cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Андрей Хайсин <andrei....@gmail.com>
Subject Securing SOAP attachments
Date Wed, 24 Feb 2010 14:54:14 GMT
Hello,

My goal is to send binary data as MTOM attachment with signing this
attached data.

I've read a lot that WSS4J does not support signing MTOM attachments
(http://issues.apache.org/jira/browse/CXF-1669 and etc.)

As I understood the sequence of actions should be:
- binary data are inlined in soap:body;
- signign\encription is performed;
- if MTOM enabled binary data are extracted, replaced by XOP:Include
placeholder, added as multipart attachment;
- message is sent ...
And vice-versa on the receiver side

Am I right?
Could somebody help me how to achieve this with WSS4J or without it?

As I understood WSS4JOutInterceptor uses saajOutInterceptor to extract
binary data as MTOM attachments
and only after this perform signing.
So only instead of binary data placeholder (<inc:Include
href="cid:attachments.txt"
xmlns:inc="http://www.w3.org/2004/08/xop/include"/> ) is used for
signing.

-- 
Best regards!
-------
Andrei Khaisin
mailto:andrei.han@gmail.com

Mime
View raw message