org.apache.cxf.binding.soap.SoapFault: The message has expired

cxf-dev | wangjlc | 2 years ago
tip
Your exception is missing from the Samebug knowledge base.
Here are the best solutions we found on the Internet.
Click on the to mark the helpful solution and get rewards for you help.
  1. 0

    In a soap-message where body is encrypted and signed, we get a signature verification fault because of differently calculated digest. The decrypted body is (anonyminized) like this: <urn:GetDataRequest xmlns="" xmlns:cont="http://www.company1.no/jade/xsd/v1.3/contexttypes" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:no:company2:area:domain:melding:DataMessage-1.0" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">123456789</urn:GetDataRequest> When it's canonicalized using Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" it is like this: <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Body-767cf61e-3cc1-45dc-b677-04720471d3b0"> <urn:GetDataRequest xmlns:urn="urn:no:company2:area:domain:melding:DataMessage-1.0" xmlns="">123456789</urn:GetDataRequest> </soapenv:Body> This give a different signature from what we got from sender. If we remove the namespace deifinition xmlns="", and create a digest, it is equal with what we get from sender. From my understanding of http://www.w3.org/TR/xml-exc-c14n/ it is the sender that is correct. I have tested a local patch where I did two changes on 2.0.3 source for org.apache.xml.security.c14n.implementations.Canonicalizer20010315Excl.java line 184: String NName = attribute.getLocalName(); changed to String NName = attribute.getLocalName() == null ? "" : attribute.getLocalName(); line 187: if (!XMLNS_URI.equals(attribute.getNamespaceURI())) { changed to: if (!XMLNS_URI.equals(attribute.getNamespaceURI()) && !(XMLNS.equals(attribute.getName()) && "".equals(NName) && "".equals(NNodeValue))) { This fixed the problem for me, but don't know which regressions I might have introduced, or if really this new behaviour is the correct.

    Apache's JIRA Issue Tracker | 2 years ago | Atle Tokle
    org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid
  2. Speed up your debug routine!

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. org.apache.wss4j.common.ext.WSSecurityException

      The message has expired

      at org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleUsernameToken()
    2. Apache WSS4J DOM WS-Security
      WSSecurityEngine.processSecurityHeader
      1. org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172)
      2. org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:69)
      3. org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:427)
      3 frames
    3. Apache CXF Runtime WS Security
      WSS4JInInterceptor.handleMessage
      1. org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:257)
      2. org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:93)
      2 frames
    4. Apache CXF Core
      ChainInitiationObserver.onMessage
      1. org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
      2. org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
      2 frames
    5. Apache CXF Runtime HTTP Transport
      AbstractHTTPDestination.invoke
      1. org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:243)
      1 frame
    6. Apache CXF Runtime HTTP Jetty Transport
      JettyHTTPHandler.handle
      1. org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:261)
      2. org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
      2 frames
    7. Jetty
      AsyncHttpConnection.handle
      1. org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1088)
      2. org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1024)
      3. org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      4. org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
      5. org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      6. org.eclipse.jetty.server.Server.handle(Server.java:370)
      7. org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
      8. org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
      9. org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
      10. org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
      11. org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
      12. org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      12 frames
    8. GWT dev
      SelectChannelEndPoint$1.run
      1. org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
      2. org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
      2 frames
    9. Jetty
      QueuedThreadPool$3.run
      1. org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
      2. org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
      2 frames
    10. Java RT
      Thread.run
      1. java.lang.Thread.run(Thread.java:738)
      1 frame