Hi,
we're experiencing the same problem reported at http://cxf.547215.n5.nabble.com/The-security-context-token-is-expired-or-is- not-valid-ERROR-td5076527.html#a5120806. In a web application we are consuming a wsHttpEndpoint bound WCF service, that is configured with a security policy according to the WS-Policy standard. I'm using: - CXF 2.7.11 - JDK 1.7.0_45 - Spring 3.2.9.RELEASE - Windows 7 Professional When a user makes a request to the web service, and the time elapsed since the last call is longer than the timeout configured at the service, we get a response similar to this one that appears in the URL referenced before: <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"; xmlns:a="http://www.w3.org/2005/08/addressing";> <s:Header> <a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Acti on> <a:RelatesTo>urn:uuid:8d983814-53f0-43ea-8439-95c6471aa411</a:RelatesTo> </s:Header> <s:Body> <s:Fault> <s:Code> <s:Value>s:Sender</s:Value> <s:Subcode> <s:Value xmlns:a="http://schemas.xmlsoap.org/ws/2005/02/sc";>a:BadContextToken</s:Valu e> </s:Subcode> </s:Code> <s:Reason> <s:Text xml:lang="en-AU">The message could not be processed. This is most likely because the action 'http://tempuri.org/TestService/Get_Points' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding. </s:Text> </s:Reason> </s:Fault> </s:Body> </s:Envelope> To solve the problem we've tried the workaround suggested in the post, with some changes because in there they using CXF 2.4.1. On the exception, we're trying to create a new token, expiring the original one, expecting CXF renews the token by it self. This is the code: Endpoint ep = ClientProxy.getClient(iOficinaVirtualWCF).getEndpoint(); EndpointInfo ei = ep.getEndpointInfo(); TokenStore ts = (TokenStore) ei.getProperty(TokenStore.class.getName()); String tokenId = (String)ep.get(SecurityConstants.TOKEN_ID); System.out.println("***************** tokenId: " + tokenId); if (null != tokenId) { SecurityToken st = ts.getToken(tokenId); st.setExpires(new Date()); ep.remove(SecurityConstants.TOKEN_ID); } Summing up, in the first call we get the BadContextToken in the response. In the second call, the token recovered from the Endpoint is null, and we get a SoapFault because of an error produced when the message security was being checked. And in the third one the service returns the right response. In this case the token ID is different from the one used in the first call. Can anybody point us how can we create a new security token and associate it to the endpoint? Thanks, Paco
