cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: BadContextToken when the service expires the security token
Date Tue, 03 Jun 2014 10:29:52 GMT
CXF should take care of getting a new security token and associating it
with the endpoint, once you remove SecurityConstants.TOKEN_ID and
SecurityConstants.TOKEN from the endpoint / message context.

Colm.


On Mon, Jun 2, 2014 at 11:53 AM, Francisco Martín García <fmartin@esla.com>
wrote:

> Hi,
>
>
>
> we're experiencing the same problem reported at
>
> http://cxf.547215.n5.nabble.com/The-security-context-token-is-expired-or-is-
> not-valid-ERROR-td5076527.html#a5120806.
>
>
>
> In a web application we are consuming a wsHttpEndpoint bound WCF service,
> that is configured with a security policy according to the WS-Policy
> standard.
>
>
>
> I'm using:
>
> - CXF 2.7.11
>
> - JDK 1.7.0_45
>
> - Spring 3.2.9.RELEASE
>
> - Windows 7 Professional
>
>
>
> When a user makes a request to the web service, and the time elapsed since
> the last call is longer than the timeout configured at the service, we get
> a
> response similar to this one that appears in the URL referenced before:
>
>
>
> <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
> xmlns:a="http://www.w3.org/2005/08/addressing">
>
>         <s:Header>
>
>                 <a:Action
> s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault
> </a:Acti
> on>
>
>
> <a:RelatesTo>urn:uuid:8d983814-53f0-43ea-8439-95c6471aa411</a:RelatesTo>
>
>         </s:Header>
>
> <s:Body>
>
>         <s:Fault>
>
>                 <s:Code>
>
>                         <s:Value>s:Sender</s:Value>
>
>                         <s:Subcode>
>
>                                 <s:Value
> xmlns:a="http://schemas.xmlsoap.org/ws/2005/02/sc
> ">a:BadContextToken</s:Valu
> e>
>
>                         </s:Subcode>
>
>                 </s:Code>
>
>                 <s:Reason>
>
>                 <s:Text xml:lang="en-AU">The message could not be
> processed.
> This is most likely because the action
> 'http://tempuri.org/TestService/Get_Points' is incorrect or because the
> message contains an invalid or expired security context token or because
> there is a mismatch between bindings. The security context token would be
> invalid if the service aborted the channel due to inactivity. To prevent
> the
> service from aborting idle sessions prematurely increase the Receive
> timeout
> on the service endpoint's binding.
>
>                 </s:Text>
>
>                 </s:Reason>
>
>         </s:Fault>
>
> </s:Body>
>
> </s:Envelope>
>
>
>
> To solve the problem we've tried the workaround suggested in the post, with
> some changes because in there they using CXF 2.4.1.
>
>
>
> On the exception, we're trying to create a new token, expiring the original
> one, expecting CXF renews the token by it self. This is the code:
>
>
>
>                 Endpoint ep =
> ClientProxy.getClient(iOficinaVirtualWCF).getEndpoint();
>
>                 EndpointInfo ei = ep.getEndpointInfo();
>
>                 TokenStore ts = (TokenStore)
> ei.getProperty(TokenStore.class.getName());
>
>
>
>                 String tokenId =
> (String)ep.get(SecurityConstants.TOKEN_ID);
>
>                 System.out.println("***************** tokenId: " +
> tokenId);
>
>
>
>                 if (null != tokenId) {
>
>
>
>                     SecurityToken st = ts.getToken(tokenId);
>
>
>
>                     st.setExpires(new Date());
>
>
>
>                     ep.remove(SecurityConstants.TOKEN_ID);
>
>                 }
>
>
>
> Summing up, in the first call we get the BadContextToken in the response.
>
> In the second call, the token recovered from the Endpoint is null, and we
> get a SoapFault because of an error produced when the message security was
> being checked.
>
> And in the third one the service returns the right response. In this case
> the token ID is different from the one used in the first call.
>
>
>
> Can anybody point us how can we create a new security token and associate
> it
> to the endpoint?
>
>
>
> Thanks,
>
>
>
> Paco
>
>
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message