JBossWS - Security and attachments sample

    Since 3.0.1 (Native)

    Scenario

    This sample targets those web service business scenarios requiring both exchange of attachments and different levels of communication security.

     

    The org.jboss.test.ws.jaxws.samples.news sample is about an oversimplified newspaper system. News agencies provide press releases to the main newspaper center. Information are processed, articles written and perhaps translated. Once a newspaper edition is ready, printer/distributor centers can download it (as well as previous editions).

    This sample of course focuses on the web service endpoints making the above-mentioned communication possible.

     

    Attachments

    The JBossWS stack supports two means of using attachment (perhaps binary) to SOAP message: MTOM/XOP and SwaRef. Basically both technologies allows attachments to be referenced in SOAP messages, moreover MTOM/XOP provides efficient data serialization for certain content types. Since third-party system might support MTOM/XOP or SwaRef only, we decided here to implement two different endpoints, each of them using one technology.

     

    The press release endpoint

    Newspaper server

    The press release endpoint implementation is provided in the AbstractPressReleaseEndpoint class and simply outputs the received press release object to the logs:

    public abstract class AbstractPressReleaseEndpoint
    {
       private Logger log = Logger.getLogger(this.getClass());
       
       public void submitPressRelease(PressRelease release)
       {
          log.info("Received a press release from agency: " + release.getAgencyId());
          log.info("- Title: " + release.getTitle());
          log.info("- Text: " + release.getBody());
       }
    }
    

    Here is the actual web service endpoint implementation:

    @Stateless
    @WebService(name = "PressReleaseEndpoint",
                targetNamespace = "http://org.jboss.ws/samples/news",
                serviceName = "PressReleaseService")
    @SOAPBinding(style = SOAPBinding.Style.DOCUMENT,
                 use = SOAPBinding.Use.LITERAL)
    @WebContext(contextRoot="/news",
                urlPattern="/pressRelease")
    public class PressReleaseEndpoint extends AbstractPressReleaseEndpoint
    {
       
    }
    

    To make it really easy, we used a SLSB endpoint without even defining an interface. We chose Document/Literal style/use and explicitely set the service name and namespace, as well as the context root and url pattern through the @WebContext annotation. Thus nothing special here, no attachments stuff required, we're simply preparing a basic service that will be secured in the next chapter.

     

    Agency client

    Once the server is implemented, we can deploy it and get the generated wsdl contract. This way we generate the client through the wsconsume script (assume your bind address is localhost.localdomain:8080):

    wsconsume.sh -k -p org.jboss.test.ws.jaxws.samples.news.generated.agency http://localhost.localdomain:8080/news/pressRelease?wsdl
    

    Referencing the generated classes, we hand code the agency client:

    public class Agency
    {
       protected PressReleaseEndpoint endpoint;
    
       public Agency(URL url)
       {
          PressReleaseService service = new PressReleaseService(url, new QName("http://org.jboss.ws/samples/news", "PressReleaseService"));
          endpoint = service.getPressReleaseEndpointPort();
       }
       
       public void run(String title, String body)
       {
          PressRelease pressRelease = new PressRelease();
          pressRelease.setAgencyId("agency01");
          pressRelease.setTitle(title);
          pressRelease.setBody(body);
          pressRelease.setDate(new XMLGregorianCalendarImpl(new GregorianCalendar()));
          endpoint.submitPressRelease(pressRelease);
       }
       
       public static void main(String[] args)
       {
          try
          {
             if (args.length == 3)
             {
                Agency agency = new Agency(new URL(args[0]));
                agency.run(args[1], args[2]);
                System.out.println("Press release sent.");
             }
             else
             {
                System.out.println("Agency client usage:");
                System.out.println("wsrunclient.sh -classpath agency.jar org.jboss.test.ws.jaxws.samples.news.Agency http://host:port/news/pressRelease?wsdl title body");
             }
          }
          catch (Exception e)
          {
             e.printStackTrace();
          }
       }
    }

    The newspaper edition endpoint

    MTOM/XOP newspaper server

    The class used to ship newspaper edition from the main center to the printers/distributors is the following one:

    public class EditionMTOM
    {
       private Date date;
       private DataHandler content;
       private String id;
       
       public Date getDate()
       {
          return date;
       }
       public void setDate(Date date)
       {
          this.date = date;
       }
       @XmlMimeType("text/plain")
       public DataHandler getContent()
       {
          return content;
       }
       public void setContent(DataHandler content)
       {
          this.content = content;
       }
       public String getId()
       {
          return id;
       }
       public void setId(String id)
       {
          this.id = id;
       }
    }
    

    Please note the @XmlMimeType annotation used to set the MIME type of the attachment being enclosed to the message. For ease we're using text-plain here, of course a real world use case will almost always require something else, perhaps application/octet-stream.

