I'm trying to send a SOAP message using the Spring-WS framework which has to be signed with a certificate. The service uses MTOM encoding and requires all attachments to be send this way, including the signing certificate (BinarySecurityToken).

I've set MTOM to true on the Marshaller jaxb2Marshaller.setMtomEnabled(true); and tried using the SaajSoapMessageFactory and AxiomSoapMessageFactory but the BinarySecurityToken is still just Base64 encoded and inlined.

This is what is generated:

<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-31f7042b-edbf-480d-a191-6f4c06fce9b0">Base64#Token</wsse:BinarySecurityToken>

But the service expects something like this:

<o:BinarySecurityToken u:Id="uuid-3e274ba8-bba3-4092-880d-adf41081fcaf-1" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xop:Include href="cid:http://tempuri.org/1/637798371206427416" xmlns:xop="http://www.w3.org/2004/08/xop/include"/>
</o:BinarySecurityToken>

Is this possible with Spring-WS?