JBossWS - Security and attachments sample

Since 3.0.1 (Native)

Scenario

This sample targets those web service business scenarios requiring both exchange of attachments and different levels of communication security.

 

The org.jboss.test.ws.jaxws.samples.news sample is about an oversimplified newspaper system. News agencies provide press releases to the main newspaper center. Information are processed, articles written and perhaps translated. Once a newspaper edition is ready, printer/distributor centers can download it (as well as previous editions).

This sample of course focuses on the web service endpoints making the above-mentioned communication possible.

 

Attachments

The JBossWS stack supports two means of using attachment (perhaps binary) to SOAP message: MTOM/XOP and SwaRef. Basically both technologies allows attachments to be referenced in SOAP messages, moreover MTOM/XOP provides efficient data serialization for certain content types. Since third-party system might support MTOM/XOP or SwaRef only, we decided here to implement two different endpoints, each of them using one technology.

 

The press release endpoint

Newspaper server

The press release endpoint implementation is provided in the AbstractPressReleaseEndpoint class and simply outputs the received press release object to the logs:

public abstract class AbstractPressReleaseEndpoint
{
   private Logger log = Logger.getLogger(this.getClass());
   
   public void submitPressRelease(PressRelease release)
   {
      log.info("Received a press release from agency: " + release.getAgencyId());
      log.info("- Title: " + release.getTitle());
      log.info("- Text: " + release.getBody());
   }
}

Here is the actual web service endpoint implementation:

@Stateless
@WebService(name = "PressReleaseEndpoint",
            targetNamespace = "http://org.jboss.ws/samples/news",
            serviceName = "PressReleaseService")
@SOAPBinding(style = SOAPBinding.Style.DOCUMENT,
             use = SOAPBinding.Use.LITERAL)
@WebContext(contextRoot="/news",
            urlPattern="/pressRelease")
public class PressReleaseEndpoint extends AbstractPressReleaseEndpoint
{
   
}

To make it really easy, we used a SLSB endpoint without even defining an interface. We chose Document/Literal style/use and explicitely set the service name and namespace, as well as the context root and url pattern through the @WebContext annotation. Thus nothing special here, no attachments stuff required, we're simply preparing a basic service that will be secured in the next chapter.

 

Agency client

Once the server is implemented, we can deploy it and get the generated wsdl contract. This way we generate the client through the wsconsume script (assume your bind address is localhost.localdomain:8080):

wsconsume.sh -k -p org.jboss.test.ws.jaxws.samples.news.generated.agency http://localhost.localdomain:8080/news/pressRelease?wsdl

Referencing the generated classes, we hand code the agency client:

public class Agency
{
   protected PressReleaseEndpoint endpoint;

   public Agency(URL url)
   {
      PressReleaseService service = new PressReleaseService(url, new QName("http://org.jboss.ws/samples/news", "PressReleaseService"));
      endpoint = service.getPressReleaseEndpointPort();
   }
   
   public void run(String title, String body)
   {
      PressRelease pressRelease = new PressRelease();
      pressRelease.setAgencyId("agency01");
      pressRelease.setTitle(title);
      pressRelease.setBody(body);
      pressRelease.setDate(new XMLGregorianCalendarImpl(new GregorianCalendar()));
      endpoint.submitPressRelease(pressRelease);
   }
   
   public static void main(String[] args)
   {
      try
      {
         if (args.length == 3)
         {
            Agency agency = new Agency(new URL(args[0]));
            agency.run(args[1], args[2]);
            System.out.println("Press release sent.");
         }
         else
         {
            System.out.println("Agency client usage:");
            System.out.println("wsrunclient.sh -classpath agency.jar org.jboss.test.ws.jaxws.samples.news.Agency http://host:port/news/pressRelease?wsdl title body");
         }
      }
      catch (Exception e)
      {
         e.printStackTrace();
      }
   }
}

The newspaper edition endpoint

MTOM/XOP newspaper server

The class used to ship newspaper edition from the main center to the printers/distributors is the following one:

public class EditionMTOM
{
   private Date date;
   private DataHandler content;
   private String id;
   
   public Date getDate()
   {
      return date;
   }
   public void setDate(Date date)
   {
      this.date = date;
   }
   @XmlMimeType("text/plain")
   public DataHandler getContent()
   {
      return content;
   }
   public void setContent(DataHandler content)
   {
      this.content = content;
   }
   public String getId()
   {
      return id;
   }
   public void setId(String id)
   {
      this.id = id;
   }
}

Please note the @XmlMimeType annotation used to set the MIME type of the attachment being enclosed to the message. For ease we're using text-plain here, of course a real world use case will almost always require something else, perhaps application/octet-stream.

