cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: CXF3 Server-side token validation issues
Date Thu, 15 Jan 2015 09:34:49 GMT
The problem here is that you are sending a "stale" UsernameToken to the
endpoint. WSS4J has a default "time to live" setting, where it will reject
UsernameTokens that contain a "Created" timestamp after this "time to live"
has expired. The default value is 5 minutes. You can set a larger value by
specifying the property "utTimeToLive":

http://ws.apache.org/wss4j/config.html

Colm.

On Thu, Jan 15, 2015 at 1:51 AM, wangjlc <wangjlc@163.com> wrote:

> *I found my configuration does not work in WS-context.XML, I will remove
> the
> spring configuration Web.XML, which does not use a spring loaded,*
>
>
>         <listener>
>
>
> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
>         </listener>
>
>   <context-param>
>     <param-name>contextConfigLocation</param-name>
>     <param-value>WEB-INF/ws-context.xml,WEB-INF/beans.xml</param-value>
>   </context-param>
>
>
>  *but only to add the following code in the code, before the error was
> gone,
> but sends a request using soapUI, server-side the following exception:*
>
>
>
>                 Server server = factory.create();
>                 Endpoint cxfEndpoint = server.getEndpoint();
>
>
>                 Map<String, Object> props = new HashMap<String, Object>();
>                 props.put("action", "UsernameToken");
>                 props.put("passwordType", "PasswordText");
>                 props.put("passwordCallbackClass",
> WsAuthHandler.class.getName());
>                 WSS4JInInterceptor wss4JInInterceptor = new
> WSS4JInInterceptor(props);
>                 //factory.getInInterceptors().add(wss4JInInterceptor);
>
>                 cxfEndpoint.getInInterceptors().add(wss4JInInterceptor);
>
>
>
>
> 2015-1-14 16:04:00 org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for
> {
> http://adapter.ws.mb.payment.dcfs.com/}IproviderconnectorService#{http://adapter.ws.mb.payment.dcfs.com/}doCommon
> has thrown exception, unwinding now
> Throwable occurred: org.apache.cxf.binding.soap.SoapFault: The message has
> expired
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:809)
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:313)
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:93)
>         at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
>         at
>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>         at
>
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:243)
>         at
>
> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:261)
>         at
>
> org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
>         at
>
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1088)
>         at
>
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1024)
>         at
>
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
>         at
>
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
>         at
>
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
>         at org.eclipse.jetty.server.Server.handle(Server.java:370)
>         at
>
> org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
>         at
>
> org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
>         at
>
> org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
>         at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
>         at
> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
>         at
>
> org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
>         at
>
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
>         at
>
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
>         at
>
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
>         at
>
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
>         at java.lang.Thread.run(Thread.java:738)
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: The message has
> expired
>         at
>
> org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172)
>         at
>
> org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:69)
>         at
>
> org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:427)
>         at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:257)
>         ... 23 more
>
>
>
>
>
>
> *Are there any experts have been faced with such a problem, please advise,
> thank you!*
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF3-Server-side-token-validation-issues-tp5752544p5753050.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message