Hi, I'm working on Web Service client implementation using different WS stacks, including Axis2 and Metro.
When I solve 'Clock skew or delay' issue, the client implemented by Metro works
fine, so I believe the server side was well configured.
But when test the client implemented by Axis2, I find if the server time was
ahead of client time it works. If server time was slow than client time, I meet
exception:
Exception in thread "main" org.apache.axis2.AxisFault: The
message has expired (WSSecurityEngine: Invalid timestamp The security semantics
of the message have expired)
at
org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:180)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
at
org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at
org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
at
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:168)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at
com.gemalto.paf.webservice.TestWebServiceStub.echoUser(TestWebServiceStub.java:458)
at
com.gemalto.paf.webservice.TestAxsi2Client.main(TestAxsi2Client.java:38)
Caused by: org.apache.ws.security.WSSecurityException: The message has expired
(WSSecurityEngine: Invalid timestamp The security semantics of the message have
expired)
at
org.apache.ws.security.processor.TimestampProcessor.handleTimestamp(TimestampProcessor.java:90)
at
org.apache.ws.security.processor.TimestampProcessor.handleToken(TimestampProcessor.java:62)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
at
org.apache.rampart.RampartEngine.process(RampartEngine.java:166)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 10 more
And my client code:
public class TestAxsi2Client {
final static String username =
"wangTestUser@PAF";
final static String password =
"gemalto,123";
static String xmlPath =
TestAxsi2Client.class.getResource("").getPath() + "/policy.xml";
public static void
main(String[] args) throws Exception {
ConfigurationContext ctx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:/tools/axis2-1.6.0/repository");
String target =
"https://shengli.paf.gemalto.com:7111/TestService/TestWebService?wsdl";;
TestWebServiceStub stub = new TestWebServiceStub(ctx, target);
ServiceClient
client = stub._getServiceClient();
Options options
= client.getOptions();
client.engageModule("rampart");
options.setUserName(username);
options.setPassword(password);
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy());
options.setProperty(HTTPConstants.CHUNKED, false);
String resE =
stub.echoUser ();
System.out.println(resE);
}
private static Policy
loadPolicy() throws Exception {
System.out.println("xmlPath : " + xmlPath);
StAXOMBuilder
builder = new StAXOMBuilder(xmlPath);
return
PolicyEngine.getPolicy(builder.getDocumentElement());
}
}
Configuration in policy.xml:
<wsp:Policy wsu:Id="UTOverTransport" ...>
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
...
</sp:TransportBinding>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
...
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:timestampTTL>720</ramp:timestampTTL>
<ramp:timestampMaxSkew>720</ramp:timestampMaxSkew>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
I'm using Axis2_1.6.0, and my server is weblogic 10.3.4 .
Could you please help me on this issue? Thanks in advance.
Best Regards!
Shengli Li(Ronnie)
Tel: +8610 5937 3246
Office 428, 4/F, Lido Office Tower, Lido Place
Jichang Road
Beijing, 100004 China
www.gemalto.com<http://www.gemalto.com/>
[cid:[email protected]]
<<inline: image001.jpg>>