The sample newspaper endpoint implementation is quite trivial:

public class AbstractNewspaperMTOMEndpoint
{
   private Logger log = Logger.getLogger(this.getClass());
   
   public EditionMTOM getNewspaperEdition(String newspaperId)
   {
      log.info("Newspaper edition requested: " + newspaperId);
      EditionMTOM edition = new EditionMTOM();
      edition.setContent(new DataHandler("This is the newspaper document with id " + newspaperId, "text/plain"));
      edition.setDate(new Date());
      edition.setId(newspaperId);
      return edition;
   }
   
   public String[] getNewspaperEditionIdList(Date from, Date to)
   {
      String[] ids = new String[2];
      ids[0] = "doc01";
      ids[1] = "doc02";
      return ids;
   }
}

As you can see the edition's content is provided through the DataHandler class, which allows you to use every content-types you might need. The actual web service configuration is provided through the NewspaperMTOMEndpoint:

@Stateless
@WebService(endpointInterface = "org.jboss.test.ws.jaxws.samples.news.NewspaperMTOM",
      name = "NewspaperMTOMEndpoint",
      targetNamespace = "http://org.jboss.ws/samples/news",
      serviceName = "NewspaperMTOMService")
@SOAPBinding(style = SOAPBinding.Style.RPC,
       use = SOAPBinding.Use.LITERAL)
@WebContext(contextRoot="/news",
      urlPattern="/newspaper/mtom")
@BindingType(value = "http://schemas.xmlsoap.org/wsdl/soap/http?mtom=true")
public class NewspaperMTOMEndpoint extends AbstractNewspaperMTOMEndpoint implements NewspaperMTOM
{
   
}

In this example we're using RPC/Literal to keep things easier; the @BindingType annotation is required to enable MTOM processing.

 

SwaRef newspaper server

The class used to ship newspaper edition from the main center to the printers/distributors is the following one:

@XmlRootElement
public class EditionSWA
{
   private Date date;
   private DataHandler content;
   private String id;
   
   public Date getDate()
   {
      return date;
   }
   public void setDate(Date date)
   {
      this.date = date;
   }
   @XmlElement
   @XmlAttachmentRef
   public DataHandler getContent()
   {
      return content;
   }
   public void setContent(DataHandler content)
   {
      this.content = content;
   }
   public String getId()
   {
      return id;
   }
   public void setId(String id)
   {
      this.id = id;
   }
}

Please note the @XmlAttachmentRef annotation used to define which attribute will be enclosed as attachment. The DataHandler class has to be used here too.

 

The sample newspaper endpoint implementation is the same as the MTOM one except for the EditionSWA class used instead of EditionMTOM. The web service endpoint configuration instead is simpler, since nothing more than what you would have in an usual endpoint implementation is required:

@Stateless
@WebService(endpointInterface = "org.jboss.test.ws.jaxws.samples.news.NewspaperSWA",
      name = "NewspaperSWAEndpoint",
      targetNamespace = "http://org.jboss.ws/samples/news",
      serviceName = "NewspaperSWAService")
@SOAPBinding(style = SOAPBinding.Style.RPC,
       use = SOAPBinding.Use.LITERAL)
@WebContext(contextRoot="/news",
      urlPattern="/newspaper/swa")
public class NewspaperSWAEndpoint extends AbstractNewspaperSWAEndpoint implements NewspaperSWA
{
   
}

Printer client

As for the press release endpoint, we generate the client stuff using the wsconsume script, given the published wsdl contract:

wsconsume.sh -k -p org.jboss.test.ws.jaxws.samples.news.generated.printer.mtom http://localhost.localdomain:8080/news/newspaper/mtom?wsdl
wsconsume.sh -k -p org.jboss.test.ws.jaxws.samples.news.generated.printer.swa http://localhost.localdomain:8080/news/newspaper/swa?wsdl

The sample printer is coded referencing the generated classes and allows invocation of both the endpoints:

public class Printer
{
   protected NewspaperMTOMEndpoint mtomEndpoint;
   protected NewspaperSWAEndpoint swaEndpoint;
   protected boolean mtom;
   
   public Printer(URL url, boolean mtom)
   {
      this.mtom = mtom;
      if (mtom)
      {
         NewspaperMTOMService mtomService = new NewspaperMTOMService(url, new QName("http://org.jboss.ws/samples/news", "NewspaperMTOMService"));
         mtomEndpoint = mtomService.getNewspaperMTOMEndpointPort();
      }
      else
      {
         NewspaperSWAService swaService = new NewspaperSWAService(url, new QName("http://org.jboss.ws/samples/news", "NewspaperSWAService"));
         swaEndpoint = swaService.getNewspaperSWAEndpointPort();
      }
   }
   
