Re: renew sts token

Colm O hEigeartaigh Wed, 28 Jan 2015 02:31:13 -0800

What version of CXF is your client using? Try with the latest version of
2.7.x if you aren't already. Failing that, try enabling debug logging to
see what is going wrong.


Colm.

On Wed, Jan 28, 2015 at 7:58 AM, Laci Gaspar <[email protected]> wrote:

> Yes, you're right, the Renew operation was not configured. I did that and
> now the token seems to get renewed.
> Unfortunately I get another exception now, and I don't know if that is
> related to the previous problem.
> I configured the token lifetime to 20 seconds.
> After 5 minutes I get the following exception in the client. There is no
> exception in the sts log:
> Jan 28, 2015 8:51:06 AM org.apache.cxf.ws.addressing.soap.MAPCodec
> restoreExchange
> Warnung: Response message does not contain WS-Addressing properties.  Not
> correlating response.
> Jan 28, 2015 8:51:06 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
> handleMessage
> Warnung: Request does not contain Security header, but it's a fault.
> Jan 28, 2015 8:51:06 AM org.apache.cxf.ws.addressing.ContextUtils
> retrieveMAPs
> Warnung: WS-Addressing - failed to retrieve Message Addressing Properties
> from context
> javax.xml.ws.soap.SOAPFaultException: General security error (SAML token
> security failure)
>     at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:158)
>     at com.sun.proxy.$Proxy42.submitInvoice(Unknown Source)
>     at ch.curabill.msp.service.invoicedelivery.client.
> InvoiceDeliveryClient.submitDocument(InvoiceDeliveryClient.java:216)
>     at ch.curabill.msp.service.invoicedelivery.client.
> InvoiceDeliveryClient.main(InvoiceDeliveryClient.java:138)
> Caused by: org.apache.cxf.binding.soap.SoapFault: General security error
> (SAML token security failure)
>     at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.
> unmarshalFault(Soap11FaultInInterceptor.java:84)
>     at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.
> handleMessage(Soap11FaultInInterceptor.java:51)
>     at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.
> handleMessage(Soap11FaultInInterceptor.java:40)
>     at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:272)
>     at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObs
> erver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
>     at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.
> handleMessage(CheckFaultInterceptor.java:69)
>     at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.
> handleMessage(CheckFaultInterceptor.java:34)
>     at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:272)
>     at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:849)
>     at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
> handleResponseInternal(HTTPConduit.java:1626)
>     at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
> handleResponse(HTTPConduit.java:1515)
>     at org.apache.cxf.transport.http.HTTPConduit$
> WrappedOutputStream.close(HTTPConduit.java:1318)
>     at org.apache.cxf.transport.AbstractConduit.close(
> AbstractConduit.java:56)
>     at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.
> java:632)
>     at org.apache.cxf.interceptor.MessageSenderInterceptor$
> MessageSenderEndingInterceptor.handleMessage(
> MessageSenderInterceptor.java:62)
>     at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
> PhaseInterceptorChain.java:272)
>     at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
>     at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
>     at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>     at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
> JaxWsClientProxy.java:136)
>     ... 3 more
>
>
> thanks,
> Laci
>
> On 27.01.2015 17:30, Colm O hEigeartaigh wrote:
>
>> Ok well the error here is that the STS you are using does not support
>> Renew, or it is not configured. The CXF client will then fall back to
>> getting a new token via "issue".
>>
>> Colm.
>>
>> On Tue, Jan 27, 2015 at 4:09 PM, Laci Gaspar <[email protected]> wrote:
>>
>>  I rebuilt the sts with cxf 2.7.14 and I get this: (I am sending a
>>> directory full of files to a server)
>>>
>>> Every time the token expires there is an Error in the log, but no
>>> exception is thrown:
>>> Jan 27, 2015 5:03:23 PM org.apache.cxf.ws.security.policy.interceptors.
>>> IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor renewToken
>>> Warnung: Error renewing a token
>>> org.apache.cxf.binding.soap.SoapFault: Implementation for this operation