    The sample newspaper endpoint implementation is quite trivial:

    public class AbstractNewspaperMTOMEndpoint
    {
       private Logger log = Logger.getLogger(this.getClass());
       
       public EditionMTOM getNewspaperEdition(String newspaperId)
       {
          log.info("Newspaper edition requested: " + newspaperId);
          EditionMTOM edition = new EditionMTOM();
          edition.setContent(new DataHandler("This is the newspaper document with id " + newspaperId, "text/plain"));
          edition.setDate(new Date());
          edition.setId(newspaperId);
          return edition;
       }
       
       public String[] getNewspaperEditionIdList(Date from, Date to)
       {
          String[] ids = new String[2];
          ids[0] = "doc01";
          ids[1] = "doc02";
          return ids;
       }
    }
    

    As you can see the edition's content is provided through the DataHandler class, which allows you to use every content-types you might need. The actual web service configuration is provided through the NewspaperMTOMEndpoint:

    @Stateless
    @WebService(endpointInterface = "org.jboss.test.ws.jaxws.samples.news.NewspaperMTOM",
          name = "NewspaperMTOMEndpoint",
          targetNamespace = "http://org.jboss.ws/samples/news",
          serviceName = "NewspaperMTOMService")
    @SOAPBinding(style = SOAPBinding.Style.RPC,
           use = SOAPBinding.Use.LITERAL)
    @WebContext(contextRoot="/news",
          urlPattern="/newspaper/mtom")
    @BindingType(value = "http://schemas.xmlsoap.org/wsdl/soap/http?mtom=true")
    public class NewspaperMTOMEndpoint extends AbstractNewspaperMTOMEndpoint implements NewspaperMTOM
    {
       
    }
    

    In this example we're using RPC/Literal to keep things easier; the @BindingType annotation is required to enable MTOM processing.

     

    SwaRef newspaper server

    The class used to ship newspaper edition from the main center to the printers/distributors is the following one:

    @XmlRootElement
    public class EditionSWA
    {
       private Date date;
       private DataHandler content;
       private String id;
       
       public Date getDate()
       {
          return date;
       }
       public void setDate(Date date)
       {
          this.date = date;
       }
       @XmlElement
       @XmlAttachmentRef
       public DataHandler getContent()
       {
          return content;
       }
       public void setContent(DataHandler content)
       {
          this.content = content;
       }
       public String getId()
       {
          return id;
       }
       public void setId(String id)
       {
          this.id = id;
       }
    }
    

    Please note the @XmlAttachmentRef annotation used to define which attribute will be enclosed as attachment. The DataHandler class has to be used here too.

     

    The sample newspaper endpoint implementation is the same as the MTOM one except for the EditionSWA class used instead of EditionMTOM. The web service endpoint configuration instead is simpler, since nothing more than what you would have in an usual endpoint implementation is required:

    @Stateless
    @WebService(endpointInterface = "org.jboss.test.ws.jaxws.samples.news.NewspaperSWA",
          name = "NewspaperSWAEndpoint",
          targetNamespace = "http://org.jboss.ws/samples/news",
          serviceName = "NewspaperSWAService")
    @SOAPBinding(style = SOAPBinding.Style.RPC,
           use = SOAPBinding.Use.LITERAL)
    @WebContext(contextRoot="/news",
          urlPattern="/newspaper/swa")
    public class NewspaperSWAEndpoint extends AbstractNewspaperSWAEndpoint implements NewspaperSWA
    {
       
    }

    Printer client

    As for the press release endpoint, we generate the client stuff using the wsconsume script, given the published wsdl contract:

    wsconsume.sh -k -p org.jboss.test.ws.jaxws.samples.news.generated.printer.mtom http://localhost.localdomain:8080/news/newspaper/mtom?wsdl
    wsconsume.sh -k -p org.jboss.test.ws.jaxws.samples.news.generated.printer.swa http://localhost.localdomain:8080/news/newspaper/swa?wsdl
    

    The sample printer is coded referencing the generated classes and allows invocation of both the endpoints:

    public class Printer
    {
       protected NewspaperMTOMEndpoint mtomEndpoint;
       protected NewspaperSWAEndpoint swaEndpoint;
       protected boolean mtom;
       
       public Printer(URL url, boolean mtom)
       {
          this.mtom = mtom;
          if (mtom)
          {
             NewspaperMTOMService mtomService = new NewspaperMTOMService(url, new QName("http://org.jboss.ws/samples/news", "NewspaperMTOMService"));
             mtomEndpoint = mtomService.getNewspaperMTOMEndpointPort();
          }
          else
          {
             NewspaperSWAService swaService = new NewspaperSWAService(url, new QName("http://org.jboss.ws/samples/news", "NewspaperSWAService"));
             swaEndpoint = swaService.getNewspaperSWAEndpointPort();
          }
       }
       
       public void run() throws IOException
       {
          XMLGregorianCalendar from = new XMLGregorianCalendarImpl(new GregorianCalendar(2008,1,10));
          XMLGregorianCalendar to = new XMLGregorianCalendarImpl(new GregorianCalendar(2008,1,14));
          if (mtom)
          {
             ((SOAPBinding)(((BindingProvider)mtomEndpoint).getBinding())).setMTOMEnabled(true);
             for (String id : mtomEndpoint.getNewspaperEditionIdList(from, to).getItem())
             {
                System.out.println("Downloading newspaper document: " + id);
                EditionMTOM edition = mtomEndpoint.getNewspaperEdition(id);
                System.out.println("Content: " + edition.getContent());
             }
          }
          else
          {
             for (String id : swaEndpoint.getNewspaperEditionIdList(from, to).getItem())
             {
                System.out.println("Downloading newspaper document: " + id);
                EditionSWA edition = swaEndpoint.getNewspaperEdition(id);
                DataHandler dh = edition.getContent();
                System.out.println("Content type: " + dh.getContentType());
                System.out.println("Content: " + dh.getContent());
             }
          }
       }
       