   public void run() throws IOException
   {
      XMLGregorianCalendar from = new XMLGregorianCalendarImpl(new GregorianCalendar(2008,1,10));
      XMLGregorianCalendar to = new XMLGregorianCalendarImpl(new GregorianCalendar(2008,1,14));
      if (mtom)
      {
         ((SOAPBinding)(((BindingProvider)mtomEndpoint).getBinding())).setMTOMEnabled(true);
         for (String id : mtomEndpoint.getNewspaperEditionIdList(from, to).getItem())
         {
            System.out.println("Downloading newspaper document: " + id);
            EditionMTOM edition = mtomEndpoint.getNewspaperEdition(id);
            System.out.println("Content: " + edition.getContent());
         }
      }
      else
      {
         for (String id : swaEndpoint.getNewspaperEditionIdList(from, to).getItem())
         {
            System.out.println("Downloading newspaper document: " + id);
            EditionSWA edition = swaEndpoint.getNewspaperEdition(id);
            DataHandler dh = edition.getContent();
            System.out.println("Content type: " + dh.getContentType());
            System.out.println("Content: " + dh.getContent());
         }
      }
   }
   
   public static void main(String[] args)
   {
      try
      {
         if (args.length == 1)
         {
            Printer printer = new Printer(new URL(args[0]), args[0].endsWith("mtom?wsdl"));
            printer.run();
         }
         else
         {
            System.out.println("Printer client usage:");
            System.out.println("wsrunclient.sh -classpath agency.jar org.jboss.test.ws.jaxws.samples.news.Printer http://host:port/news/newspaper/mtom?wsdl");
            System.out.println("or");
            System.out.println("wsrunclient.sh -classpath agency.jar org.jboss.test.ws.jaxws.samples.news.Printer http://host:port/news/newspaper/swa?wsdl");
         }
      }
      catch (Exception e)
      {
         e.printStackTrace();
      }
   }
}

Please note we used the SOAPBinding's setMTOMEnabled(boolean enable) method to enable the MTOM/XOP processing.

 

Running the sample

Let's build the sample and take a look at the final contents of the generated archives; the newspaper main center is in jaxws-samples-news-step1-newspaper.jar:

[alessio@localhost trunk]$ jar -tvf output/tests/libs/jaxws-samples-news-step1-newspaper.jar
     0 Fri Feb 08 11:40:50 CET 2008 META-INF/
   106 Fri Feb 08 11:40:48 CET 2008 META-INF/MANIFEST.MF
     0 Fri Feb 08 11:38:20 CET 2008 org/
     0 Fri Feb 08 11:38:20 CET 2008 org/jboss/
     0 Fri Feb 08 11:38:20 CET 2008 org/jboss/test/
     0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/
  1867 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/AbstractNewspaperMTOMEndpoint.class
  1861 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/AbstractNewspaperSWAEndpoint.class
  1281 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/AbstractPressReleaseEndpoint.class
  1223 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/EditionMTOM.class
  1301 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/EditionSWA.class
   951 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/NewspaperMTOM.class
  1298 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/NewspaperMTOMEndpoint.class
   948 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/NewspaperSWA.class
  1265 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/NewspaperSWAEndpoint.class
  1208 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/PressRelease.class
  1059 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/PressReleaseEndpoint.class

As you can see, it contains both the press release and newspaper edition endpoint implementations (the latter in MTOM and Swa versions). No descriptor is required.

The agency archive is jaxws-samples-news-step1-agency.jar:

[alessio@localhost trunk]$ jar -tvf output/tests/libs/jaxws-samples-news-step1-agency.jar 
     0 Fri Feb 08 11:40:50 CET 2008 META-INF/
   106 Fri Feb 08 11:40:48 CET 2008 META-INF/MANIFEST.MF
     0 Fri Feb 08 11:38:20 CET 2008 org/
     0 Fri Feb 08 11:38:20 CET 2008 org/jboss/
     0 Fri Feb 08 11:38:20 CET 2008 org/jboss/test/
     0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/
  2592 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/Agency.class
     0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/
  2813 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/ObjectFactory.class
  1640 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/PressRelease.class
   865 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/PressReleaseEndpoint.class
  1725 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/PressReleaseService.class
  1035 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/SubmitPressRelease.class
   647 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/SubmitPressReleaseResponse.class
   291 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/package-info.class

It contains nothing more than the hand coded client class and the wsconsume generated classes.

Finally, the printer archive is jaxws-samples-news-step1-printer.jar:

[alessio@localhost trunk]$ jar -tvf output/tests/libs/jaxws-samples-news-step1-printer.jar 
     0 Fri Feb 08 11:40:50 CET 2008 META-INF/
   106 Fri Feb 08 11:40:48 CET 2008 META-INF/MANIFEST.MF
     0 Fri Feb 08 11:38:20 CET 2008 org/
     0 Fri Feb 08 11:38:20 CET 2008 org/jboss/
     0 Fri Feb 08 11:38:20 CET 2008 org/jboss/test/
     0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/
  5444 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/Printer.class
     0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/
     0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/
  1599 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/EditionMTOM.class
  1115 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/NewspaperMTOMEndpoint.class
  1760 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/NewspaperMTOMService.class
   958 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/ObjectFactory.class
   993 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/StringArray.class
   295 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/package-info.class
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/
  1717 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/EditionSWA.class
  1108 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/NewspaperSWAEndpoint.class
  1746 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/NewspaperSWAService.class
  1896 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/ObjectFactory.class
   991 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/StringArray.class
   294 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/package-info.class

The same things just written for the agency archive apply here too.

