[ 
https://issues.apache.org/jira/browse/CXF-5474?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13985413#comment-13985413
 ] 

Allan Cheong Tyng Huei edited comment on CXF-5474 at 4/30/14 12:56 PM:
-----------------------------------------------------------------------

I recently encountered this issue and spent a day digging into apache wss4j 
1.6.14 and found out that in UsernameToken, the SimpleDateFormat that is 
parsing the "created" date is set to "UTC" time zone. However, this has been 
fixed in 2.0-beta.

As a workaround, all my SOAP requests are created with "UTC" time zone.


was (Author: allancth):
I recently encountered this issue and spent a day digging into apache 
ws.security package and found out that in DateUtil, the SimpleDateFormat that 
is parsing the "created" date is set to "UTC" time zone. I was using JBoss Fuse 
6.1 with dependencies version 2.12.0-redhat-610379.

As a workaround, all my SOAP requests are created with "UTC" time zone.

> The message has expired
> -----------------------
>
>                 Key: CXF-5474
>                 URL: https://issues.apache.org/jira/browse/CXF-5474
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-WS Runtime, WS-* Components
>    Affects Versions: 2.7.9
>         Environment: Environment :
> Apache CXF 2.7.8
> Jboss EAP 6
> SoapUI for testing client Side
>            Reporter: Mahesh Narke
>              Labels: cxf, soap, soapui
>             Fix For: NeedMoreInfo
>
>   Original Estimate: 10h
>  Remaining Estimate: 10h
>
> I tried to implement for simple authentication i.e with password simple text 
> type, it is working but when i tried to implement for password digest type 
> ,then giving me exception:
> unwinding now: org.apache.cxf.binding.soap.SoapFault: The message has expired 
> org.apache.ws.security.WSSecurityException: The message has expired
> I am giving new nonce value for each request and time within five min diff
> WSS4JInInterceptor Bean class defination:
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans";
>     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>     xmlns:jaxws="http://cxf.apache.org/jaxws";
>     xsi:schemaLocation="
> http://www.springframework.org/schema/beans 
> http://www.springframework.org/schema/beans/spring-beans.xsd
> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd";>
>     <import resource="classpath:META-INF/cxf/cxf.xml" /> 
>     <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
>     <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> 
>     <jaxws:endpoint id="orderProcess" 
> implementor="demo.order.OrderProcessImpl" address="/OrderProcess" >
>       <jaxws:inInterceptors>
>          <bean
>             class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>             <constructor-arg>
>                 <map>
>                   <entry key="action" value="UsernameToken"/>
>                   <entry key="passwordType" value="PasswordDigest"/>
>                   <entry key="passwordCallbackRef" 
> value-ref="myPasswordCallback"/>
>                </map> 
>             </constructor-arg>
>          </bean>
>       </jaxws:inInterceptors>
>       </jaxws:endpoint>
>       <bean id="myPasswordCallback" class="service.ServerPasswordCallback" /> 
>  
> </beans>
> Client xml request Code:
>   <soapenv:Envelope 
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; 
> xmlns:ord="http://order.demo/"; 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>  
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
>  <soapenv:Header>
> <wsse:Security>
>            <wsse:UsernameToken>
>                                 <wsse:Username>joe</wsse:Username>
>                                 <wsse:Password 
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";>PE7F51/oyWFVMsiZURuUwjoZVPY=</wsse:Password>
>                          
> <!--<wsu:Created>2013-12-17T13:12:00.429Z</wsu:Created>-->
>                            <wsse:Nonce 
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>efPSkfHXTM6NFDDD1CJHsw==</wsse:Nonce>
>                               <wsu:Created>2013-12-23T12:17:15Z</wsu:Created>
>                </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
>    <soapenv:Body>
>       <ord:processOrder>
>          <!--Optional:-->
>          <arg0>
>             <!--Optional:-->
>             <customerID>234</customerID>
>             <!--Optional:-->
>             <itemID>0908923</itemID>
>             <price>23423</price>
>             <qty>1000</qty>
>          </arg0>
>       </ord:processOrder>
>    </soapenv:Body>
> </soapenv:Envelope>
> When i tried to call the service i am getting exception as
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
>    <soap:Body>
>       <soap:Fault>
>          <faultcode 
> xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>ns1:MessageExpired</faultcode>
>          <faultstring>The message has expired</faultstring>
>       </soap:Fault>
>    </soap:Body>
> </soap:Envelope>
> Can any one tell me where i am making mistake?



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to