       public static void main(String[] args)
       {
          try
          {
             if (args.length == 1)
             {
                Printer printer = new Printer(new URL(args[0]), args[0].endsWith("mtom?wsdl"));
                printer.run();
             }
             else
             {
                System.out.println("Printer client usage:");
                System.out.println("wsrunclient.sh -classpath agency.jar org.jboss.test.ws.jaxws.samples.news.Printer http://host:port/news/newspaper/mtom?wsdl");
                System.out.println("or");
                System.out.println("wsrunclient.sh -classpath agency.jar org.jboss.test.ws.jaxws.samples.news.Printer http://host:port/news/newspaper/swa?wsdl");
             }
          }
          catch (Exception e)
          {
             e.printStackTrace();
          }
       }
    }
    

    Please note we used the SOAPBinding's setMTOMEnabled(boolean enable) method to enable the MTOM/XOP processing.

     

    Running the sample

    Let's build the sample and take a look at the final contents of the generated archives; the newspaper main center is in jaxws-samples-news-step1-newspaper.jar:

    [alessio@localhost trunk]$ jar -tvf output/tests/libs/jaxws-samples-news-step1-newspaper.jar
         0 Fri Feb 08 11:40:50 CET 2008 META-INF/
       106 Fri Feb 08 11:40:48 CET 2008 META-INF/MANIFEST.MF
         0 Fri Feb 08 11:38:20 CET 2008 org/
         0 Fri Feb 08 11:38:20 CET 2008 org/jboss/
         0 Fri Feb 08 11:38:20 CET 2008 org/jboss/test/
         0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/
      1867 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/AbstractNewspaperMTOMEndpoint.class
      1861 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/AbstractNewspaperSWAEndpoint.class
      1281 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/AbstractPressReleaseEndpoint.class
      1223 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/EditionMTOM.class
      1301 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/EditionSWA.class
       951 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/NewspaperMTOM.class
      1298 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/NewspaperMTOMEndpoint.class
       948 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/NewspaperSWA.class
      1265 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/NewspaperSWAEndpoint.class
      1208 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/PressRelease.class
      1059 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/PressReleaseEndpoint.class
    

    As you can see, it contains both the press release and newspaper edition endpoint implementations (the latter in MTOM and Swa versions). No descriptor is required.

    The agency archive is jaxws-samples-news-step1-agency.jar:

    [alessio@localhost trunk]$ jar -tvf output/tests/libs/jaxws-samples-news-step1-agency.jar 
         0 Fri Feb 08 11:40:50 CET 2008 META-INF/
       106 Fri Feb 08 11:40:48 CET 2008 META-INF/MANIFEST.MF
         0 Fri Feb 08 11:38:20 CET 2008 org/
         0 Fri Feb 08 11:38:20 CET 2008 org/jboss/
         0 Fri Feb 08 11:38:20 CET 2008 org/jboss/test/
         0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/
      2592 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/Agency.class
         0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/
      2813 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/ObjectFactory.class
      1640 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/PressRelease.class
       865 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/PressReleaseEndpoint.class
      1725 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/PressReleaseService.class
      1035 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/SubmitPressRelease.class
       647 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/SubmitPressReleaseResponse.class
       291 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/package-info.class
    

    It contains nothing more than the hand coded client class and the wsconsume generated classes.

    Finally, the printer archive is jaxws-samples-news-step1-printer.jar:

    [alessio@localhost trunk]$ jar -tvf output/tests/libs/jaxws-samples-news-step1-printer.jar 
         0 Fri Feb 08 11:40:50 CET 2008 META-INF/
       106 Fri Feb 08 11:40:48 CET 2008 META-INF/MANIFEST.MF
         0 Fri Feb 08 11:38:20 CET 2008 org/
         0 Fri Feb 08 11:38:20 CET 2008 org/jboss/
         0 Fri Feb 08 11:38:20 CET 2008 org/jboss/test/
         0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/
      5444 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/Printer.class
         0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/
         0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/
      1599 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/EditionMTOM.class
      1115 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/NewspaperMTOMEndpoint.class
      1760 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/NewspaperMTOMService.class
       958 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/ObjectFactory.class
       993 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/StringArray.class
       295 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/package-info.class
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/
      1717 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/EditionSWA.class
      1108 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/NewspaperSWAEndpoint.class
      1746 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/NewspaperSWAService.class
      1896 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/ObjectFactory.class
       991 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/StringArray.class
       294 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/package-info.class
    

    The same things just written for the agency archive apply here too.

     

    You need to deploy the newspaper archive to your application server (perhaps you already did so, if you tried creating the client above); then just run the two clients using the wsrunclient script.

