You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by "marcin.kasinski" <ma...@gmail.com> on 2012/12/01 14:17:49 UTC
CXF WSS4J and timestampStrict
I have simple cxf service configured with action "Timestamp Signature
Encrypt".
In spring configuration I added <entry key="timestampStrict"
value="false"/>, because in requests sometimes there is no Timestamp header.
>From documentation I can read : timestampStrict: Set whether to enable
strict Timestamp handling. Default is "true".
Problem is that if there is no timestamp header in request I get error:
Caused by: org.apache.ws.security.WSSecurityException: An error was
discovered processing the <wsse:Security> header
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:380)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:301)
... 28 more
gru 01
Having timestamp header in request everything works fine.
Can you explain it please?
-----
Regards
Marcin Kasinski
http://itzone.com.pl
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-WSS4J-and-timestampStrict-tp5719532.html
Sent from the cxf-dev mailing list archive at Nabble.com.
Re: CXF WSS4J and timestampStrict
Posted by Colm O hEigeartaigh <co...@apache.org>.
> If in request message there is timestamp validate it
> If in request message there is no timestamp just handle this message
without
> validation.
The old way of configuring WS-Security which you are using is not flexible
to handle this scenario. You need to switch to using WS-SecurityPolicy:
http://cxf.apache.org/docs/ws-securitypolicy.html
Colm.
On Tue, Dec 4, 2012 at 12:00 PM, marcin.kasinski
<ma...@gmail.com>wrote:
>
>
> In first post I wrote:
>
> From documentation I can read : timestampStrict: Set whether to enable
> strict Timestamp handling. Default is "true".
>
>
> Thats why on server side I placed timestampStrict = false.
>
> My undestanding od this: client can send timestamp, but if not it is not
> problem for service.
>
>
> What I would like to achieve:
>
> If in request message there is timestamp validate it
> If in request message there is no timestamp just handle this message
> without
> validation.
>
> What I do wrong ?
>
>
>
>
>
>
> -----
>
> Regards
> Marcin Kasinski
> http://itzone.com.pl
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-WSS4J-and-timestampStrict-tp5719532p5719617.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: CXF WSS4J and timestampStrict
Posted by "marcin.kasinski" <ma...@gmail.com>.
In first post I wrote:
>From documentation I can read : timestampStrict: Set whether to enable
strict Timestamp handling. Default is "true".
Thats why on server side I placed timestampStrict = false.
My undestanding od this: client can send timestamp, but if not it is not
problem for service.
What I would like to achieve:
If in request message there is timestamp validate it
If in request message there is no timestamp just handle this message without
validation.
What I do wrong ?
-----
Regards
Marcin Kasinski
http://itzone.com.pl
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-WSS4J-and-timestampStrict-tp5719532p5719617.html
Sent from the cxf-dev mailing list archive at Nabble.com.
Re: CXF WSS4J and timestampStrict
Posted by Colm O hEigeartaigh <co...@apache.org>.
Here is the problem:
> <entry key="action" value="Signature Encrypt"/>
> <entry key="action" value="Timestamp Signature Encrypt"/>
The "action" list must match on both the outbound and inbound sides.
Colm.
