I've merged a fix for this: https://issues.apache.org/jira/browse/CXF-7111
You can change the token lifetime via a new JAX-WS property: "ws-security.security.token.lifetime" Colm. On Tue, Oct 25, 2016 at 6:28 PM, Hammad Khan <[email protected]> wrote: > > Hi, > When making secure service calls that take longer then 5 minutes we are > getting the following exception when the operation finishes: > > javax.xml.ws.soap.SOAPFaultException: Unsupported key identification: > rNxxOCJ5uh7BFH69DLeDkZu21LM= > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke > (JaxWsClientProxy.java:160) > at com.sun.proxy.$Proxy45.getJobDescription(Unknown Source) > at > com.merge.icc.demos.client.employee.basic.CallServiceListener.callService > (CallServiceListener.java:39) > at > com.merge.icc.demos.client.employee.basic.CallServiceListener. > actionPerformed > (CallServiceListener.java:53) > at javax.swing.AbstractButton.fireActionPerformed > (AbstractButton.java:2018) > at javax.swing.AbstractButton$Handler.actionPerformed > (AbstractButton.java:2341) > at javax.swing.DefaultButtonModel.fireActionPerformed > (DefaultButtonModel.java:402) > at javax.swing.DefaultButtonModel.setPressed > (DefaultButtonModel.java:259) > at javax.swing.plaf.basic.BasicButtonListener.mouseReleased > (BasicButtonListener.java:252) > at java.awt.Component.processMouseEvent(Component.java:6516) > at javax.swing.JComponent.processMouseEvent(JComponent.java:3321) > at java.awt.Component.processEvent(Component.java:6281) > at java.awt.Container.processEvent(Container.java:2229) > at java.awt.Component.dispatchEventImpl(Component.java:4872) > at java.awt.Container.dispatchEventImpl(Container.java:2287) > at java.awt.Component.dispatchEvent(Component.java:4698) > at java.awt.LightweightDispatcher.retargetMouseEvent > (Container.java:4832) > at java.awt.LightweightDispatcher.processMouseEvent > (Container.java:4492) > at java.awt.LightweightDispatcher.dispatchEvent(Container.java: > 4422) > at java.awt.Container.dispatchEventImpl(Container.java:2273) > at java.awt.Window.dispatchEventImpl(Window.java:2719) > at java.awt.Component.dispatchEvent(Component.java:4698) > at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:747) > at java.awt.EventQueue.access$300(EventQueue.java:103) > at java.awt.EventQueue$3.run(EventQueue.java:706) > at java.awt.EventQueue$3.run(EventQueue.java:704) > at java.security.AccessController.doPrivileged(Native Method) > at java.security.ProtectionDomain$1.doIntersectionPrivilege > (ProtectionDomain.java:76) > at java.security.ProtectionDomain$1.doIntersectionPrivilege > (ProtectionDomain.java:87) > at java.awt.EventQueue$4.run(EventQueue.java:720) > at java.awt.EventQueue$4.run(EventQueue.java:718) > at java.security.AccessController.doPrivileged(Native Method) > at java.security.ProtectionDomain$1.doIntersectionPrivilege > (ProtectionDomain.java:76) > at java.awt.EventQueue.dispatchEvent(EventQueue.java:717) > at java.awt.EventDispatchThread.pumpOneEventForFilters > (EventDispatchThread.java:242) > at java.awt.EventDispatchThread.pumpEventsForFilter > (EventDispatchThread.java:161) > at java.awt.EventDispatchThread.pumpEventsForHierarchy > (EventDispatchThread.java:150) > at java.awt.EventDispatchThread.pumpEvents > (EventDispatchThread.java:146) > at java.awt.EventDispatchThread.pumpEvents > (EventDispatchThread.java:138) > at java.awt.EventDispatchThread.run(EventDispatchThread.java:91) > Caused by: org.apache.wss4j.common.ext.WSSecurityException: Unsupported > key > identification: rNxxOCJ5uh7BFH69DLeDkZu21LM= > at > org.apache.wss4j.dom.str.DerivedKeyTokenSTRParser. > parseSecurityTokenReference > (DerivedKeyTokenSTRParser.java:135) > at > org.apache.wss4j.dom.processor.DerivedKeyTokenProcessor.handleToken > (DerivedKeyTokenProcessor.java:63) > at org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader > (WSSecurityEngine.java:428) > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal > (WSS4JInInterceptor.java:278) > at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor. > handleMessage > (WSS4JInInterceptor.java:190) > at > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor. > handleMessage > (PolicyBasedWSS4JInInterceptor.java:127) > at > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor. > handleMessage > (PolicyBasedWSS4JInInterceptor.java:112) > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept > (PhaseInterceptorChain.java:307) > at org.apache.cxf.endpoint.ClientImpl.onMessage( > ClientImpl.java:802) > at org.apache.cxf.transport.http.HTTPConduit > $WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1644) > at org.apache.cxf.transport.http.HTTPConduit > $WrappedOutputStream.handleResponse(HTTPConduit.java:1532) > at org.apache.cxf.transport.http.HTTPConduit > $WrappedOutputStream.close(HTTPConduit.java:1330) > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose > (CacheAndWriteOutputStream.java:56) > at org.apache.cxf.io.CachedOutputStream.close > (CachedOutputStream.java:215) > at org.apache.cxf.transport.AbstractConduit.close > (AbstractConduit.java:56) > at org.apache.cxf.transport.http.HTTPConduit.close > (HTTPConduit.java:652) > at org.apache.cxf.interceptor.MessageSenderInterceptor > $MessageSenderEndingInterceptor.handleMessage > (MessageSenderInterceptor.java:62) > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept > (PhaseInterceptorChain.java:307) > at org.apache.cxf.endpoint.ClientImpl.doInvoke( > ClientImpl.java:516) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279) > at org.apache.cxf.frontend.ClientProxy.invokeSync > (ClientProxy.java:96) > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke > (JaxWsClientProxy.java:138) > ... 39 more > > We have tacked this issue down to the fact that the method > setupEncryptedKey in the > org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler > class has a hard coded expiry time of 5 minutes. > (same with methods: getEncryptedKey, setupUTDerivedKey, getUTDerivedKey) > > We are using cxf 3.0.6, however, looking at the latest > SymmetricBindingHandler I see that the expiry time is still hard coded to 5 > minutes. > > Is it possible to make this expiry time configurable. > > One option I see is to have a property in the jaxrs:client configuration > and read this property in the SymmetricBindingHandler constructor from > request context of the passed message. > > Thanks > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