    Running the agency client:

    wsrunclient.sh -classpath jaxws-samples-news-step1-agency.jar org.jboss.test.ws.jaxws.samples.news.Agency http://localhost.localdomain:8080/news/pressRelease?wsdl Title Body
    

    you'll get something like this on the server log:

    15:38:30,360 INFO  [PressReleaseEndpoint] Received a press release from agency: agency01
    15:38:30,360 INFO  [PressReleaseEndpoint] - Title: Title
    15:38:30,360 INFO  [PressReleaseEndpoint] - Text: Body
    

    Running the printer client (MTOM/XOP version):

    wsrunclient.sh -classpath jaxws-samples-news-step1-printer.jar org.jboss.test.ws.jaxws.samples.news.Printer http://localhost.localdomain:8080/news/newspaper/mtom?wsdl
    

    you'll get this on the client log:

    Downloading newspaper document: doc01
    Content: VGhpcyBpcyB0aGUgbmV3c3BhcGVyIGRvY3VtZW50IHdpdGggaWQgZG9jMDE=
    Downloading newspaper document: doc02
    Content: VGhpcyBpcyB0aGUgbmV3c3BhcGVyIGRvY3VtZW50IHdpdGggaWQgZG9jMDI=
    

    The capture of one of the exchanged messages shows the xop:Include element being used to reference the attachment:

    HTTP/1.1 200 OK
    Server: Apache-Coyote/1.1
    X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200801291425)/JBossWeb-2.0
    Content-Type: multipart/related; type="application/xop+xml"; start="<rootpart@ws.jboss.org>"; .start-info="text/xml";   .boundary="----=_Part_11_27939361.1202482223654"
    Transfer-Encoding: chunked
    Date: Fri, 08 Feb 2008 14:50:23 GMT
    
    ------=_Part_11_27939361.1202482223654
    Content-Type: application/xop+xml; type="text/xml"
    Content-Transfer-Encoding: 8bit
    Content-ID: <rootpart@ws.jboss.org>
    
    <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'><env:Header></env:Header><env:Body><ns1:getNewspaperEditionResponse xmlns:ns1='http://org.jboss.ws/samples/news'><return><content><xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include" href="cid:content-454e2c56-10d9-4393-8050-241578a4f812@ws.jboss.org"/></content><date>2008-02-08T15:50:23.652+01:00</date><id>doc02</id></return></ns1:getNewspaperEditionResponse></env:Body></env:Envelope>
    
    ------=_Part_11_27939361.1202482223654
    Content-Type: text/plain
    Content-Transfer-Encoding: binary
    Content-Id: <content-454e2c56-10d9-4393-8050-241578a4f812@ws.jboss.org>
    
    This is the newspaper document with id doc02
    
    ------=_Part_11_27939361.1202482223654--
    

    Finally, running the SwaRef version of printer client:

    wsrunclient.sh -classpath jaxws-samples-news-step1-printer.jar org.jboss.test.ws.jaxws.samples.news.Printer http://localhost.localdomain:8080/news/newspaper/swa?wsdl
    

    you'll get this on the client log:

    Downloading newspaper document: doc01
    Content: text/plain
    Content: This is the newspaper document with id doc01
    Downloading newspaper document: doc02
    Content: text/plain
    Content: This is the newspaper document with id doc02
    

    The capture of one of the exchanged messages shows the MIME attachment being used:

    HTTP/1.1 200 OK
    Server: Apache-Coyote/1.1
    X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200801291425)/JBossWeb-2.0
    Content-Type: multipart/related; type="text/xml"; start="<rootpart@ws.jboss.org>";   .boundary="----=_Part_7_26058.1202481869751"
    Transfer-Encoding: chunked
    Date: Fri, 08 Feb 2008 14:44:29 GMT
    
    ------=_Part_7_26058.1202481869751
    Content-Type: text/xml; charset=UTF-8
    Content-Transfer-Encoding: 8bit
    Content-ID: <rootpart@ws.jboss.org>
    
    <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'><env:Header></env:Header><env:Body><ns1:getNewspaperEditionResponse xmlns:ns1='http://org.jboss.ws/samples/news'><return><content>cid:0-1202481869750-15993608@ws.jboss.org</content><date>2008-02-08T15:44:29.749+01:00</date><id>doc02</id></return></ns1:getNewspaperEditionResponse></env:Body></env:Envelope>
    
    ------=_Part_7_26058.1202481869751
    Content-Type: text/plain
    Content-Transfer-Encoding: binary
    Content-Id: <0-1202481869750-15993608@ws.jboss.org>
    
    This is the newspaper document with id doc02
    
    ------=_Part_7_26058.1202481869751--

    Security

    Securing a web service application implies performing different changes to both consumers and producers to achieve for example confidentiality, accountability, etc. Different degrees of security might be required according to the application's aims. That's the reason why the current sample shows different solutions.

     

    The press release endpoint

    Suppose the newspaper and agency's owners want the maximum confidentiality regarding the exchanged press release. Thus we decide to obtain message level security using WS-Security. In particular, messages will be both encrypted and signed; moreover each of them will have a timestamp.

