Hi, > 1) Where should I put the timeToLive and futureTimeToLive spring > configuration variables? If I put them in the > WSS4JInInterceptor/property/map/entry and they didn't have any effect
This is a bug in CXF 2.3.x, which I've just fixed: https://issues.apache.org/jira/browse/CXF-3948 If you upgrade to a later version of CXF 2.3.x that uses WSS4J 1.5.12, it will default to allowing Timestamps up to 60s in the future. > 2) What is the default value of futureTimeToLive before wss4j-1.5.11? The > bug report doesn't mention it. It was not enforced at all: https://issues.apache.org/jira/browse/WSS-262 > 3) Does the timeToLive and futureTimeToLive variables need to be also > specified in the client? That would be very bad since we can't control the > software of our clients. Both of those variables are only applicable for processing a Timestamp. So unless your clients are processing a Timestamp sent back from the service then no. Colm. On Fri, Dec 2, 2011 at 11:51 AM, Vassilis Virvilis <[email protected]> wrote: > Hi everybody, > > We have upgraded to 2.3.3 and we have the an issue with the Timestamp > action: when the client's clock is set to the future (even for a single > second) the timestamp is invalid and the call throws an exception. > > The problem is also reported here > > https://issues.apache.org/jira/browse/WSS-291 > > It is my understanding that > -cxf-2.2.6 had wss4j 1.5.8 which is not affected by the bug. > -If we update some we will get rid of that bug. We will update, but > not right now. > > So I have the following questions > 1) Where should I put the timeToLive and futureTimeToLive spring > configuration variables? If I put them in the > WSS4JInInterceptor/property/map/entry and they didn't have any effect > > 2) What is the default value of futureTimeToLive before wss4j-1.5.11? The > bug report doesn't mention it. > > 3) Does the timeToLive and futureTimeToLive variables need to be also > specified in the client? That would be very bad since we can't control the > software of our clients. > > Here is the relevant configuration fragment > > <simple:inInterceptors> > <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > <property name="properties"> > <map> > <entry key="action" value="UsernameToken Timestamp" /> > <entry key="passwordType" value="PasswordDigest" /> > <entry key="passwordCallbackClass" value="OurHandler" /> > > <!-- ----------------------------------------------------- --> > <!-- unfortunately these value don't seem to play any role --> > <entry key="timeToLive" value="3600" /> > <entry key="futureTimeToLive" value="3600" /> > <!-- ----------------------------------------------------- --> > </map> > </property> > </bean> > </simple:inInterceptors> > > And here is the exception > > ERROR 2011-12-02 05:57:46,238 TP-Processor7: > org.apache.cxf.binding.soap.SoapFault: The message has expired > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:649) > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:278) > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:80) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255) > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113) > at > org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:97) > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:461) > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188) > at > org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) > at > org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) > at > org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) > at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:774) > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703) > at > org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:896) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) > at java.lang.Thread.run(Thread.java:662) > Caused by: org.apache.ws.security.WSSecurityException: The message has > expired > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkTimestamps(WSS4JInInterceptor.java:366) > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:236) > ... 26 more > > > Thanks in advance > > .bill > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
