[jboss-user] [JBossWS] - Re: MTOM + WS Security = problem
do-not-reply at jboss.com
Fri Feb 22 15:22:19 EST 2008
Hi, we are also trying to use WS-Security + MTOM in JBossWS 2.0.1 and 2.0.3, we are sending big files so we need binary attachments instead of inline encoded data.
Here is the result of our tests:
- In JBossWS 2.0.1 you must change the configuration of the endpoint by adding ##SOAP11_HTTP_MTOM to the bindings protocol:
| <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
If ##SOAP11_HTTP_MTOM is not present, the handler is ignored, and the signature is not verified.
- In JBossWS 2.0.3 you don't need to add ##SOAP11_HTTP_MTOM, it seems to consider the handler anyway.
- In both versions we had problems sending the binary as an attachment (using SoapUI), we always receive: Signature is invalid
- Using a JBossWS client, we didn't find a way to send the binary data as an attachment, it is sent always encoded inline.
- If the binary data is sent inline the signature is verified (from the JBossWS client and also from SoapUI)
- So, we could not make MTOM + Attachments + WS-Security work together
Instead, we have moved to swaRef (simply annotating with @XmlAttachmentRef a DataHandler field) and everything works fine, you can remove the BindingType for MTOM.
- So, we have now swaRef + WS-Security working fine
There is some important difference between MTOM and swaRef? swaRef comes from ws-i, so I expect no interoperability problems.
Somebody has MTOM and WS-Security working?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4131550#4131550
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4131550
More information about the jboss-user