CXF should take care of getting a new security token and associating it with the endpoint, once you remove SecurityConstants.TOKEN_ID and SecurityConstants.TOKEN from the endpoint / message context.
Colm. On Mon, Jun 2, 2014 at 11:53 AM, Francisco Martín García <[email protected]> wrote: > Hi, > > > > we're experiencing the same problem reported at > > http://cxf.547215.n5.nabble.com/The-security-context-token-is-expired-or-is- > not-valid-ERROR-td5076527.html#a5120806. > > > > In a web application we are consuming a wsHttpEndpoint bound WCF service, > that is configured with a security policy according to the WS-Policy > standard. > > > > I'm using: > > - CXF 2.7.11 > > - JDK 1.7.0_45 > > - Spring 3.2.9.RELEASE > > - Windows 7 Professional > > > > When a user makes a request to the web service, and the time elapsed since > the last call is longer than the timeout configured at the service, we get > a > response similar to this one that appears in the URL referenced before: > > > > <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"; > xmlns:a="http://www.w3.org/2005/08/addressing";> > > <s:Header> > > <a:Action > s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault > </a:Acti > on> > > > <a:RelatesTo>urn:uuid:8d983814-53f0-43ea-8439-95c6471aa411</a:RelatesTo> > > </s:Header> > > <s:Body> > > <s:Fault> > > <s:Code> > > <s:Value>s:Sender</s:Value> > > <s:Subcode> > > <s:Value > xmlns:a="http://schemas.xmlsoap.org/ws/2005/02/sc > ">a:BadContextToken</s:Valu > e> > > </s:Subcode> > > </s:Code> > > <s:Reason> > > <s:Text xml:lang="en-AU">The message could not be > processed. > This is most likely because the action > 'http://tempuri.org/TestService/Get_Points' is incorrect or because the > message contains an invalid or expired security context token or because > there is a mismatch between bindings. The security context token would be > invalid if the service aborted the channel due to inactivity. To prevent > the > service from aborting idle sessions prematurely increase the Receive > timeout > on the service endpoint's binding. > > </s:Text> > > </s:Reason> > > </s:Fault> > > </s:Body> > > </s:Envelope> > > > > To solve the problem we've tried the workaround suggested in the post, with > some changes because in there they using CXF 2.4.1. > > > > On the exception, we're trying to create a new token, expiring the original > one, expecting CXF renews the token by it self. This is the code: > > > > Endpoint ep = > ClientProxy.getClient(iOficinaVirtualWCF).getEndpoint(); > > EndpointInfo ei = ep.getEndpointInfo(); > > TokenStore ts = (TokenStore) > ei.getProperty(TokenStore.class.getName()); > > > > String tokenId = > (String)ep.get(SecurityConstants.TOKEN_ID); > > System.out.println("***************** tokenId: " + > tokenId); > > > > if (null != tokenId) { > > > > SecurityToken st = ts.getToken(tokenId); > > > > st.setExpires(new Date()); > > > > ep.remove(SecurityConstants.TOKEN_ID); > > } > > > > Summing up, in the first call we get the BadContextToken in the response. > > In the second call, the token recovered from the Endpoint is null, and we > get a SoapFault because of an error produced when the message security was > being checked. > > And in the third one the service returns the right response. In this case > the token ID is different from the one used in the first call. > > > > Can anybody point us how can we create a new security token and associate > it > to the endpoint? > > > > Thanks, > > > > Paco > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
