Trying to setup CXF / WS-Security on client and server, but am getting the
following error:
org.apache.ws.security.WSSecurityException: The message has expired
(WSSecurityEngine: Invalid timestamp The security semantics of the message
have expired)
at
org.apache.ws.security.validate.TimestampValidator.validate(TimestampValidator.java:73)
at
org.apache.ws.security.processor.TimestampProcessor.handleToken(TimestampProcessor.java:62)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:260)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:1)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:736)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1563)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1448)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1356)
at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:614)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:484)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:414)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:317)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:269)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
at $Proxy57.setupListQuery(Unknown Source)
at
info.minnesotapartnership.chn.service.client.BaseQueryServiceImpl.queryForLists(BaseQueryServiceImpl.java:104)
at
info.minnesotapartnership.chn.service.client.SearchServiceImpl.getInteractionSummary(SearchServiceImpl.java:82)
at
info.minnesotapartnership.chn.service.client.SearchServiceImpl.getInteractionSummary(SearchServiceImpl.java:75)
at
info.minnesotapartnership.chn.editui.SearchController$_closure2.doCall(SearchController.groovy:68)
at
info.minnesotapartnership.chn.editui.SearchController$_closure2.doCall(SearchController.groovy)
at java.lang.Thread.run(Thread.java:619)
In the TimestampValidator class, here are the variables:
timeStamp = <wsu:Timestamp
wsu:Id="TS-281"><wsu:Created>2011-05-27T22:22:51.526Z</wsu:Created><wsu:Expires>2011-05-27T22:27:51.526Z</wsu:Expires></wsu:Timestamp>
date now = Fri May 27 17:21:45 CDT 2011
timeStamp expires = Fri May 27 17:27:51 CDT 2011
timeStamp expired? = false
timeStampTTL = 300
futureTimeToLive = 0
timeStampStrict = true
Since the futureTimeToLive variable defaults to 0 seconds, how does this
code ever allow CXF services on two different physical servers to
communicate??? If one server is off by even a few milliseconds compared to
the other, the "message has expired" error appears. If the client is ahead,
the server throws the Exception. If the server is ahead, the client throws
the exception. Shouldn't the default value for this be 300 like the
timeStampTTL? Otherwise I'm not sure how you would get this to work unless
the services are on the same server. If I wanted to change this variable in
a properties/xml file, how/where would I do this?
--
View this message in context:
http://cxf.547215.n5.nabble.com/Message-has-expired-error-due-to-default-timeStampFutureTTL-setting-of-0-seconds-tp4433619p4433619.html
Sent from the cxf-issues mailing list archive at Nabble.com.
