org.apache.cxf.binding.soap.SoapFault: The message has expired

cxf-dev | wangjlc | 2 years ago
Your exception is missing from the Samebug knowledge base.
Here are the best solutions we found on the Internet.
Click on the to mark the helpful solution and get rewards for you help.
  1. 0

    In a soap-message where body is encrypted and signed, we get a signature verification fault because of differently calculated digest. The decrypted body is (anonyminized) like this: <urn:GetDataRequest xmlns="" xmlns:cont="" xmlns:soapenv="" xmlns:urn="urn:no:company2:area:domain:melding:DataMessage-1.0" xmlns:wsu="">123456789</urn:GetDataRequest> When it's canonicalized using Transform Algorithm="" it is like this: <soapenv:Body xmlns:soapenv="" xmlns:wsu="" wsu:Id="Body-767cf61e-3cc1-45dc-b677-04720471d3b0"> <urn:GetDataRequest xmlns:urn="urn:no:company2:area:domain:melding:DataMessage-1.0" xmlns="">123456789</urn:GetDataRequest> </soapenv:Body> This give a different signature from what we got from sender. If we remove the namespace deifinition xmlns="", and create a digest, it is equal with what we get from sender. From my understanding of it is the sender that is correct. I have tested a local patch where I did two changes on 2.0.3 source for line 184: String NName = attribute.getLocalName(); changed to String NName = attribute.getLocalName() == null ? "" : attribute.getLocalName(); line 187: if (!XMLNS_URI.equals(attribute.getNamespaceURI())) { changed to: if (!XMLNS_URI.equals(attribute.getNamespaceURI()) && !(XMLNS.equals(attribute.getName()) && "".equals(NName) && "".equals(NNodeValue))) { This fixed the problem for me, but don't know which regressions I might have introduced, or if really this new behaviour is the correct.

    Apache's JIRA Issue Tracker | 2 years ago | Atle Tokle
    org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid
  2. Speed up your debug routine!

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. org.apache.wss4j.common.ext.WSSecurityException

      The message has expired

      at org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleUsernameToken()
    2. Apache WSS4J DOM WS-Security
      1. org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleUsernameToken(
      2. org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleToken(
      3. org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader(
      3 frames
    3. Apache CXF Runtime WS Security
      2 frames
    4. Apache CXF Core
      1. org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
      2. org.apache.cxf.transport.ChainInitiationObserver.onMessage(
      2 frames
    5. Apache CXF Runtime HTTP Transport
      1. org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(
      1 frame
    6. Apache CXF Runtime HTTP Jetty Transport
      1. org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(
      2. org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(
      2 frames
    7. Jetty
      1. org.eclipse.jetty.server.handler.ContextHandler.doHandle(
      2. org.eclipse.jetty.server.handler.ContextHandler.doScope(
      3. org.eclipse.jetty.server.handler.ScopedHandler.handle(
      4. org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(
      5. org.eclipse.jetty.server.handler.HandlerWrapper.handle(
      6. org.eclipse.jetty.server.Server.handle(
      7. org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(
      8. org.eclipse.jetty.server.AbstractHttpConnection.content(
      9. org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(
      10. org.eclipse.jetty.http.HttpParser.parseNext(
      11. org.eclipse.jetty.http.HttpParser.parseAvailable(
      12. org.eclipse.jetty.server.AsyncHttpConnection.handle(
      12 frames
    8. GWT dev
      2 frames
    9. Jetty
      1. org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(
      2. org.eclipse.jetty.util.thread.QueuedThreadPool$
      2 frames
    10. Java RT
      1 frame