you want to look at implmenting OnlySignEntireHeadersAndBody element e.g. <sp:OnlySignEntireHeadersAndBody/> this is included in policy-mtom-security.xml
the OnlySignEntireHeadersAndBody element would need to be included in a binding which references http://schemas.xmlsoap.org/ws/2005/07/securitypolicy namespace e.g. <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; Axis2-1.3 has a MTOMAssertionTestCase sample testcase you can use package org.apache.axis2.policy.model; import junit.framework.TestCase; import org.apache.axiom.om.OMElement; import org.apache.axiom.om.impl.builder.StAXOMBuilder; import org.apache.neethi.Assertion; import org.apache.neethi.Policy; import org.apache.neethi.PolicyEngine; import java.util.Iterator; import java.util.List; public class MTOMAssertionTest extends TestCase { public void testSymmBinding() { try { Policy p = this.getPolicy(System.getProperty("basedir", ".") + "/test-resources/policy-mtom-security.xml"); List assertions = (List)p.getAlternatives().next(); boolean isMTOMAssertionFound = false; for (Iterator iter = assertions.iterator(); iter.hasNext();) { Assertion assertion = (Assertion)iter.next(); if (assertion instanceof MTOMAssertion) { isMTOMAssertionFound = true; MTOMAssertion mtomModel = (MTOMAssertion)assertion; assertEquals("MIME Serialization assertion not processed", false, mtomModel.isOptional()); } } //The Asymm binding mean is not built in the policy processing :-( assertTrue("MTOM Assertion not found.", isMTOMAssertionFound); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage()); } } private Policy getPolicy(String filePath) throws Exception { StAXOMBuilder builder = new StAXOMBuilder(filePath); OMElement elem = builder.getDocumentElement(); return PolicyEngine.getPolicy(elem); } } Martin Gainty United Health Group Medicode publishers 2002-2003 deNovisMedicalSystems HIPAA EDI 2004 Curaspan the eDischarge Company HL7 Interfaces 2006 USCitizen(Contractor) ______________________________________________ Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung / Note de déni et de confidentialité This message is confidential. If you should not be the intended receiver, then we ask politely to report. Each unauthorized forwarding or manufacturing of a copy is inadmissible. This message serves only for the exchange of information and has no legal binding effect. Due to the easy manipulation of emails we cannot take responsibility over the the contents. Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Tue, 5 May 2009 09:08:52 +1200 > From: mohannad.hamma...@orionhealth.com > To: axis-user@ws.apache.org > Subject: Axis2/Rampart 1.4 - Ecrypt header information > > Hello, > > Does anybody know how I can tell rampart to encrypt header information in the > SOAP response? > > Regards, > > Mohannad _________________________________________________________________ Hotmail® has a new way to see what's up with your friends. http://windowslive.com/Tutorial/Hotmail/WhatsNew?ocid=TXT_TAGLM_WL_HM_Tutorial_WhatsNew1_052009
