cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glen Mazza <gma...@talend.com>
Subject Re: How to disable nonce.cache in simple frontend?
Date Wed, 12 Sep 2012 15:17:11 GMT
Please don't use the terribly misnamed "simple" frontend--I've tried but 
cannot get the team to rename it.  It's best to work with the official 
JAX-WS frontend, especially where security is concerned.

Glen

On 09/12/2012 10:57 AM, Vassilis Virvilis wrote:
> Hi everybody,
>
> I am upgrading to CXF 2.6.2 but for some clients I am getting
> Caused by: org.apache.ws.security.WSSecurityException: An error was 
> discovered processing the <wsse:Security> header (An error happened 
> processing a Username Token "A replay attack has been detected")
>         at 
> org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:140)
>         at 
> org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:66)
>         at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
>         at 
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:284)
>
> So it looks like I have to disable the nonce cache just like in bug 
> https://issues.apache.org/jira/browse/CXF-4294
>
> However I am not using jax-ws. I am using simple frontend with spring 
> configuration so I can't use following snippet
>
> <jaxws:endpoint id="....">
> ...
> <jaxws:properties>
> ...
> <entry key="ws-security.enable.nonce.cache" value="false" />
> <entry key="ws-security.enable.timestamp.cache" value="false" />
> </jaxws:properties>
> </jaxws:endpoint>
>
>
> Any ideas what is the correct XML configuration or it is not possible 
> to turn this thing off with JAX_WS?
>
>     Thanks in advance
>


-- 
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza


Mime
View raw message