>>> not found.
>>>      at org.apache.cxf.binding.soap.interceptor.
>>> Soap11FaultInInterceptor.
>>> unmarshalFault(Soap11FaultInInterceptor.java:84)
>>>      at org.apache.cxf.binding.soap.interceptor.
>>> Soap11FaultInInterceptor.
>>> handleMessage(Soap11FaultInInterceptor.java:51)
>>>      at org.apache.cxf.binding.soap.interceptor.
>>> Soap11FaultInInterceptor.
>>> handleMessage(Soap11FaultInInterceptor.java:40)
>>>      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
>>> PhaseInterceptorChain.java:272)
>>>      at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObs
>>> erver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
>>>      at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.
>>> handleMessage(CheckFaultInterceptor.java:69)
>>>      at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.
>>> handleMessage(CheckFaultInterceptor.java:34)
>>>      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
>>> PhaseInterceptorChain.java:272)
>>>      at org.apache.cxf.endpoint.ClientImpl.onMessage(
>>> ClientImpl.java:849)
>>>      at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
>>> handleResponseInternal(HTTPConduit.java:1626)
>>>      at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
>>> handleResponse(HTTPConduit.java:1515)
>>>      at org.apache.cxf.transport.http.HTTPConduit$
>>> WrappedOutputStream.close(HTTPConduit.java:1318)
>>>      at org.apache.cxf.transport.AbstractConduit.close(
>>> AbstractConduit.java:56)
>>>      at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.
>>> java:632)
>>>      at org.apache.cxf.interceptor.MessageSenderInterceptor$
>>> MessageSenderEndingInterceptor.handleMessage(
>>> MessageSenderInterceptor.java:62)
>>>      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
>>> PhaseInterceptorChain.java:272)
>>>      at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
>>>      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
>>>      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
>>>      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
>>>      at org.apache.cxf.ws.security.trust.AbstractSTSClient.renew(
>>> AbstractSTSClient.java:1066)
>>>      at org.apache.cxf.ws.security.trust.STSClient.
>>> renewSecurityToken(STSClient.java:82)
>>>      at org.apache.cxf.ws.security.policy.interceptors.
>>> IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.renewToken(
>>> IssuedTokenInterceptorProvider.java:439)
>>>      at org.apache.cxf.ws.security.policy.interceptors.
>>> IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor.handleMessage(
>>> IssuedTokenInterceptorProvider.java:156)
>>>      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
>>> PhaseInterceptorChain.java:272)
>>>      at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
>>>      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
>>>      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
>>>      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
>>>      at org.apache.cxf.frontend.ClientProxy.invokeSync(
>>> ClientProxy.java:96)
>>>      at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
>>> JaxWsClientProxy.java:136)
>>>      at com.sun.proxy.$Proxy42.submitInvoice(Unknown Source)
>>>      at ch.curabill.msp.service.invoicedelivery.client.
>>> InvoiceDeliveryClient.submitDocument(InvoiceDeliveryClient.java:216)
>>>      at ch.curabill.msp.service.invoicedelivery.client.
>>> InvoiceDeliveryClient.main(InvoiceDeliveryClient.java:138)
>>>
>>>
>>>
>>> but then before all files are sent I get an exception:
>>> Jan 27, 2015 5:04:23 PM org.apache.cxf.ws.addressing.soap.MAPCodec
>>> restoreExchange
>>> Warnung: Response message does not contain WS-Addressing properties.  Not
>>> correlating response.
>>> Jan 27, 2015 5:04:23 PM org.apache.cxf.ws.security.
>>> wss4j.WSS4JInInterceptor
>>> handleMessage
>>> Warnung: Request does not contain Security header, but it's a fault.
>>> Jan 27, 2015 5:04:23 PM org.apache.cxf.ws.addressing.ContextUtils
>>> retrieveMAPs
>>> Warnung: WS-Addressing - failed to retrieve Message Addressing Properties
>>> from context
>>> javax.xml.ws.soap.SOAPFaultException: General security error (SAML token
>>> security failure)
>>>      at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
>>> JaxWsClientProxy.java:158)
>>>      at com.sun.proxy.$Proxy42.submitInvoice(Unknown Source)
>>>      at ch.curabill.msp.service.invoicedelivery.client.
>>> InvoiceDeliveryClient.submitDocument(InvoiceDeliveryClient.java:216)