     

    Assuming the client side to be alice and the server side bob, we're going to use the following jbossws ws-security configuration files (jboss-wsse-client.xml first):

    <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                       xsi:schemaLocation="http://www.jboss.com/ws-security/config 
                       http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
      <key-store-file>META-INF/alice-sign_enc.jks</key-store-file>
      <key-store-password>password</key-store-password>
      <key-store-type>jks</key-store-type>
      <trust-store-file>META-INF/wsse10.truststore</trust-store-file>
      <trust-store-password>password</trust-store-password>
      <config>
           <timestamp ttl="300"/>
           <sign type="x509v3" alias="1" includeTimestamp="true"/>
        <encrypt type="x509v3" alias="bob"/>
        <requires>
          <signature/>
          <encryption/>
        </requires>
      </config>
    </jboss-ws-security>
    
    
    <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                       xsi:schemaLocation="http://www.jboss.com/ws-security/config
                       http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
         <key-store-file>META-INF/bob-sign_enc.jks</key-store-file>
            <key-store-password>password</key-store-password>
            <key-store-type>jks</key-store-type>
            <trust-store-file>META-INF/wsse10.truststore</trust-store-file>
            <trust-store-password>password</trust-store-password>
         <config>
              <timestamp ttl="300"/>
              <sign type="x509v3" alias="1" includeTimestamp="true"/>
              <encrypt type="x509v3" alias="alice"/>
               <requires>
                 <signature/>
                 <encryption/>      
               </requires>
            </config>
    </jboss-ws-security>
    
    
    

    Please refer to the src/test/resources/jaxws/samples/news/META-INF/readme.txt file for a contents' explanation of the keystores, truststore and certificates used in the sample.

    The secure web service endpoint is obtained specifying the ws-security endpoint configuration through the @EndpointConfig annotation:

    @Stateless
    @WebService(name = "PressReleaseEndpoint",
                targetNamespace = "http://org.jboss.ws/samples/news",
                serviceName = "PressReleaseService")
    @SOAPBinding(style = SOAPBinding.Style.DOCUMENT,
                 use = SOAPBinding.Use.LITERAL)
    @WebContext(contextRoot="/news",
                urlPattern="/pressRelease")
    @EndpointConfig(configName = "Standard WSSecurity Endpoint")
    public class SecurePressReleaseEndpoint extends AbstractPressReleaseEndpoint
    {
       
    }
    

    Of course also the secure agency client needs the right configuration:

    public class SecureAgency extends Agency
    {
       public SecureAgency(URL url)
       {
          super(url);
          ((StubExt)endpoint).setConfigName("Standard WSSecurity Client");
       }
       
       public static void main(String[] args)
       {
          try
          {
             if (args.length == 3)
             {
                Agency agency = new SecureAgency(new URL(args[0]));
                agency.run(args[1], args[2]);
                System.out.println("Press release sent.");
             }
             else
             {
                System.out.println("SecureAgency client usage:");
                System.out.println("./wsrunclient.sh -classpath agency.jar org.jboss.test.ws.jaxws.samples.news.SecureAgency " +
                          "http://localhost.localdomain:8080/news/pressRelease?wsdl title body");
             }
          }
          catch (Exception e)
          {
             e.printStackTrace();
          }
       }
    }

    The newspaper edition endpoint

    Suppose the message exchange between the newspaper main center and the printers/distributors has lower security requirements; we decide to achieve accountability through BASIC authentication and confidentiality securing the transport with HTTPS.

    The secure MTOM/XOP endpoint implementation is obtained this way:

    @Stateless
    @WebService(endpointInterface = "org.jboss.test.ws.jaxws.samples.news.NewspaperMTOM",
          name = "NewspaperMTOMEndpoint",
          targetNamespace = "http://org.jboss.ws/samples/news",
          serviceName = "NewspaperMTOMService")
    @SOAPBinding(style = SOAPBinding.Style.RPC,
           use = SOAPBinding.Use.LITERAL)
    @SecurityDomain("JBossWS")
    @WebContext(contextRoot="/news",
          urlPattern="/newspaper/mtom",
          authMethod="BASIC",
          transportGuarantee="CONFIDENTIAL",
          secureWSDLAccess=false)
    @BindingType(value = "http://schemas.xmlsoap.org/wsdl/soap/http?mtom=true")
    public class SecureNewspaperMTOMEndpoint extends AbstractNewspaperMTOMEndpoint implements NewspaperMTOM
    {
       
    }
    

    For ease, we use the JBossWS default security domain, of course you might want to use another one with your own custom login module. The @WebContext annotation sets the authentication method and enforce the https use (transportGuarantee="CONFIDENTIAL"). The secure SwaRef endpoint implementation is obtained the same way as the MTOM/XOP one.

     

    On the client side, we just need to set the username/password:

    public class SecurePrinter extends Printer
    {
       public SecurePrinter(URL url, boolean mtom)
       {
          super(url,mtom);
          BindingProvider bp = mtom ? (BindingProvider)mtomEndpoint : (BindingProvider)swaEndpoint;
          bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermit");
          bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "thefrog");
          System.setProperty("org.jboss.security.ignoreHttpsHost", "true");
       }
       
       public static void main(String[] args)
       {
          try
          {
             if (args.length == 1)
             {
                SecurePrinter printer = new SecurePrinter(new URL(args[0]), args[0].endsWith("mtom?wsdl"));
                printer.run();
             }
             else
             {
                System.out.println("SecurePrinter client usage:");
                System.out.println("wsrunclient.sh -classpath agency.jar -Djavax.net.ssl.trustStore=truststorePath -Djavax.net.ssl.trustStorePassword=truststorePwd " +
                          "org.jboss.test.ws.jaxws.samples.news.SecurePrinter http://host:port/news/newspaper/mtom?wsdl");
                System.out.println("or");
                System.out.println("wsrunclient.sh -classpath agency.jar -Djavax.net.ssl.trustStore=truststorePath -Djavax.net.ssl.trustStorePassword=truststorePwd " +
                          "org.jboss.test.ws.jaxws.samples.news.SecurePrinter http://host:port/news/newspaper/swa?wsdl");
             }
          }
          catch (Exception e)
          {
             e.printStackTrace();
          }
       }
    }
    

