You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Andrew <An...@booxware.de> on 2015/06/20 15:14:30 UTC
Caching and reusing SecureConversationToken - how?
Hello,
I have CXF-based web service client that talks to a 3rd party web service
which uses WS-Policy and WS-SecureConversation. One of the issues I'm having
is that currently a new WS-SecureConversation SecurityContextToken is
requested and granted before each new request to the remote service. I would
like to just request one SecurityContextToken and reuse it for, say, one
hour if not more. (The SecurityTokens I'm getting have an expiration time of
15 hours).
I've tried to get CXF to reuse SecurityTokens, with versions 3.0.5, 3.1.0
and 3.1.1. My jaxws:properties element in cxf.xml sets the
"ws-security.enable.nonce.cache" and "ws-security.enable.timestamp.cache" to
true, not that I'm sure these are really what I need. New SecurityTokens get
requested whether I'm calling the same wsdl:operation in quick succession,
or different operations.
I've debugged the sending and receipt of a few messages, and while
org.apache.cxf.ws.security.tokenstore.TokenStore.add(SecurityToken) gets
called several times (once per SecurityToken request, I think),
org.apache.cxf.ws.security.tokenstore.TokenStore.getToken(String) never gets
called. I have ehcache (2.10.0) as a dependency in my POM. I've added a
cxf-ehcache.xml file to my project, similar to the default one, to no
visible effect.
How might I cache and reuse a SecurityToken? I attach to this message a
representative wsp:Policy element.
Many thanks,
Andrew
policyexcerpt.xml
<http://cxf.547215.n5.nabble.com/file/n5758451/policyexcerpt.xml>
--
View this message in context: http://cxf.547215.n5.nabble.com/Caching-and-reusing-SecureConversationToken-how-tp5758451.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Caching and reusing SecureConversationToken - how?
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Andrew,
The problem with reusing the same security token across different client
proxies is that you run into security problems, if the client proxies
represent different users. It is simplest just to keep it per-proxy.
Colm.
On Wed, Jun 24, 2015 at 1:56 PM, Andrew <An...@booxware.de> wrote:
> coheigea wrote
> > What does your client code look like? Caching only works for the same
> > client proxy. If you are closing the proxy, or else creating a new one,
> > then the cached SecurityContextToken will not be retrieved. If you are
> > re-using the same client proxy, then the SecurityContextToken should be
> > retrieved from the cache + re-used.
> >
> > Colm.
>
> Right you are. My client is WSDL-first and uses the Java classes generated
> per the WSDL to get a new Proxy before each call. I changed it just now to
> reuse one and the same proxy for multiple requests, and the issued security
> token does indeed get reused.
>
> This is by design, right? Would it make sense / be possible for the same
> security token to be (re)used by distinct client proxy objects?
>
> In any event, I think my question is answered. Thanks!
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Caching-and-reusing-SecureConversationToken-how-tp5758451p5758553.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Caching and reusing SecureConversationToken - how?
Posted by Andrew <An...@booxware.de>.
coheigea wrote
> What does your client code look like? Caching only works for the same
> client proxy. If you are closing the proxy, or else creating a new one,
> then the cached SecurityContextToken will not be retrieved. If you are
> re-using the same client proxy, then the SecurityContextToken should be
> retrieved from the cache + re-used.
>
> Colm.
Right you are. My client is WSDL-first and uses the Java classes generated
per the WSDL to get a new Proxy before each call. I changed it just now to
reuse one and the same proxy for multiple requests, and the issued security
token does indeed get reused.
This is by design, right? Would it make sense / be possible for the same
security token to be (re)used by distinct client proxy objects?
In any event, I think my question is answered. Thanks!
--
View this message in context: http://cxf.547215.n5.nabble.com/Caching-and-reusing-SecureConversationToken-how-tp5758451p5758553.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Caching and reusing SecureConversationToken - how?
Posted by Colm O hEigeartaigh <co...@apache.org>.
What does your client code look like? Caching only works for the same
client proxy. If you are closing the proxy, or else creating a new one,
then the cached SecurityContextToken will not be retrieved. If you are
re-using the same client proxy, then the SecurityContextToken should be
retrieved from the cache + re-used.
Colm.
On Sat, Jun 20, 2015 at 2:14 PM, Andrew <An...@booxware.de> wrote:
> Hello,
>
> I have CXF-based web service client that talks to a 3rd party web service
> which uses WS-Policy and WS-SecureConversation. One of the issues I'm
> having
> is that currently a new WS-SecureConversation SecurityContextToken is
> requested and granted before each new request to the remote service. I
> would
> like to just request one SecurityContextToken and reuse it for, say, one
> hour if not more. (The SecurityTokens I'm getting have an expiration time
> of
> 15 hours).
>
> I've tried to get CXF to reuse SecurityTokens, with versions 3.0.5, 3.1.0
> and 3.1.1. My jaxws:properties element in cxf.xml sets the
> "ws-security.enable.nonce.cache" and "ws-security.enable.timestamp.cache"
> to
> true, not that I'm sure these are really what I need. New SecurityTokens
> get
> requested whether I'm calling the same wsdl:operation in quick succession,
> or different operations.
>
> I've debugged the sending and receipt of a few messages, and while
> org.apache.cxf.ws.security.tokenstore.TokenStore.add(SecurityToken) gets
> called several times (once per SecurityToken request, I think),
> org.apache.cxf.ws.security.tokenstore.TokenStore.getToken(String) never
> gets
> called. I have ehcache (2.10.0) as a dependency in my POM. I've added a
> cxf-ehcache.xml file to my project, similar to the default one, to no
> visible effect.
>
> How might I cache and reuse a SecurityToken? I attach to this message a
> representative wsp:Policy element.
>
> Many thanks,
> Andrew
>
> policyexcerpt.xml
> <http://cxf.547215.n5.nabble.com/file/n5758451/policyexcerpt.xml>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Caching-and-reusing-SecureConversationToken-how-tp5758451.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com