[jboss-user] [JBossWS] - Re: MTOM + WS Security = problem

mrostan do-not-reply at jboss.com
Fri Feb 22 15:22:19 EST 2008

Hi, we are also trying to use WS-Security + MTOM in JBossWS 2.0.1 and 2.0.3, we are sending big files so we need binary attachments instead of inline encoded data.
Here is the result of our tests:

- In JBossWS 2.0.1 you must change the configuration of the endpoint by adding ##SOAP11_HTTP_MTOM to the bindings protocol:

  | <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings>
If ##SOAP11_HTTP_MTOM is not present, the handler is ignored, and the signature is not verified.

- In JBossWS 2.0.3 you don't need to add ##SOAP11_HTTP_MTOM, it seems to consider the handler anyway. 

- In both versions we had problems sending the binary as an attachment (using SoapUI), we always receive: Signature is invalid
- Using a JBossWS client, we didn't find a way to send the binary data as an attachment, it is sent always encoded inline. 
- If the binary data is sent inline the signature is verified (from the JBossWS client and also from SoapUI)

- So, we could not make MTOM + Attachments + WS-Security work together

Instead, we have moved to swaRef (simply annotating with @XmlAttachmentRef a DataHandler field) and everything works fine, you can remove the BindingType for MTOM.

- So, we have now  swaRef + WS-Security working fine

There is some important difference between MTOM and swaRef? swaRef comes from ws-i, so I expect no interoperability problems.

Somebody has MTOM and WS-Security working?


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4131550#4131550

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4131550

More information about the jboss-user mailing list