 

You need to deploy the newspaper archive to your application server (perhaps you already did so, if you tried creating the client above); then just run the two clients using the wsrunclient script.

Running the agency client:

wsrunclient.sh -classpath jaxws-samples-news-step1-agency.jar org.jboss.test.ws.jaxws.samples.news.Agency http://localhost.localdomain:8080/news/pressRelease?wsdl Title Body

you'll get something like this on the server log:

15:38:30,360 INFO  [PressReleaseEndpoint] Received a press release from agency: agency01
15:38:30,360 INFO  [PressReleaseEndpoint] - Title: Title
15:38:30,360 INFO  [PressReleaseEndpoint] - Text: Body

Running the printer client (MTOM/XOP version):

wsrunclient.sh -classpath jaxws-samples-news-step1-printer.jar org.jboss.test.ws.jaxws.samples.news.Printer http://localhost.localdomain:8080/news/newspaper/mtom?wsdl

you'll get this on the client log:

Downloading newspaper document: doc01
Content: VGhpcyBpcyB0aGUgbmV3c3BhcGVyIGRvY3VtZW50IHdpdGggaWQgZG9jMDE=
Downloading newspaper document: doc02
Content: VGhpcyBpcyB0aGUgbmV3c3BhcGVyIGRvY3VtZW50IHdpdGggaWQgZG9jMDI=

The capture of one of the exchanged messages shows the xop:Include element being used to reference the attachment:

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200801291425)/JBossWeb-2.0
Content-Type: multipart/related; type="application/xop+xml"; start="<rootpart@ws.jboss.org>"; .start-info="text/xml";   .boundary="----=_Part_11_27939361.1202482223654"
Transfer-Encoding: chunked
Date: Fri, 08 Feb 2008 14:50:23 GMT

------=_Part_11_27939361.1202482223654
Content-Type: application/xop+xml; type="text/xml"
Content-Transfer-Encoding: 8bit
Content-ID: <rootpart@ws.jboss.org>

<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'><env:Header></env:Header><env:Body><ns1:getNewspaperEditionResponse xmlns:ns1='http://org.jboss.ws/samples/news'><return><content><xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include" href="cid:content-454e2c56-10d9-4393-8050-241578a4f812@ws.jboss.org"/></content><date>2008-02-08T15:50:23.652+01:00</date><id>doc02</id></return></ns1:getNewspaperEditionResponse></env:Body></env:Envelope>

------=_Part_11_27939361.1202482223654
Content-Type: text/plain
Content-Transfer-Encoding: binary
Content-Id: <content-454e2c56-10d9-4393-8050-241578a4f812@ws.jboss.org>

This is the newspaper document with id doc02

------=_Part_11_27939361.1202482223654--

Finally, running the SwaRef version of printer client:

wsrunclient.sh -classpath jaxws-samples-news-step1-printer.jar org.jboss.test.ws.jaxws.samples.news.Printer http://localhost.localdomain:8080/news/newspaper/swa?wsdl

you'll get this on the client log:

Downloading newspaper document: doc01
Content: text/plain
Content: This is the newspaper document with id doc01
Downloading newspaper document: doc02
Content: text/plain
Content: This is the newspaper document with id doc02

The capture of one of the exchanged messages shows the MIME attachment being used:

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200801291425)/JBossWeb-2.0
Content-Type: multipart/related; type="text/xml"; start="<rootpart@ws.jboss.org>";   .boundary="----=_Part_7_26058.1202481869751"
Transfer-Encoding: chunked
Date: Fri, 08 Feb 2008 14:44:29 GMT

------=_Part_7_26058.1202481869751
Content-Type: text/xml; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-ID: <rootpart@ws.jboss.org>

<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'><env:Header></env:Header><env:Body><ns1:getNewspaperEditionResponse xmlns:ns1='http://org.jboss.ws/samples/news'><return><content>cid:0-1202481869750-15993608@ws.jboss.org</content><date>2008-02-08T15:44:29.749+01:00</date><id>doc02</id></return></ns1:getNewspaperEditionResponse></env:Body></env:Envelope>

------=_Part_7_26058.1202481869751
Content-Type: text/plain
Content-Transfer-Encoding: binary
Content-Id: <0-1202481869750-15993608@ws.jboss.org>

This is the newspaper document with id doc02

------=_Part_7_26058.1202481869751--

Security

Securing a web service application implies performing different changes to both consumers and producers to achieve for example confidentiality, accountability, etc. Different degrees of security might be required according to the application's aims. That's the reason why the current sample shows different solutions.

 

The press release endpoint

Suppose the newspaper and agency's owners want the maximum confidentiality regarding the exchanged press release. Thus we decide to obtain message level security using WS-Security. In particular, messages will be both encrypted and signed; moreover each of them will have a timestamp.