>>>      at ch.curabill.msp.service.invoicedelivery.client.
>>> InvoiceDeliveryClient.main(InvoiceDeliveryClient.java:138)
>>> Caused by: org.apache.cxf.binding.soap.SoapFault: General security error
>>> (SAML token security failure)
>>>      at org.apache.cxf.binding.soap.interceptor.
>>> Soap11FaultInInterceptor.
>>> unmarshalFault(Soap11FaultInInterceptor.java:84)
>>>      at org.apache.cxf.binding.soap.interceptor.
>>> Soap11FaultInInterceptor.
>>> handleMessage(Soap11FaultInInterceptor.java:51)
>>>      at org.apache.cxf.binding.soap.interceptor.
>>> Soap11FaultInInterceptor.
>>> handleMessage(Soap11FaultInInterceptor.java:40)
>>>      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
>>> PhaseInterceptorChain.java:272)
>>>      at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObs
>>> erver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
>>>      at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.
>>> handleMessage(CheckFaultInterceptor.java:69)
>>>      at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.
>>> handleMessage(CheckFaultInterceptor.java:34)
>>>      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
>>> PhaseInterceptorChain.java:272)
>>>      at org.apache.cxf.endpoint.ClientImpl.onMessage(
>>> ClientImpl.java:849)
>>>      at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
>>> handleResponseInternal(HTTPConduit.java:1626)
>>>      at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.
>>> handleResponse(HTTPConduit.java:1515)
>>>      at org.apache.cxf.transport.http.HTTPConduit$
>>> WrappedOutputStream.close(HTTPConduit.java:1318)
>>>      at org.apache.cxf.transport.AbstractConduit.close(
>>> AbstractConduit.java:56)
>>>      at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.
>>> java:632)
>>>      at org.apache.cxf.interceptor.MessageSenderInterceptor$
>>> MessageSenderEndingInterceptor.handleMessage(
>>> MessageSenderInterceptor.java:62)
>>>      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
>>> PhaseInterceptorChain.java:272)
>>>      at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:572)
>>>      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:481)
>>>      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:382)
>>>      at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:335)
>>>      at org.apache.cxf.frontend.ClientProxy.invokeSync(
>>> ClientProxy.java:96)
>>>      at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(
>>> JaxWsClientProxy.java:136)
>>>      ... 3 more
>>>
>>>
>>> Any idea?
>>>
>>> Thanks
>>> Laci
>>>
>>> On 27.01.2015 16:45, Colm O hEigeartaigh wrote:
>>>
>>>  Token renewing is, or should be, supported. However, maybe there is some
>>>> other issue that is causing the problem.
>>>>
>>>> Colm.
>>>>
>>>> On Tue, Jan 27, 2015 at 3:37 PM, Laci Gaspar <[email protected]> wrote:
>>>>
>>>>   Thanks for your quick answer, Colm.
>>>>
>>>>> Are you saying, that with a more recent version of CXF the token should
>>>>> be
>>>>> renewed automatically?
>>>>>
>>>>> Thanks,
>>>>> Laci
>>>>>
>>>>> On 27.01.2015 16:34, Colm O hEigeartaigh wrote:
>>>>>
>>>>>   Could you try with a more recent version of CXF? There have been a
>>>>> bunch
>>>>>
>>>>>> of
>>>>>> issues fixed in relation to renewing tokens since the 2.7.7 release.
>>>>>>
>>>>>> Colm.
>>>>>>
>>>>>> On Tue, Jan 27, 2015 at 3:26 PM, Laci Gaspar <[email protected]>
>>>>>> wrote:
>>>>>>
>>>>>>    Hi
>>>>>>
>>>>>>  We are using an sts (cxf 2.7.7) to issue saml 2 tokens for our
>>>>>>> webservices.
>>>>>>>
>>>>>>> Our WS Clients are instantiated by spring. Something like this:
>>>>>>>
>>>>>>>            SpringBusFactory bf = new SpringBusFactory();
>>>>>>>            URL busFile = new ClassPathResource("wssec-
>>>>>>> client.xml").getURL();
>>>>>>>
>>>>>>>            Bus bus = bf.createBus(busFile.toString());
>>>>>>>            SpringBusFactory.setDefaultBus(bus);
>>>>>>>            SpringBusFactory.setThreadDefaultBus(bus);
>>>>>>>
>>>>>>>            Service service = Service.create(wsdlURL, SERVICE_NAME);
>>>>>>>            while (true) {
>>>>>>>                Greeter port = service.getPort(PORT_NAME,
>>>>>>> Greeter.class);
>>>>>>>            }
>>>>>>>
>>>>>>>
>>>>>>> After the token expires I receive an exception calling the WS. Can
>>>>>>> anybody
>>>>>>> please help me with how I renew the token after it expires?
>>>>>>>
>>>>>>> Any help is most appreciated.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Laci
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Re: renew sts token

Reply via email to