Hi
I have a question/issue regarding the use of an MTOM/XOP soaprequest via OSB (12.1.3) in combination with outbound ws-security (owsm policy).
We have this flow : soapUI -> OSB-proxyService -> OSB-pipeline -> OSB-businessService -> backendService (soapUI mockservice).
OSB-proxyService configuration :
no security policies attached
wsdl soap1.2 based
OSB-pipeline configuration :
XOP/MTOM support enabled - include binary data by reference
Page attachments to disk enabled
OSB-businessService configuration:
XOP/MTOM support enabled - include binary data by reference
Page attachments to disk enabled
owsm security policy attached to sign the outbound request.
wsdl on proxyservice, businessservice, pipeline is the same.
The wsdl part that handles the mtom/xop element :
<xsd:complexType name="XopFile">
<xsd:annotation>
<xsd:documentation>Describe a file with binary content defined as XOP.</xsd:documentation>
</xsd:annotation>
<xsd:complexContent>
<xsd:extension base="FileInfo">
<xsd:sequence>
<xsd:element name="binary" type="xsd:base64Binary" xmime:contentType="application/octet-stream" xmime:expectedContentTypes="application/octet-stream" nillable="false" minOccurs="1" maxOccurs="1" />
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
Without security this is working fine. SoapUI sends a request with an mtom/xop enabled attachment and this flows through the OSB and the backendservice receives an mtom/xop attachment. no problems here.
The backend receives something like this for the mtom part :
<file:binary>
<xop:Include href="cid:test100kb.pdf" xmlns:xop="http://www.w3.org/2004/08/xop/include"/>
</file:binary>
Now, when we attach an owsm security policy to the businessService to sign the outbound request it goes wrong.
The backendService receives a signed request but it is rejected because the digest is not valid.
In the owsm log we can see the outbound request :
<file:binary>JVBERi0xLjMKJcTl8uXrp/Og0MTGCjYgMCBvYmoKPDwg....</file:binary>
the request that is received by the backend:
<file:binary>
<xop:Include href="cid:test100kb.pdf" xmlns:xop="http://www.w3.org/2004/08/xop/include"/>
</file:binary>
It seems that OSB is signing the request first and afterwards it is transforming the body to the xop:Include element. It should be the other way around, first handling the mtom/xop element and then handle the signing.
In fact , why is OSB handling the attachment part first as a binary in-memory base64 element ? Since I enabled the 'page attachments to disk' option.
Does this has something to do with the setup of the wsdl for the mtom/xop part ?
Any ideas what we should change or how we should handle an mtom/xop request with outbound ws-security in OSB ?
Best Regards
David