    For an explanation of the reason for setting the org.jboss.security.ignoreHttpsHost property to true, please read here.

    As suggested in the SecurePrinter usage info, you would need to set the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword for the client to be able to perform the https connection. Finally, we enabled the server Tomcat+SSL connector adding this to the jboss-web.deployer/server.xml:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                 maxThreads="150" scheme="https" secure="true"
                 keystoreFile="${jboss.server.home.dir}/my.keystore"
                 truststoreFile="${jboss.server.home.dir}/my.truststore"
                 clientAuth="false" sslProtocol="TLS" />

    Running the sample

    Once we build the sample we have the following archives for the secure version:

    [alessio@localhost trunk]$ jar -tvf output/tests/libs/jaxws-samples-news-step2-newspaper.jar 
         0 Fri Feb 08 17:41:44 CET 2008 META-INF/
       106 Fri Feb 08 17:41:42 CET 2008 META-INF/MANIFEST.MF
         0 Fri Feb 08 11:38:20 CET 2008 org/
         0 Fri Feb 08 11:38:20 CET 2008 org/jboss/
         0 Fri Feb 08 11:38:20 CET 2008 org/jboss/test/
         0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/
      1867 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/AbstractNewspaperMTOMEndpoint.class
      1861 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/AbstractNewspaperSWAEndpoint.class
      1281 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/AbstractPressReleaseEndpoint.class
      1223 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/EditionMTOM.class
      1301 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/EditionSWA.class
       951 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/NewspaperMTOM.class
       948 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/NewspaperSWA.class
      1208 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/PressRelease.class
      1480 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/SecureNewspaperMTOMEndpoint.class
      1379 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/SecureNewspaperSWAEndpoint.class
      1173 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/SecurePressReleaseEndpoint.class
      2362 Fri Feb 08 11:40:32 CET 2008 META-INF/bob-sign_enc.jks
       850 Fri Feb 08 11:40:20 CET 2008 META-INF/jboss-wsse-server.xml
      1656 Fri Feb 08 11:40:30 CET 2008 META-INF/wsse10.truststore
    
    [alessio@localhost trunk]$ jar -tvf output/tests/libs/jaxws-samples-news-step2-agency.jar 
         0 Fri Feb 08 17:41:44 CET 2008 META-INF/
       106 Fri Feb 08 17:41:42 CET 2008 META-INF/MANIFEST.MF
         0 Fri Feb 08 11:38:20 CET 2008 org/
         0 Fri Feb 08 11:38:20 CET 2008 org/jboss/
         0 Fri Feb 08 11:38:20 CET 2008 org/jboss/test/
         0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/
      2592 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/Agency.class
      1461 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/SecureAgency.class
         0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/
      2813 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/ObjectFactory.class
      1640 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/PressRelease.class
       865 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/PressReleaseEndpoint.class
      1725 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/PressReleaseService.class
      1035 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/SubmitPressRelease.class
       647 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/SubmitPressReleaseResponse.class
       291 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/agency/package-info.class
      2358 Fri Feb 08 11:40:30 CET 2008 META-INF/alice-sign_enc.jks
       814 Fri Feb 08 17:41:32 CET 2008 META-INF/jboss-wsse-client.xml
      1656 Fri Feb 08 11:40:30 CET 2008 META-INF/wsse10.truststore
    
    [alessio@localhost trunk]$ jar -tvf output/tests/libs/jaxws-samples-news-step2-printer.jar 
         0 Fri Feb 08 18:01:14 CET 2008 META-INF/
       106 Fri Feb 08 18:01:12 CET 2008 META-INF/MANIFEST.MF
         0 Fri Feb 08 11:38:20 CET 2008 org/
         0 Fri Feb 08 11:38:20 CET 2008 org/jboss/
         0 Fri Feb 08 11:38:20 CET 2008 org/jboss/test/
         0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/
      5464 Fri Feb 08 17:41:30 CET 2008 org/jboss/test/ws/jaxws/samples/news/Printer.class
      2324 Fri Feb 08 18:01:00 CET 2008 org/jboss/test/ws/jaxws/samples/news/SecurePrinter.class
         0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/
         0 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/
      1599 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/EditionMTOM.class
      1115 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/NewspaperMTOMEndpoint.class
      1760 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/NewspaperMTOMService.class
       958 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/ObjectFactory.class
       993 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/StringArray.class
       295 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/mtom/package-info.class
         0 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/
      1717 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/EditionSWA.class
      1108 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/NewspaperSWAEndpoint.class
      1746 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/NewspaperSWAService.class
      1896 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/ObjectFactory.class
       991 Fri Feb 08 11:39:52 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/StringArray.class
       294 Fri Feb 08 11:39:50 CET 2008 org/jboss/test/ws/jaxws/samples/news/generated/printer/swa/package-info.class
    

    We basically added the secure version of endpoints and clients, as well as the required ws-security descriptors and keystores.

