The problem here is that you are sending a "stale" UsernameToken to the endpoint. WSS4J has a default "time to live" setting, where it will reject UsernameTokens that contain a "Created" timestamp after this "time to live" has expired. The default value is 5 minutes. You can set a larger value by specifying the property "utTimeToLive":
http://ws.apache.org/wss4j/config.html Colm. On Thu, Jan 15, 2015 at 1:51 AM, wangjlc <[email protected]> wrote: > *I found my configuration does not work in WS-context.XML, I will remove > the > spring configuration Web.XML, which does not use a spring loaded,* > > > <listener> > > > <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> > </listener> > > <context-param> > <param-name>contextConfigLocation</param-name> > <param-value>WEB-INF/ws-context.xml,WEB-INF/beans.xml</param-value> > </context-param> > > > *but only to add the following code in the code, before the error was > gone, > but sends a request using soapUI, server-side the following exception:* > > > > Server server = factory.create(); > Endpoint cxfEndpoint = server.getEndpoint(); > > > Map<String, Object> props = new HashMap<String, Object>(); > props.put("action", "UsernameToken"); > props.put("passwordType", "PasswordText"); > props.put("passwordCallbackClass", > WsAuthHandler.class.getName()); > WSS4JInInterceptor wss4JInInterceptor = new > WSS4JInInterceptor(props); > //factory.getInInterceptors().add(wss4JInInterceptor); > > cxfEndpoint.getInInterceptors().add(wss4JInInterceptor); > > > > > 2015-1-14 16:04:00 org.apache.cxf.phase.PhaseInterceptorChain > doDefaultLogging > WARNING: Interceptor for > { > http://adapter.ws.mb.payment.dcfs.com/}IproviderconnectorService#{http://adapter.ws.mb.payment.dcfs.com/}doCommon > has thrown exception, unwinding now > Throwable occurred: org.apache.cxf.binding.soap.SoapFault: The message has > expired > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:809) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:313) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:93) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307) > at > > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > at > > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:243) > at > > org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:261) > at > > org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70) > at > > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1088) > at > > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1024) > at > > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) > at > > org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255) > at > > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) > at org.eclipse.jetty.server.Server.handle(Server.java:370) > at > > org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494) > at > > org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982) > at > > org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043) > at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865) > at > org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240) > at > > org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) > at > > org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696) > at > > org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53) > at > > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) > at > > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) > at java.lang.Thread.run(Thread.java:738) > Caused by: org.apache.wss4j.common.ext.WSSecurityException: The message has > expired > at > > org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172) > at > > org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:69) > at > > org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:427) > at > > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:257) > ... 23 more > > > > > > > *Are there any experts have been faced with such a problem, please advise, > thank you!* > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/CXF3-Server-side-token-validation-issues-tp5752544p5753050.html > Sent from the cxf-dev mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
