You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Jochen Riedlinger (Jira)" <ji...@apache.org> on 2020/03/02 15:19:00 UTC
[jira] [Created] (CXF-8230) WS-Security and MTOM: Flag
org.apache.cxf.ws.security.SecurityConstants.STORE_BYTES_IN_ATTACHMENT not
working as expected
Jochen Riedlinger created CXF-8230:
--------------------------------------
Summary: WS-Security and MTOM: Flag org.apache.cxf.ws.security.SecurityConstants.STORE_BYTES_IN_ATTACHMENT not working as expected
Key: CXF-8230
URL: https://issues.apache.org/jira/browse/CXF-8230
Project: CXF
Issue Type: Bug
Components: WS-* Components
Affects Versions: 3.2.5
Reporter: Jochen Riedlinger
Attachments: example_request_1.xml
Hi,
by default an CXF client that uses MTOM and WS-Security sends the "BinarySecurityToken" and "SignatureValue" elements base64 encoded.
I expect that "BinarySecurityToken" and "SignatureValue" are both sent as attachmentreferenced via XOP:INCLUDE, if I put the flag "org.apache.cxf.ws.security.SecurityConstants.STORE_BYTES_IN_ATTACHMENT=true".
But this does not happen.
If I put STORE_BYTES_IN_ATTACHMENT=true, only the BinarySecurityToken is attached while SignatureValue stays base64 encoded (see attched file "example_request_1.xml").
IMHO the flag should also cause the SignatureValue to attached, shouldn't it?
Background story:
The use-case for this is that I want a CXF client to behave like a 3rd party client (SAP) with which we have an compatibility issue.
The SAP client sends BinarySecurityToken, SignatureValue and the real data as MTOM attachment. A CXF client only sends BinarySecurityToken and the real data as MTOM atatchment.
I have the suspision that a CXF service cannot handle a request that sends BinarySecurityToken, SignatureValue and the real data as MTOM attachment.
But since the STORE_BYTES_IN_ATTACHMENT flag does not work as expected, I cannot even write a reproducer....
Regards,
Jochen
--
This message was sent by Atlassian Jira
(v8.3.4#803005)