 

Assuming the client side to be alice and the server side bob, we're going to use the following jbossws ws-security configuration files (jboss-wsse-client.xml first):

<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                   xsi:schemaLocation="http://www.jboss.com/ws-security/config 
                   http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  <key-store-file>META-INF/alice-sign_enc.jks</key-store-file>
  <key-store-password>password</key-store-password>
  <key-store-type>jks</key-store-type>
  <trust-store-file>META-INF/wsse10.truststore</trust-store-file>
  <trust-store-password>password</trust-store-password>
  <config>
       <timestamp ttl="300"/>
       <sign type="x509v3" alias="1" includeTimestamp="true"/>
    <encrypt type="x509v3" alias="bob"/>
    <requires>
      <signature/>
      <encryption/>
    </requires>
  </config>
</jboss-ws-security>

<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                   xsi:schemaLocation="http://www.jboss.com/ws-security/config
                   http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
     <key-store-file>META-INF/bob-sign_enc.jks</key-store-file>
        <key-store-password>password</key-store-password>
        <key-store-type>jks</key-store-type>
        <trust-store-file>META-INF/wsse10.truststore</trust-store-file>
        <trust-store-password>password</trust-store-password>
     <config>
          <timestamp ttl="300"/>
          <sign type="x509v3" alias="1" includeTimestamp="true"/>
          <encrypt type="x509v3" alias="alice"/>
           <requires>
             <signature/>
             <encryption/>      
           </requires>
        </config>
</jboss-ws-security>

Please refer to the src/test/resources/jaxws/samples/news/META-INF/readme.txt file for a contents' explanation of the keystores, truststore and certificates used in the sample.

The secure web service endpoint is obtained specifying the ws-security endpoint configuration through the @EndpointConfig annotation:

@Stateless
@WebService(name = "PressReleaseEndpoint",
            targetNamespace = "http://org.jboss.ws/samples/news",
            serviceName = "PressReleaseService")
@SOAPBinding(style = SOAPBinding.Style.DOCUMENT,
             use = SOAPBinding.Use.LITERAL)
@WebContext(contextRoot="/news",
            urlPattern="/pressRelease")
@EndpointConfig(configName = "Standard WSSecurity Endpoint")
public class SecurePressReleaseEndpoint extends AbstractPressReleaseEndpoint
{
   
}

Of course also the secure agency client needs the right configuration:

public class SecureAgency extends Agency
{
   public SecureAgency(URL url)
   {
      super(url);
      ((StubExt)endpoint).setConfigName("Standard WSSecurity Client");
   }
   
   public static void main(String[] args)
   {
      try
      {
         if (args.length == 3)
         {
            Agency agency = new SecureAgency(new URL(args[0]));
            agency.run(args[1], args[2]);
            System.out.println("Press release sent.");
         }
         else
         {
            System.out.println("SecureAgency client usage:");
            System.out.println("./wsrunclient.sh -classpath agency.jar org.jboss.test.ws.jaxws.samples.news.SecureAgency " +
                      "http://localhost.localdomain:8080/news/pressRelease?wsdl title body");
         }
      }
      catch (Exception e)
      {
         e.printStackTrace();
      }
   }
}

The newspaper edition endpoint

Suppose the message exchange between the newspaper main center and the printers/distributors has lower security requirements; we decide to achieve accountability through BASIC authentication and confidentiality securing the transport with HTTPS.

The secure MTOM/XOP endpoint implementation is obtained this way:

@Stateless
@WebService(endpointInterface = "org.jboss.test.ws.jaxws.samples.news.NewspaperMTOM",
      name = "NewspaperMTOMEndpoint",
      targetNamespace = "http://org.jboss.ws/samples/news",
      serviceName = "NewspaperMTOMService")
@SOAPBinding(style = SOAPBinding.Style.RPC,
       use = SOAPBinding.Use.LITERAL)
@SecurityDomain("JBossWS")
@WebContext(contextRoot="/news",
      urlPattern="/newspaper/mtom",
      authMethod="BASIC",
      transportGuarantee="CONFIDENTIAL",
      secureWSDLAccess=false)
@BindingType(value = "http://schemas.xmlsoap.org/wsdl/soap/http?mtom=true")
public class SecureNewspaperMTOMEndpoint extends AbstractNewspaperMTOMEndpoint implements NewspaperMTOM
{
   
}

For ease, we use the JBossWS default security domain, of course you might want to use another one with your own custom login module. The @WebContext annotation sets the authentication method and enforce the https use (transportGuarantee="CONFIDENTIAL"). The secure SwaRef endpoint implementation is obtained the same way as the MTOM/XOP one.