On Mon, Dec 3, 2012 at 10:14 AM, marcin.kasinski
<ma...@gmail.com>wrote:
> My client configuration:
>
>
> <bean id="RequestInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <constructor-arg>
> <map>
>
>
> <entry key="action" value="Signature Encrypt"/>
> <entry key="user" value="client" />
>
> <entry key="signaturePropFile"
> value="client_sign.properties"/>
> <entry key="encryptionPropFile"
> value="client_encrypt.properties"/>
>
> <entry key="encryptionUser" value="server cert" />
>
>
> <entry key="signatureKeyIdentifier"
> value="DirectReference"/>
>
>
>
> <entry key="encryptionParts"
> value="{Element}{
> http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{Null}arg0"/>
>
>
> <entry key="encryptionSymAlgorithm"
> value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
>
> <entry key="passwordCallbackClass"
> value="mkcallbackpackage.ServiceKeystorePasswordCallback"/>
>
> </map>
> </constructor-arg>
> </bean>
>
>
>
> My service configuration:
>
> <bean id="RequestInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> <constructor-arg>
> <map>
>
> <entry key="action" value="Timestamp Signature Encrypt"/>
>
>
> <entry key="signaturePropFile"
> value="server_sign.properties"/>
> <entry key="decryptionPropFile"
> value="server_sign.properties"/>
>
> <entry key="timestampStrict" value="false"/>
>
> <entry key="passwordCallbackClass"
> value="mkcallbackpackage.ServiceKeystorePasswordCallback"/>
>
>
>
>
>
>
>
>
> </map>
> </constructor-arg>
> </bean>
>
>
> Error message:
>
> gru 03, 2012 11:13:28 AM
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
> checkActions
> WARNING: Security processing failed (actions mismatch)
> gru 03, 2012 11:13:28 AM
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
> handleMessage
> WARNING:
> org.apache.ws.security.WSSecurityException: An error was discovered
> processing the <wsse:Security> header
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:380)
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:301)
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:94)
> at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> at
>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> at
>
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:238)
> at
>
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:222)
> at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:202)
> at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
> at
>
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:158)
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:239)
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:159)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:215)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
> at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
> at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
> at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
> at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> at
>
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
> at
>
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
> at
>
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown
> Source)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
> Source)
> at java.lang.Thread.run(Unknown Source)
>
> gru 03, 2012 11:13:28 AM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
> WARNING: Interceptor for
> {http://mkpackage/}HelloMgrImplService#{http://mkpackage/}hello has thrown
> exception, unwinding now
> org.apache.cxf.binding.soap.SoapFault: An error was discovered processing
> the <wsse:Security> header
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:797)
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:354)
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:94)
> at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> at
>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
> at
>
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:238)
> at
>
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:222)
> at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:202)
> at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
> at
>
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:158)
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:239)
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:159)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
> at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:215)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
> at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
> at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
> at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
> at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
> at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
> at
>
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
> at
>
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
> at
>
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown
> Source)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
> Source)
> at java.lang.Thread.run(Unknown Source)
> Caused by: org.apache.ws.security.WSSecurityException: An error was
> discovered processing the <wsse:Security> header
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:380)
> at
>
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:301)
> ... 28 more
>
>
>
>
> -----
>
> Regards
> Marcin Kasinski
> http://itzone.com.pl
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-WSS4J-and-timestampStrict-tp5719532p5719566.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: CXF WSS4J and timestampStrict
Posted by "marcin.kasinski" <ma...@gmail.com>.
My client configuration:
<bean id="RequestInterceptor"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature Encrypt"/>
<entry key="user" value="client" />
<entry key="signaturePropFile"
value="client_sign.properties"/>
<entry key="encryptionPropFile"
value="client_encrypt.properties"/>
<entry key="encryptionUser" value="server cert" />
<entry key="signatureKeyIdentifier" value="DirectReference"/>
<entry key="encryptionParts"
value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{Null}arg0"/>
<entry key="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<entry key="passwordCallbackClass"
value="mkcallbackpackage.ServiceKeystorePasswordCallback"/>
</map>
</constructor-arg>
</bean>
My service configuration:
<bean id="RequestInterceptor"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature Encrypt"/>
<entry key="signaturePropFile"
value="server_sign.properties"/>
<entry key="decryptionPropFile"
value="server_sign.properties"/>
<entry key="timestampStrict" value="false"/>
<entry key="passwordCallbackClass"
value="mkcallbackpackage.ServiceKeystorePasswordCallback"/>
</map>
</constructor-arg>
</bean>
Error message:
gru 03, 2012 11:13:28 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
checkActions
WARNING: Security processing failed (actions mismatch)
gru 03, 2012 11:13:28 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
handleMessage
WARNING:
org.apache.ws.security.WSSecurityException: An error was discovered
processing the <wsse:Security> header
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:380)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:301)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:94)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:238)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:222)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:202)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:158)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:239)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:159)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:215)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
gru 03, 2012 11:13:28 AM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for
{http://mkpackage/}HelloMgrImplService#{http://mkpackage/}hello has thrown
exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: An error was discovered processing
the <wsse:Security> header
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:797)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:354)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:94)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:238)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:222)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:202)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:137)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:158)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:239)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:159)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:215)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.ws.security.WSSecurityException: An error was
discovered processing the <wsse:Security> header
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:380)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:301)
... 28 more
-----
Regards
Marcin Kasinski
http://itzone.com.pl
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-WSS4J-and-timestampStrict-tp5719532p5719566.html
Sent from the cxf-dev mailing list archive at Nabble.com.
