cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francisco Martín García <>
Subject BadContextToken when the service expires the security token
Date Mon, 02 Jun 2014 10:53:38 GMT


we're experiencing the same problem reported at


In a web application we are consuming a wsHttpEndpoint bound WCF service,
that is configured with a security policy according to the WS-Policy


I'm using:

- CXF 2.7.11

- JDK 1.7.0_45

- Spring 3.2.9.RELEASE

- Windows 7 Professional


When a user makes a request to the web service, and the time elapsed since
the last call is longer than the timeout configured at the service, we get a
response similar to this one that appears in the URL referenced before:


<s:Envelope xmlns:s=""














                <s:Text xml:lang="en-AU">The message could not be processed.
This is most likely because the action
'' is incorrect or because the
message contains an invalid or expired security context token or because
there is a mismatch between bindings. The security context token would be
invalid if the service aborted the channel due to inactivity. To prevent the
service from aborting idle sessions prematurely increase the Receive timeout
on the service endpoint's binding.







To solve the problem we've tried the workaround suggested in the post, with
some changes because in there they using CXF 2.4.1.


On the exception, we're trying to create a new token, expiring the original
one, expecting CXF renews the token by it self. This is the code:


                Endpoint ep =

                EndpointInfo ei = ep.getEndpointInfo();

                TokenStore ts = (TokenStore)


                String tokenId = (String)ep.get(SecurityConstants.TOKEN_ID);

                System.out.println("***************** tokenId: " + tokenId);


                if (null != tokenId) {


                    SecurityToken st = ts.getToken(tokenId);


                    st.setExpires(new Date());





Summing up, in the first call we get the BadContextToken in the response.

In the second call, the token recovered from the Endpoint is null, and we
get a SoapFault because of an error produced when the message security was
being checked.

And in the third one the service returns the right response. In this case
the token ID is different from the one used in the first call.


Can anybody point us how can we create a new security token and associate it
to the endpoint?






  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message