For example Microsoft Indigo and some other Java stacks (I don't know if JBossWS too)
provide some kind of "MTOM SAAJ Text Element",
which contains just MIME attachment id as its content (when you're
sniffing the wire communcation). However from SOAP stack point of view when
some other SAAJ handler that is in the handler chain tries to read
the content of this special text element, it will obtain attachment binary data
encoded in base64 canonical format instead of the attachment id.
However on the wire it goes as the MIME attachment.

This has also some performance consequences. For example if application
sends MTOM in the form of MIME attachment and there's some handler in
the handler chain that needs to work with this MTOM attachment content 
(e.g. WSSecurity SAAJ handler), this attachment must be encoded to base64 canonical
format and that value is returned to the requestor. When 
processing really big attachments this fact causes real performance issues.

Rio

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4057567#4057567

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4057567



More information about the jboss-user mailing list