 

On the client side, we just need to set the username/password:

public class SecurePrinter extends Printer
{
   public SecurePrinter(URL url, boolean mtom)
   {
      super(url,mtom);
      BindingProvider bp = mtom ? (BindingProvider)mtomEndpoint : (BindingProvider)swaEndpoint;
      bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermit");
      bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrog");
      System.setProperty("org.jboss.security.ignoreHttpsHost", "true");
   }
   
   public static void main(String[] args)
   {
      try
      {
         if (args.length == 1)
         {
            SecurePrinter printer = new SecurePrinter(new URL(args[0]), args[0].endsWith("mtom?wsdl"));
            printer.run();
         }
         else
         {
            System.out.println("SecurePrinter client usage:");
            System.out.println("wsrunclient.sh -classpath agency.jar -Djavax.net.ssl.trustStore=truststorePath -Djavax.net.ssl.trustStorePassword=truststorePwd " +
                      "org.jboss.test.ws.jaxws.samples.news.SecurePrinter http://host:port/news/newspaper/mtom?wsdl");
            System.out.println("or");
            System.out.println("wsrunclient.sh -classpath agency.jar -Djavax.net.ssl.trustStore=truststorePath -Djavax.net.ssl.trustStorePassword=truststorePwd " +
                      "org.jboss.test.ws.jaxws.samples.news.SecurePrinter http://host:port/news/newspaper/swa?wsdl");
         }
      }
      catch (Exception e)
      {
         e.printStackTrace();
      }
   }
}

For an explanation of the reason for setting the org.jboss.security.ignoreHttpsHost property to true, please read here.

As suggested in the SecurePrinter usage info, you would need to set the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword for the client to be able to perform the https connection. Finally, we enabled the server Tomcat+SSL connector adding this to the jboss-web.deployer/server.xml:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
             maxThreads="150" scheme="https" secure="true"
             keystoreFile="${jboss.server.home.dir}/my.keystore"
             truststoreFile="${jboss.server.home.dir}/my.truststore"
             clientAuth="false" sslProtocol="TLS" />

Running the sample

Once we build the sample we have the following archives for the secure version:

[alessio@localhost trunk]$ jar -tvf output/tests/libs/jaxws-samples-news-step2-newspaper.jar 
     0 Fri Feb 08 17:41:44 CET 2008 META-INF/
   106 Fri Feb 08 17:41:42 CET 2008 META-INF/MANIFEST.MF
     0 Fri Feb 08 11:38:20 CET 2008 org/
     0 Fri Feb 08 11:38:20 CET 2008 org/jboss/
     0 Fri Feb 08 11:38:20 CET 2008 org/jboss/test/
     0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/
  1867 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/AbstractNewspaperMTOMEndpoint.class
  1861 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/AbstractNewspaperSWAEndpoint.class
  1281 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/AbstractPressReleaseEndpoint.class
  1223 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/EditionMTOM.class
  1301 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/EditionSWA.class
   951 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/NewspaperMTOM.class
   948 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/NewspaperSWA.class
  1208 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/PressRelease.class
  1480 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/SecureNewspaperMTOMEndpoint.class
  1379 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/SecureNewspaperSWAEndpoint.class
  1173 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/SecurePressReleaseEndpoint.class
  2362 Fri Feb 08 11:40:32 CET 2008 META-INF/bob-sign_enc.jks
   850 Fri Feb 08 11:40:20 CET 2008 META-INF/jboss-wsse-server.xml
  1656 Fri Feb 08 11:40:30 CET 2008 META-INF/wsse10.truststore
[alessio@localhost trunk]$ jar -tvf output/tests/libs/jaxws-samples-news-step2-agency.jar 
     0 Fri Feb 08 17:41:44 CET 2008 META-INF/
   106 Fri Feb 08 17:41:42 CET 2008 META-INF/MANIFEST.MF
     0 Fri Feb 08 11:38:20 CET 2008 org/
     0 Fri Feb 08 11:38:20 CET 2008 org/jboss/
     0 Fri Feb 08 11:38:20 CET 2008 org/jboss/test/
     0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/
  2592 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/Agency.class
  1461 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/SecureAgency.class
     0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/
  2813 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/ObjectFactory.class
  1640 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/PressRelease.class
   865 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/PressReleaseEndpoint.class
  1725 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/PressReleaseService.class
  1035 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/SubmitPressRelease.class
   647 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/SubmitPressReleaseResponse.class
   291 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/package-info.class
  2358 Fri Feb 08 11:40:30 CET 2008 META-INF/alice-sign_enc.jks
   814 Fri Feb 08 17:41:32 CET 2008 META-INF/jboss-wsse-client.xml
  1656 Fri Feb 08 11:40:30 CET 2008 META-INF/wsse10.truststore
[alessio@localhost trunk]$ jar -tvf output/tests/libs/jaxws-samples-news-step2-printer.jar 
     0 Fri Feb 08 18:01:14 CET 2008 META-INF/
   106 Fri Feb 08 18:01:12 CET 2008 META-INF/MANIFEST.MF
     0 Fri Feb 08 11:38:20 CET 2008 org/
     0 Fri Feb 08 11:38:20 CET 2008 org/jboss/
     0 Fri Feb 08 11:38:20 CET 2008 org/jboss/test/
     0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/
  5464 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/Printer.class
  2324 Fri Feb 08 18:01:00 CET 2008 org/jboss/test/ws/jaxws/samples/news/SecurePrinter.class
     0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/
     0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/
  1599 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/EditionMTOM.class
  1115 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/NewspaperMTOMEndpoint.class
  1760 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/NewspaperMTOMService.class
   958 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/ObjectFactory.class
   993 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/StringArray.class
   295 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/package-info.class
     0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/
  1717 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/EditionSWA.class
  1108 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/NewspaperSWAEndpoint.class
  1746 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/NewspaperSWAService.class
  1896 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/ObjectFactory.class
   991 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/StringArray.class
   294 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/package-info.class

