> For handling replay attacks , 2.7.11 cxf is modifying the client's messages. > But in 2.7.5 the security option was not there. > Is there any way to disable this option via java because i am expecting the > message which was sent by me.
I don't understand the question. What is modifying the client's messages? CXF itself does not do any such modification for replay attacks, it only rejects replayed messages by default. Colm. On Tue, Aug 5, 2014 at 2:52 PM, Shriram <[email protected]> wrote: > I have upgraded cxf & wss4j to 2.7.11, 1.6.15 respectively. > For handling replay attacks , 2.7.11 cxf is modifying the client's > messages. > But in 2.7.5 the security option was not there. > Is there any way to disable this option via java because i am expecting the > message which was sent by me. > > I have appended the string "replay attack" with my custom exception message > and i got the expected message because > of the below code > > if (ex.getMessage() != null && ex.getMessage().contains("replay attack")) { > return ex.getMessage(); > } > > 2.7.11 code > ========= > createSoapFault(org.apache.cxf.message.Message message, SoapVersion > version, > WSSecurityException e) { > SoapFault fault; > String errorMessage = null; > if (MessageUtils.isRequestor(message)) { > errorMessage = e.getMessage(); > } else { > errorMessage = WSS4JUtils.getSafeExceptionMessage(e); > if (errorMessage == null) { > errorMessage = e.getMessage(); > } > } > > javax.xml.namespace.QName faultCode = e.getFaultCode(); > if (version.getVersion() == 1.1 && faultCode != null) { > fault = new SoapFault(errorMessage, e, faultCode); > } else { > fault = new SoapFault(errorMessage, e, version.getSender()); > if (version.getVersion() != 1.1 && faultCode != null) { > fault.setSubCode(faultCode); > } > } > return fault; > } > > Is there any way to disable security option via java? > > Thanks > Shriram. > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/disabling-replay-attack-security-mechanism-in-apache-cxf-or-wss4j-tp5747393.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
