Please don't use the terribly misnamed "simple" frontend--I've tried but
cannot get the team to rename it. It's best to work with the official
JAX-WS frontend, especially where security is concerned.
Glen
On 09/12/2012 10:57 AM, Vassilis Virvilis wrote:
Hi everybody,
I am upgrading to CXF 2.6.2 but for some clients I am getting
Caused by: org.apache.ws.security.WSSecurityException: An error was
discovered processing the <wsse:Security> header (An error happened
processing a Username Token "A replay attack has been detected")
at
org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:140)
at
org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:66)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:284)
So it looks like I have to disable the nonce cache just like in bug
https://issues.apache.org/jira/browse/CXF-4294
However I am not using jax-ws. I am using simple frontend with spring
configuration so I can't use following snippet
<jaxws:endpoint id="....">
...
<jaxws:properties>
...
<entry key="ws-security.enable.nonce.cache" value="false" />
<entry key="ws-security.enable.timestamp.cache" value="false" />
</jaxws:properties>
</jaxws:endpoint>
Any ideas what is the correct XML configuration or it is not possible
to turn this thing off with JAX_WS?
Thanks in advance
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
