Skip to Main Content
Forums

Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

OSB MTOM request with outbound ws-security

dvb80Feb 22 2017

Hi

I have a question/issue regarding the use of an MTOM/XOP soaprequest via OSB (12.1.3) in combination with outbound ws-security (owsm policy).

We have this flow : soapUI -> OSB-proxyService -> OSB-pipeline -> OSB-businessService -> backendService (soapUI mockservice).

OSB-proxyService configuration :

no security policies attached

wsdl soap1.2 based

OSB-pipeline configuration  :

XOP/MTOM support enabled - include binary data by reference

Page attachments to disk enabled

OSB-businessService configuration:

XOP/MTOM support enabled - include binary data by reference

Page attachments to disk enabled

owsm security policy attached to sign the outbound request.

wsdl on proxyservice, businessservice, pipeline is the same.

The wsdl part that handles the mtom/xop element :

    <xsd:complexType name="XopFile">

        <xsd:annotation>

            <xsd:documentation>Describe a file with binary content defined as XOP.</xsd:documentation>

        </xsd:annotation>

        <xsd:complexContent>

            <xsd:extension base="FileInfo">

                <xsd:sequence>

                    <xsd:element name="binary" type="xsd:base64Binary" xmime:contentType="application/octet-stream" xmime:expectedContentTypes="application/octet-stream" nillable="false" minOccurs="1" maxOccurs="1" />

                </xsd:sequence>

            </xsd:extension>

        </xsd:complexContent>

    </xsd:complexType>

Without security this is working fine.  SoapUI sends a request with an mtom/xop enabled attachment and this flows through the OSB and the backendservice receives an mtom/xop attachment. no problems here.

The backend receives something like this for the mtom part :

                  <file:binary>

                     <xop:Include href="cid:test100kb.pdf" xmlns:xop="http://www.w3.org/2004/08/xop/include"/>

                  </file:binary>

Now, when we attach an owsm security policy to the businessService to sign the outbound request it goes wrong.

The backendService receives a signed request but it is rejected because the digest is not valid.

In the owsm log we can see the outbound request :

<file:binary>JVBERi0xLjMKJcTl8uXrp/Og0MTGCjYgMCBvYmoKPDwg....</file:binary>

the request that is received by the backend:

   <file:binary>

                     <xop:Include href="cid:test100kb.pdf" xmlns:xop="http://www.w3.org/2004/08/xop/include"/>

                  </file:binary>

It seems that OSB is signing the request first and afterwards it is transforming the body to the xop:Include element. It should be the other way around, first handling the mtom/xop element and then handle the signing.

In fact , why is OSB handling the attachment part first as  a binary in-memory base64 element ?  Since I enabled the 'page attachments to disk' option.

Does this has something to do with the setup of the wsdl for the mtom/xop part ?

Any ideas what we should change or how we should handle an mtom/xop request with outbound ws-security in OSB ?

Best Regards

David

Comments

Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Mar 22 2017
Added on Feb 22 2017
#osb, #soa-process-management, #soa-suite-discusssions
0 comments
297 views