We basically added the secure version of endpoints and clients, as well as the required ws-security descriptors and keystores.

While running the agency client...

wsrunclient.sh -classpath jaxws-samples-news-step2-agency.jar org.jboss.test.ws.jaxws.samples.news.SecureAgency http://localhost.localdomain:8080/news/pressRelease?wsdl title body

we can for example capture the request message and verify that it's encrypted and signed:

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200801291425)/JBossWeb-2.0
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 08 Feb 2008 19:03:44 GMT

<env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'><env:Header><wsse:Security env:mustUnderstand='1' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'><wsu:Timestamp wsu:Id='timestamp'><wsu:Created>2008-02-08T19:03:43.991Z</wsu:Created><wsu:Expires>2008-02-08T19:08:43.991Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' wsu:Id='token-17-1202497424002-6508395'>MIIDDDCCAfSgAwIBAgIQM6YEf7FVYx/tZyEXgVComTANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQK
DAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoX
DTE4MDMxOTIzNTk1OVowQjEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3Ag
VGVzdCBDZXJ0MQ4wDAYDVQQDDAVBbGljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoqi9
9By1VYo0aHrkKCNT4DkIgPL/SgahbeKdGhrbu3K2XG7arfD9tqIBIKMfrX4Gp90NJa85AV1yiNsE
yvq+mUnMpNcKnLXLOjkTmMCqDYbbkehJlXPnaWLzve+mW0pJdPxtf3rbD4PS/cBQIvtpjmrDAU8V
sZKT8DN5Kyz+EZsCAwEAAaOBkzCBkDAJBgNVHRMEAjAAMDMGA1UdHwQsMCowKKImhiRodHRwOi8v
aW50ZXJvcC5iYnRlc3QubmV0L2NybC9jYS5jcmwwDgYDVR0PAQH/BAQDAgSwMB0GA1UdDgQWBBQK
4l0TUHZ1QV3V2QtlLNDm+PoxiDAfBgNVHSMEGDAWgBTAnSj8wes1oR3WqqqgHBpNwkkPDzANBgkq
hkiG9w0BAQUFAAOCAQEABTqpOpvW+6yrLXyUlP2xJbEkohXHI5OWwKWleOb9hlkhWntUalfcFOJA
gUyH30TTpHldzx1+vK2LPzhoUFKYHE1IyQvokBN2JjFO64BQukCKnZhldLRPxGhfkTdxQgdf5rCK
/wh3xVsZCNTfuMNmlAM6lOAg8QduDah3WFZpEA0s2nwQaCNQTNMjJC8tav1CBr6+E5FAmwPXP7pJ
xn9Fw9OXRyqbRA4v2y7YpbGkG2GI9UvOHw6SGvf4FRSthMMO35YbpikGsLix3vAsXWWi4rwfVOYz
QK0OFPNi9RMCUdSH06m9uLWckiCxjos0FQODZE9l4ATGy9s9hNVwryOJTw==</wsse:BinarySecurityToken><wsse:BinarySecurityToken EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' wsu:Id='token-14-1202497424000-24093349'>MIIDCjCCAfKgAwIBAgIQYDju2/6sm77InYfTq65x+DANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQK
DAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoX
DTE4MDMxOTIzNTk1OVowQDEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3Ag
VGVzdCBDZXJ0MQwwCgYDVQQDDANCb2IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMCquMva
4lFDrv3fXQnKK8CkSU7HvVZ0USyJtlL/yhmHH/FQXHyYY+fTcSyWYItWJYiTZ99PAbD+6EKBGbdf
uJNUJCGaTWc5ZDUISqM/SGtacYe/PD/4+g3swNPzTUQAIBLRY1pkr2cm3s5Ch/f+mYVNBR41HnBe
Ixybw25kkoM7AgMBAAGjgZMwgZAwCQYDVR0TBAIwADAzBgNVHR8ELDAqMCiiJoYkaHR0cDovL2lu
dGVyb3AuYmJ0ZXN0Lm5ldC9jcmwvY2EuY3JsMA4GA1UdDwEB/wQEAwIEsDAdBgNVHQ4EFgQUXeg5
5vRyK3ZhAEhEf+YT0z986L0wHwYDVR0jBBgwFoAUwJ0o/MHrNaEd1qqqoBwaTcJJDw8wDQYJKoZI
hvcNAQEFBQADggEBAIiVGv2lGLhRvmMAHSlY7rKLVkv+zEUtSyg08FBT8z/RepUbtUQShcIqwWse
mDU8JVtsucQLc+g6GCQXgkCkMiC8qhcLAt3BXzFmLxuCEAQeeFe8IATr4wACmEQE37TEqAuWEIan
PYIplbxYgwP0OBWBSjcRpKRAxjEzuwObYjbll6vKdFHYIweWhhWPrefquFp7TefTkF4D3rcctTfW
J76I5NrEVld+7PBnnJNpdDEuGsoaiJrwTW3Ixm40RXvG3fYS4hIAPeTCUk3RkYfUkqlaaLQnUrF2
