cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: How to disable nonce.cache in simple frontend?
Date Wed, 12 Sep 2012 18:42:47 GMT

The simple frontend has all the same abilities to set the properties.

<simple:server …>
   <simple:properties>
      <entry.../>

If you are using code, the ServerFactoryBean has properties maps on it as well.


Dan



On Sep 12, 2012, at 10:57 AM, Vassilis Virvilis <v.virvilis@biovista.com> wrote:

> Hi everybody,
> 
> I am upgrading to CXF 2.6.2 but for some clients I am getting
> Caused by: org.apache.ws.security.WSSecurityException: An error was discovered processing
the <wsse:Security> header (An error happened processing a Username Token "A replay
attack has been detected")
>        at org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:140)
>        at org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:66)
>        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
>        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:284)
> 
> So it looks like I have to disable the nonce cache just like in bug https://issues.apache.org/jira/browse/CXF-4294
> 
> However I am not using jax-ws. I am using simple frontend with spring configuration so
I can't use following snippet
> 
> <jaxws:endpoint id="....">
> ...
> <jaxws:properties>
> ...
> <entry key="ws-security.enable.nonce.cache" value="false" />
> <entry key="ws-security.enable.timestamp.cache" value="false" />
> </jaxws:properties>
> </jaxws:endpoint>
> 
> 
> Any ideas what is the correct XML configuration or it is not possible to turn this thing
off with JAX_WS?
> 
> 	Thanks in advance
> 
> -- 
> 
> __________________________________
> 
> Vassilis Virvilis Ph.D.
> Head of IT
> Biovista Inc.
> 
> US Offices
> 2421 Ivy Road
> Charlottesville, VA 22903
> USA
> T: +1.434.971.1141
> F: +1.434.971.1144
> 
> European Offices
> 34 Rodopoleos Street
> Ellinikon, Athens 16777
> GREECE
> T: +30.210.9629848
> F: +30.210.9647606
> 
> www.biovista.com
> 
> Biovista is a privately held biotechnology company that finds novel uses for existing
drugs, and profiles their side effects using their mechanism of action. Biovista develops
its own pipeline of drugs in CNS, oncology, auto-immune and rare diseases. Biovista is collaborating
with biopharmaceutical companies on indication expansion and de-risking of their portfolios
and with the FDA on adverse event prediction.
> 
> 

-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com


Mime
View raw message