    While running the agency client...

    wsrunclient.sh -classpath jaxws-samples-news-step2-agency.jar org.jboss.test.ws.jaxws.samples.news.SecureAgency http://localhost.localdomain:8080/news/pressRelease?wsdl title body
    

    we can for example capture the request message and verify that it's encrypted and signed:

    HTTP/1.1 200 OK
    Server: Apache-Coyote/1.1
    X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200801291425)/JBossWeb-2.0
    Content-Type: text/xml;charset=UTF-8
    Transfer-Encoding: chunked
    Date: Fri, 08 Feb 2008 19:03:44 GMT
    
    <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'><env:Header><wsse:Security env:mustUnderstand='1' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'><wsu:Timestamp wsu:Id='timestamp'><wsu:Created>2008-02-08T19:03:43.991Z</wsu:Created><wsu:Expires>2008-02-08T19:08:43.991Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' wsu:Id='token-17-1202497424002-6508395'>MIIDDDCCAfSgAwIBAgIQM6YEf7FVYx/tZyEXgVComTANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQK
    DAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoX
    DTE4MDMxOTIzNTk1OVowQjEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3Ag
    VGVzdCBDZXJ0MQ4wDAYDVQQDDAVBbGljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoqi9
    9By1VYo0aHrkKCNT4DkIgPL/SgahbeKdGhrbu3K2XG7arfD9tqIBIKMfrX4Gp90NJa85AV1yiNsE
    yvq+mUnMpNcKnLXLOjkTmMCqDYbbkehJlXPnaWLzve+mW0pJdPxtf3rbD4PS/cBQIvtpjmrDAU8V
    sZKT8DN5Kyz+EZsCAwEAAaOBkzCBkDAJBgNVHRMEAjAAMDMGA1UdHwQsMCowKKImhiRodHRwOi8v
    aW50ZXJvcC5iYnRlc3QubmV0L2NybC9jYS5jcmwwDgYDVR0PAQH/BAQDAgSwMB0GA1UdDgQWBBQK
    4l0TUHZ1QV3V2QtlLNDm+PoxiDAfBgNVHSMEGDAWgBTAnSj8wes1oR3WqqqgHBpNwkkPDzANBgkq
    hkiG9w0BAQUFAAOCAQEABTqpOpvW+6yrLXyUlP2xJbEkohXHI5OWwKWleOb9hlkhWntUalfcFOJA
    gUyH30TTpHldzx1+vK2LPzhoUFKYHE1IyQvokBN2JjFO64BQukCKnZhldLRPxGhfkTdxQgdf5rCK
    /wh3xVsZCNTfuMNmlAM6lOAg8QduDah3WFZpEA0s2nwQaCNQTNMjJC8tav1CBr6+E5FAmwPXP7pJ
    xn9Fw9OXRyqbRA4v2y7YpbGkG2GI9UvOHw6SGvf4FRSthMMO35YbpikGsLix3vAsXWWi4rwfVOYz
    QK0OFPNi9RMCUdSH06m9uLWckiCxjos0FQODZE9l4ATGy9s9hNVwryOJTw==</wsse:BinarySecurityToken><wsse:BinarySecurityToken EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3' wsu:Id='token-14-1202497424000-24093349'>MIIDCjCCAfKgAwIBAgIQYDju2/6sm77InYfTq65x+DANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQK
    DAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoX
    DTE4MDMxOTIzNTk1OVowQDEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3Ag
    VGVzdCBDZXJ0MQwwCgYDVQQDDANCb2IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMCquMva
    4lFDrv3fXQnKK8CkSU7HvVZ0USyJtlL/yhmHH/FQXHyYY+fTcSyWYItWJYiTZ99PAbD+6EKBGbdf
    uJNUJCGaTWc5ZDUISqM/SGtacYe/PD/4+g3swNPzTUQAIBLRY1pkr2cm3s5Ch/f+mYVNBR41HnBe
    Ixybw25kkoM7AgMBAAGjgZMwgZAwCQYDVR0TBAIwADAzBgNVHR8ELDAqMCiiJoYkaHR0cDovL2lu
    dGVyb3AuYmJ0ZXN0Lm5ldC9jcmwvY2EuY3JsMA4GA1UdDwEB/wQEAwIEsDAdBgNVHQ4EFgQUXeg5
    5vRyK3ZhAEhEf+YT0z986L0wHwYDVR0jBBgwFoAUwJ0o/MHrNaEd1qqqoBwaTcJJDw8wDQYJKoZI
    hvcNAQEFBQADggEBAIiVGv2lGLhRvmMAHSlY7rKLVkv+zEUtSyg08FBT8z/RepUbtUQShcIqwWse
    mDU8JVtsucQLc+g6GCQXgkCkMiC8qhcLAt3BXzFmLxuCEAQeeFe8IATr4wACmEQE37TEqAuWEIan
    PYIplbxYgwP0OBWBSjcRpKRAxjEzuwObYjbll6vKdFHYIweWhhWPrefquFp7TefTkF4D3rcctTfW
    J76I5NrEVld+7PBnnJNpdDEuGsoaiJrwTW3Ixm40RXvG3fYS4hIAPeTCUk3RkYfUkqlaaLQnUrF2
    hZSgiBNLPe8gGkYORccRIlZCGQDEpcWl1Uf9OHw6fC+3hkqolFd5CVI=</wsse:BinarySecurityToken><xenc:EncryptedKey xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'><xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#rsa-1_5' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/><ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
    <wsse:SecurityTokenReference wsu:Id='reference-18-1202497424003-32714846'><wsse:Reference URI='#token-17-1202497424002-6508395' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/></wsse:SecurityTokenReference>
