Hi Andreas, It should be specified as a JAX-WS property of the client, not as a property of the STSClient itself, so something like:
<entry key="ws-security.sts.token.imminent-expiry-value" value="5" /> Are you saying that this is not working? Colm. On Thu, Mar 26, 2015 at 11:04 PM, Vallen, Andreas (Ext) < [email protected]> wrote: > Hi, > > introduced with cxf-2.7.13, the STSClient configuration property > "ws-security.sts.token.imminent-expiry-value" should make the STS client > renew tokens some time before their actual expiry - in order to be on the > safe side. > > Not finding any examples on where to configure this, I assumed it should > be configured as one of the STS client properties like seen below. > > However CXF does not change its behavior, and continues to use tokens > until the last millisecond before their expiry, occasionally having them > expire in-flight instead. > > I also tried moving the configuration property up one level directly below > the jaxws:client's jaxws:properties, but this also did not alter the STS > client behavior. Am I doing this all wrong? Any help is much appreciated. > > Regards, > Andreas Vallen > > > <jaxws:client xmlns:abc="http://service.abc.net/"; > id="ABCService" > serviceName="abc:ABCServiceService" > endpointName="abc:ABCServicePort" > address="${abc.service.address}" > serviceClass="net.abc.soap.ecs.ABCService" > wsdlLocation="WEB-INF/abcservice.wsdl"> > <jaxws:properties> > <entry key="dataFormat" value="POJO"/> > <entry key="ws-security.sts.client"> > <bean class="org.apache.cxf.ws.security.trust.STSClient"> > <constructor-arg ref="cxf"/> > <property name="wsdlLocation" > > value="${unify.sts.url}/fediz-idp-sts/REALMA/STSServiceTransport?wsdl"/> > <property name="serviceName" > value="{ > http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/> > <property name="endpointName" > value="{ > http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/> > <property name="actAs" ref="delegationCallbackHandler"/> > <property name="enableAppliesTo" value="true"/> > <property name="properties"> > <map> > <!-- find documentation for the following > properties here: > > http://cxf.apache.org/docs/ws-securitypolicy.html --> > > <!-- The value in seconds within which a token is > considered to be expired by the client, i.e. it is > considered to be expired if it will expire in > a time less than the value specified by this tag. > This will be set to 10 by default in > CXF-3.0.2, until then we have to set it manually in > order to prevent tokens from becoming invalid > en-route to the service. > See: > - > org.apache.cxf.ws.security.SecurityConstants#STS_TOKEN_IMMINENT_EXPIRY_VALUE > - > https://issues.apache.org/jira/browse/CXF-5975 > --> > <entry > key="ws-security.sts.token.imminent-expiry-value" value="10"/> > ... > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
