Hi everybody,
I am upgrading to CXF 2.6.2 but for some clients I am getting
Caused by: org.apache.ws.security.WSSecurityException: An error was
discovered processing the <wsse:Security> header (An error happened
processing a Username Token "A replay attack has been detected")
at
org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:140)
at
org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:66)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:284)
So it looks like I have to disable the nonce cache just like in bug
https://issues.apache.org/jira/browse/CXF-4294
However I am not using jax-ws. I am using simple frontend with spring
configuration so I can't use following snippet
<jaxws:endpoint id="....">
...
<jaxws:properties>
...
<entry key="ws-security.enable.nonce.cache" value="false" />
<entry key="ws-security.enable.timestamp.cache" value="false" />
</jaxws:properties>
</jaxws:endpoint>
Any ideas what is the correct XML configuration or it is not possible to
turn this thing off with JAX_WS?
Thanks in advance
--
__________________________________
Vassilis Virvilis Ph.D.
Head of IT
Biovista Inc.
US Offices
2421 Ivy Road
Charlottesville, VA 22903
USA
T: +1.434.971.1141
F: +1.434.971.1144
European Offices
34 Rodopoleos Street
Ellinikon, Athens 16777
GREECE
T: +30.210.9629848
F: +30.210.9647606
www.biovista.com
Biovista is a privately held biotechnology company that finds novel uses
for existing drugs, and profiles their side effects using their
mechanism of action. Biovista develops its own pipeline of drugs in CNS,
oncology, auto-immune and rare diseases. Biovista is collaborating with
biopharmaceutical companies on indication expansion and de-risking of
their portfolios and with the FDA on adverse event prediction.