    </ds:KeyInfo><xenc:CipherData xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'><xenc:CipherValue xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>N6udrhTegMr/BHAWHEFcqASBUYaGUaT4c+j8Ow3PJPcC86comLyTWU1cAjjgmrorKy9TdQ4cqPoI
    /TwKi88yC5E/fDCojmYc1KJV3Jq3jp2j68Z+ZaopLmciiO49ySu7DKsdPL6Cc2bq6bSh6YKgOboH
    8eYfo9OsoAyK8QG4oIc=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'><xenc:DataReference URI='#encrypted-16-1202497424001-26591181' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/></xenc:ReferenceList></xenc:EncryptedKey><ds:Signature xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
    <ds:SignedInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
    <ds:CanonicalizationMethod Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
    <ds:SignatureMethod Algorithm='http://www.w3.org/2000/09/xmldsig#rsa-sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
    <ds:Reference URI='#element-13-1202497423991-15458568' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
    <ds:Transforms xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
    <ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
    </ds:Transforms>
    <ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
    <ds:DigestValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>tfTeWLN1EkJG2rkzORoSvIhOee8=</ds:DigestValue>
    </ds:Reference>
    <ds:Reference URI='#timestamp' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
    <ds:Transforms xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
    <ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
    </ds:Transforms>
    <ds:DigestMethod Algorithm='http://www.w3.org/2000/09/xmldsig#sha1' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
    <ds:DigestValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>c7QCbyPei07wWMAUaiNSg6lZvZ8=</ds:DigestValue>
    </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
    Gib/sFAZQPX1cKtVp3UHbLr275lkOESbRRW/ShX6VVgJRgXaJlqEvzZzbHyzNh8XJdatsP2RJlOs
    A3/By6aejJLPU8bTmb9j2KMUkFid8arvLyF5ezNZc3/YHF+UNjH6JjK1lKwqjE8WF0i4sBFXzUkP
    oGMTkdDaNyLtqYJa+7k=
    </ds:SignatureValue>
    <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
    <wsse:SecurityTokenReference wsu:Id='reference-15-1202497424000-2041959'><wsse:Reference URI='#token-14-1202497424000-24093349' ValueType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/></wsse:SecurityTokenReference>
    </ds:KeyInfo>
    </ds:Signature></wsse:Security></env:Header><env:Body xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' wsu:Id='element-13-1202497423991-15458568'><xenc:EncryptedData Id='encrypted-16-1202497424001-26591181' Type='http://www.w3.org/2001/04/xmlenc#Content' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'><xenc:EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#aes128-cbc' xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'/>
    <xenc:CipherData xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'><xenc:CipherValue xmlns:xenc='http://www.w3.org/2001/04/xmlenc#'>Wwt17Rt46aEabjJJdir8wTgm+UGkjb4KL5xTlei8GPZHBFfICxdg30HexJHqncjTaGjfx+Z7VFeN
    YxFboMBGjCCln7WqcLZBKUmVffAr/gzMod4OAkMUER2T/GhhQp1hyZH2eo65pgy5slA4dHN5une7
    +LuSev4VQRGazsmHOv2ObI4fMUEdD9D/Luvt/WwvmNHd/dyvzBybEZOBuqsZLZA6hzEwWKp6JK0B
    TPiYvRyledLYDtAuZzVTWa70qIOdBlJpTbFmvY3CWZaxXtHWiRTX9I+x88N8hyf/HYbTb3nV+5ZE
    DZgcKjG8fMxF6nGPfcfXr5lm6GqlME4B4ImCPb9AtZqjVKyX3MO166hVLsy0EiqPbiikyWBD07p4
    hbKs1X8n+m9M3SdAVtEeh50zqzpIp96lKlbHmwZ27wro6KQ=
    </xenc:CipherValue>
    </xenc:CipherData>
    </xenc:EncryptedData>
    </env:Body></env:Envelope>
    

    Instead the MTOM/XOP printer client can be run this way...

    wsrunclient.sh -classpath jaxws-samples-news-step2-printer.jar -Djavax.net.ssl.trustStore=my.truststore -Djavax.net.ssl.trustStorePassword=changeit org.jboss.test.ws.jaxws.samples.news.SecurePrinter http://localhost.localdomain:8080/news/newspaper/mtom?wsdl
    

    ... and of course we can't see the messages' contents due to the SSL encryption.