Hello, I'm having an issue with CXF; I thought it best to first ask here. Perhaps this will turn into a bug report or feature request, but if there's a simpler way to achieve what I want I'd be glad to learn of it.
I'm writing a CXF client that consumes a WS-Policy- and WS-SecurityPolicy-using web service. The web service sits behind a load balancer. (I think SSL Pass-Through, but I'm not 100% sure. Could also be SSL-terminating.) Almost all requests need to include a SecurityContextToken, issued by the remote server(s). But the servers serving this web service sit behind a load balancer. What this means is that a request for a SecurityContextToken can get delivered to server 1, while the actual request secured with that context token gets delivered to server 2. Server 2 will then throw the exception "SOAPFaultException: The message could not be processed. This is most likely because the action 'http://actionURL' is incorrect or because the message contains an invalid or expired security context token [..]", because it does not recognise the SecurityContextToken as valid, because it did not issue it. I've verified this: the errors occur, and they are intermittent, as one would expect them to be if some requests get routed to the appropriate server and some don't. What I think I need is a way to tell CXF to reuse the same SSL connection for a given set of requests, or for a given time (say, 1 minute). At least, this was the recommendation of the remote service's developers. The idea being that using the same SSL connection would ensure that subsequent requests get forwarded to the same (i.e. the right) server, which will then recognise the security token it had previously issued as valid. Is this possible with CXF? If not, is there a work-around I could try? If not, could this be implemented? If you'd need more information to verify this, please let me know. -- View this message in context: http://cxf.547215.n5.nabble.com/CXF-client-can-t-reliably-talk-to-secure-WS-behind-load-balancer-tp5759232.html Sent from the cxf-user mailing list archive at Nabble.com.