RE: CXF WSS4J and timestampStrict
Posted by Andrei Shakirin <as...@talend.com>.
Hi Marcin,
Seems that error is caused by incorrect security headers order.
Can you put wire message here?
Cheers,
Andrei.
> -----Original Message-----
> From: marcin.kasinski [mailto:marcin.kasinski@gmail.com]
> Sent: Samstag, 1. Dezember 2012 14:18
> To: dev@cxf.apache.org
> Subject: CXF WSS4J and timestampStrict
>
> I have simple cxf service configured with action "Timestamp Signature
> Encrypt".
>
> In spring configuration I added <entry key="timestampStrict"
> value="false"/>, because in requests sometimes there is no Timestamp
> header.
>
>
> From documentation I can read : timestampStrict: Set whether to enable
> strict Timestamp handling. Default is "true".
>
> Problem is that if there is no timestamp header in request I get error:
>
>
> Caused by: org.apache.ws.security.WSSecurityException: An error was
> discovered processing the <wsse:Security> header
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInI
> nterceptor.java:380)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4
> JInInterceptor.java:301)
> ... 28 more
>
> gru 01
>
>
> Having timestamp header in request everything works fine.
>
> Can you explain it please?
>
>
>
>
>
> -----
>
> Regards
> Marcin Kasinski
> http://itzone.com.pl
> --
> View this message in context: http://cxf.547215.n5.nabble.com/CXF-WSS4J-
> and-timestampStrict-tp5719532.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
RE: CXF WSS4J and timestampStrict
Posted by Andrei Shakirin <as...@talend.com>.
Hi Marcin,
Seems that error is caused by incorrect security headers order.
Can you put wire message here?
Cheers,
Andrei.
> -----Original Message-----
> From: marcin.kasinski [mailto:marcin.kasinski@gmail.com]
> Sent: Samstag, 1. Dezember 2012 14:18
> To: dev@cxf.apache.org
> Subject: CXF WSS4J and timestampStrict
>
> I have simple cxf service configured with action "Timestamp Signature
> Encrypt".
>
> In spring configuration I added <entry key="timestampStrict"
> value="false"/>, because in requests sometimes there is no Timestamp
> header.
>
>
> From documentation I can read : timestampStrict: Set whether to enable
> strict Timestamp handling. Default is "true".
>
> Problem is that if there is no timestamp header in request I get error:
>
>
> Caused by: org.apache.ws.security.WSSecurityException: An error was
> discovered processing the <wsse:Security> header
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInI
> nterceptor.java:380)
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4
> JInInterceptor.java:301)
> ... 28 more
>
> gru 01
>
>
> Having timestamp header in request everything works fine.
>
> Can you explain it please?
>
>
>
>
>
> -----
>
> Regards
> Marcin Kasinski
> http://itzone.com.pl
> --
> View this message in context: http://cxf.547215.n5.nabble.com/CXF-WSS4J-
> and-timestampStrict-tp5719532.html
> Sent from the cxf-dev mailing list archive at Nabble.com.