hZSgiBNLPe8gGkYORccRIlZCGQDEpcWl1Uf9OHw6fC+3hkqolFd5CVI=</wsse:BinarySecurityToken><xenc:EncryptedKey xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'><xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-1_5' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/><ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<wsse:SecurityTokenReference wsu:Id='reference-18-1202497424003-32714846'><wsse:Reference URI='#token-17-1202497424002-6508395' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/></wsse:SecurityTokenReference>
</ds:KeyInfo><xenc:CipherData xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'><xenc:CipherValue xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>N6udrhTegMr/BHAWHEFcqASBUYaGUaT4c+j8Ow3PJPcC86comLyTWU1cAjjgmrorKy9TdQ4cqPoI
/TwKi88yC5E/fDCojmYc1KJV3Jq3jp2j68Z+ZaopLmciiO49ySu7DKsdPL6Cc2bq6bSh6YKgOboH
8eYfo9OsoAyK8QG4oIc=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'><xenc:DataReference URI='#encrypted-16-1202497424001-26591181' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/></xenc:ReferenceList></xenc:EncryptedKey><ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:SignedInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
<ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
<ds:Reference URI='#element-13-1202497423991-15458568' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:Transforms xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
<ds:DigestValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>tfTeWLN1EkJG2rkzORoSvIhOee8=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI='#timestamp' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:Transforms xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
</ds:Transforms>
<ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
<ds:DigestValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>c7QCbyPei07wWMAUaiNSg6lZvZ8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
Gib/sFAZQPX1cKtVp3UHbLr275lkOESbRRW/ShX6VVgJRgXaJlqEvzZzbHyzNh8XJdatsP2RJlOs
A3/By6aejJLPU8bTmb9j2KMUkFid8arvLyF5ezNZc3/YHF+UNjH6JjK1lKwqjE8WF0i4sBFXzUkP
oGMTkdDaNyLtqYJa+7k=
</ds:SignatureValue>
<ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
<wsse:SecurityTokenReference wsu:Id='reference-15-1202497424000-2041959'><wsse:Reference URI='#token-14-1202497424000-24093349' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></env:Header><env:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='element-13-1202497423991-15458568'><xenc:EncryptedData Id='encrypted-16-1202497424001-26591181' Type='http://www.w3.org/2001/04/xmlenc#Content' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'><xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/>
<xenc:CipherData xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'><xenc:CipherValue xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>Wwt17Rt46aEabjJJdir8wTgm+UGkjb4KL5xTlei8GPZHBFfICxdg30HexJHqncjTaGjfx+Z7VFeN
YxFboMBGjCCln7WqcLZBKUmVffAr/gzMod4OAkMUER2T/GhhQp1hyZH2eo65pgy5slA4dHN5une7
+LuSev4VQRGazsmHOv2ObI4fMUEdD9D/Luvt/WwvmNHd/dyvzBybEZOBuqsZLZA6hzEwWKp6JK0B
TPiYvRyledLYDtAuZzVTWa70qIOdBlJpTbFmvY3CWZaxXtHWiRTX9I+x88N8hyf/HYbTb3nV+5ZE
DZgcKjG8fMxF6nGPfcfXr5lm6GqlME4B4ImCPb9AtZqjVKyX3MO166hVLsy0EiqPbiikyWBD07p4
hbKs1X8n+m9M3SdAVtEeh50zqzpIp96lKlbHmwZ27wro6KQ=
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</env:Body></env:Envelope>

Instead the MTOM/XOP printer client can be run this way...

wsrunclient.sh -classpath jaxws-samples-news-step2-printer.jar -Djavax.net.ssl.trustStore=my.truststore -Djavax.net.ssl.trustStorePassword=changeit org.jboss.test.ws.jaxws.samples.news.SecurePrinter http://localhost.localdomain:8080/news/newspaper/mtom?wsdl

... and of course we can't see the messages' contents due to the SSL encryption.