cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris <>
Subject Current situation: CXF client send nonce and timestamp
Date Tue, 14 Oct 2014 13:12:26 GMT
I have not yet been able to build a simple test case, but it seems clear that
the <sp13:Created /> and 
<sp13:Nonce /> elements are ignored in the client code. As I mentioned in a 
previous message
these are being read correctly  by the 

 AssertionInfoMap aim = message.get(AssertionInfoMap.class); 

at the beginning of
  protected UsernameToken assertTokens(SoapMessage message, String
localname, boolean signed) 


but not being returned in the token produced by that method.

Meanwhile I came up with a "fix" by modifying the UsernameTokenInterceptor:

/    protected void addToken(SoapMessage message) {
        UsernameToken tok = assertTokens(message);

        Header h = findSecurityHeader(message, true);
        WSSecUsernameToken utBuilder = 
            addUsernameToken(message, tok);
        if (utBuilder == null) {
            AssertionInfoMap aim = message.get(AssertionInfoMap.class);
            Collection<AssertionInfo> ais = 
            for (AssertionInfo ai : ais) {
                if (ai.isAsserted()) {
        // Beginning of Modification
        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
        boolean haveNonce = false;
        boolean haveCreated = false;
        Collection<AssertionInfo> nonces =
        for(AssertionInfo nonce: nonces) {
        	if (nonce.isAsserted()) {
        		haveNonce = true;
        Collection<AssertionInfo> createds =
        for(AssertionInfo created: createds) {
        	if(created.isAsserted()) {
        		haveCreated = true;
        if (haveCreated) {
        if (haveNonce) {
        // End of modification
        Element el = (Element)h.getObject();

So I thought "all well and good" and then tried the username token with
message protection only to find that it uses a totally different class to
generate the embedded username token, and the changed code is not called! As
soon as I set the server to "created time and nonce required" it fails! This
also appears to be much more complex processing so finding where to fix the
code is a little difficult.

BTW I know that my "fix" is probably not the right way to do it, fixing the
underlying code to produce the correct values in the token, then passing
that through to the builder looked like much to much work within our

View this message in context:
Sent from the cxf-user mailing list archive at

View raw message