Hi,
When making secure service calls that take longer then 5 minutes we are
getting the following exception when the operation finishes:
javax.xml.ws.soap.SOAPFaultException: Unsupported key identification:
rNxxOCJ5uh7BFH69DLeDkZu21LM=
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke
(JaxWsClientProxy.java:160)
at com.sun.proxy.$Proxy45.getJobDescription(Unknown Source)
at
com.merge.icc.demos.client.employee.basic.CallServiceListener.callService
(CallServiceListener.java:39)
at
com.merge.icc.demos.client.employee.basic.CallServiceListener.actionPerformed
(CallServiceListener.java:53)
at javax.swing.AbstractButton.fireActionPerformed
(AbstractButton.java:2018)
at javax.swing.AbstractButton$Handler.actionPerformed
(AbstractButton.java:2341)
at javax.swing.DefaultButtonModel.fireActionPerformed
(DefaultButtonModel.java:402)
at javax.swing.DefaultButtonModel.setPressed
(DefaultButtonModel.java:259)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased
(BasicButtonListener.java:252)
at java.awt.Component.processMouseEvent(Component.java:6516)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3321)
at java.awt.Component.processEvent(Component.java:6281)
at java.awt.Container.processEvent(Container.java:2229)
at java.awt.Component.dispatchEventImpl(Component.java:4872)
at java.awt.Container.dispatchEventImpl(Container.java:2287)
at java.awt.Component.dispatchEvent(Component.java:4698)
at java.awt.LightweightDispatcher.retargetMouseEvent
(Container.java:4832)
at java.awt.LightweightDispatcher.processMouseEvent
(Container.java:4492)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4422)
at java.awt.Container.dispatchEventImpl(Container.java:2273)
at java.awt.Window.dispatchEventImpl(Window.java:2719)
at java.awt.Component.dispatchEvent(Component.java:4698)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:747)
at java.awt.EventQueue.access$300(EventQueue.java:103)
at java.awt.EventQueue$3.run(EventQueue.java:706)
at java.awt.EventQueue$3.run(EventQueue.java:704)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege
(ProtectionDomain.java:76)
at java.security.ProtectionDomain$1.doIntersectionPrivilege
(ProtectionDomain.java:87)
at java.awt.EventQueue$4.run(EventQueue.java:720)
at java.awt.EventQueue$4.run(EventQueue.java:718)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege
(ProtectionDomain.java:76)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:717)
at java.awt.EventDispatchThread.pumpOneEventForFilters
(EventDispatchThread.java:242)
at java.awt.EventDispatchThread.pumpEventsForFilter
(EventDispatchThread.java:161)
at java.awt.EventDispatchThread.pumpEventsForHierarchy
(EventDispatchThread.java:150)
at java.awt.EventDispatchThread.pumpEvents
(EventDispatchThread.java:146)
at java.awt.EventDispatchThread.pumpEvents
(EventDispatchThread.java:138)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:91)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Unsupported key
identification: rNxxOCJ5uh7BFH69DLeDkZu21LM=
at
org.apache.wss4j.dom.str.DerivedKeyTokenSTRParser.parseSecurityTokenReference
(DerivedKeyTokenSTRParser.java:135)
at
org.apache.wss4j.dom.processor.DerivedKeyTokenProcessor.handleToken
(DerivedKeyTokenProcessor.java:63)
at org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader
(WSSecurityEngine.java:428)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal
(WSS4JInInterceptor.java:278)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage
(WSS4JInInterceptor.java:190)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage
(PolicyBasedWSS4JInInterceptor.java:127)
at
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage
(PolicyBasedWSS4JInInterceptor.java:112)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept
(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:802)
at org.apache.cxf.transport.http.HTTPConduit
$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1644)
at org.apache.cxf.transport.http.HTTPConduit
$WrappedOutputStream.handleResponse(HTTPConduit.java:1532)
at org.apache.cxf.transport.http.HTTPConduit
$WrappedOutputStream.close(HTTPConduit.java:1330)
at org.apache.cxf.io.CacheAndWriteOutputStream.postClose
(CacheAndWriteOutputStream.java:56)
at org.apache.cxf.io.CachedOutputStream.close
(CachedOutputStream.java:215)
at org.apache.cxf.transport.AbstractConduit.close
(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close
(HTTPConduit.java:652)
at org.apache.cxf.interceptor.MessageSenderInterceptor
$MessageSenderEndingInterceptor.handleMessage
(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept
(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at org.apache.cxf.frontend.ClientProxy.invokeSync
(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke
(JaxWsClientProxy.java:138)
... 39 more
We have tacked this issue down to the fact that the method
setupEncryptedKey in the
org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler
class has a hard coded expiry time of 5 minutes.
(same with methods: getEncryptedKey, setupUTDerivedKey, getUTDerivedKey)
We are using cxf 3.0.6, however, looking at the latest
SymmetricBindingHandler I see that the expiry time is still hard coded to 5
minutes.
Is it possible to make this expiry time configurable.
One option I see is to have a property in the jaxrs:client configuration
and read this property in the SymmetricBindingHandler constructor from
request context of the passed message.
Thanks
