You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by John Li <jo...@mycubes.nl> on 2013/08/15 12:05:37 UTC

Re: WSRM in combination with WS-Security: timestamp problem

Hi all,

Sorry for my late response. Not sure if the problem is still actual but
responding on it anyway.

I must say I can't completely recall which issues I exactly ran into while
combining the ws-rm and ws-security standards since it has been a while.
As far as I remember we ran into the following issues:
- receiving end of the ws-rm messages was only expecting the signing and
encryption of the 'real' message and not the ws-rm lifecycle messages.
Solved it by adding the filters in the bus configuration so it would affect
all messages going out or in.
- add support for signatureConfirmation in the response for non-repudiation
- replay-attack due to retries (temporary solved by setting Acknowledgement
interval to 0. The return message then will contain the acknowledgeheaders
as well)
- inorder combined with exactlyOnce and using solely piggybacking as
acknowledgement mechanism is causing an endless loop of retransmissions
until a new message (so not a retransmitted one) is sent to the server.
reason is that the exactlyOnce is cause a soapfault for retransmitted
messages but it contains no acknowledgement headers. Possible ways to solve
this is using a public acksTo address (so not anonymous) or combining it
with ws-makeConnection (not tested).

But I agree with Dennis that the issue described by Carlos seems more like
a configuration issue. I didn't run into this while doing the tests. I also
didn't use jaxws client but I used the simple frontend client proxy to get
a client instance. Maybe that's the reason why I didn't ran into the same
issues.

Hope it helps.

regards,
John



On Tue, Jul 16, 2013 at 11:06 PM, Dennis Sosnoski <dm...@sosnoski.com> wrote:

> Perhaps John can tell you what he did to get it working. I'll check into
> that myself next week.
>
> Thanks,
>
>   - Dennis
>
>
> On 07/16/2013 11:54 PM, Carlos Aza wrote:
>
>> Hello,
>>
>> Thank you for your response.
>>
>> John said in his very first comment "After a struggle the createSequence
>> call is
>> successfully finished with WS-Security added". I think his original
>> problems
>> where the same as I am having right now. Maybe I should open a new thread
>> to
>> treat the problems of sending the createSequence message when ws-security
>> is
>> enabled. Should I?
>>
>> Thank you,
>>   Carlos
>>
>>
>>
>> --
>> View this message in context: http://cxf.547215.n5.nabble.**
>> com/WSRM-in-combination-with-**WS-Security-timestamp-problem-**
>> tp5723872p5730910.html<http://cxf.547215.n5.nabble.com/WSRM-in-combination-with-WS-Security-timestamp-problem-tp5723872p5730910.html>
>> Sent from the cxf-dev mailing list archive at Nabble.com.
>>
>>
>