Is it possible to adjust the start time of a timestamp by a few second on a
CXF client?
I am using the apache camel cxf component from Redhat
2.21.0.fuse-730078-redhat-00001.
I am making a call to the partner Data Power server that requires a timestamp
for. It is working about 75% of the time. When it doesn't work I get this
error back
Response-Code: 500
Encoding: ISO-8859-1
Content-Type: text/xml
Headers: {Connection=[close], Content-Type=[text/xml],
X-Backside-Transport=[FAIL FAIL]}
Payload: <?xml version="1.0" encoding="UTF-8"?>
<env:Envelope
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/";><env:Body><env:Fault><faultcode>env:Client</faultcode><faultstring>
Incorrect Timestamp
(from
client)</faultstring></env:Fault></env:Body></env:Envelope>
According to the partner this is because my time stamp is future dated, because
our system time is slightly ahead of their time. Their suggestion is to adjust
my timestamp by a second but I haven't been able to locate any thing I could
set on the client side .
I did find this but it would be server side not client side.
ws-security.timestamp.futureTimeToLive The time in seconds in the future within
which the Created time of an incoming Timestamp is valid. The default value is
"60". See here for more information.
This is my configuration
<cxf:cxfEndpoint
address="{{mci.ws.protocol}}://{{mci.ws.domain}}:{{mci.ws.port}}/{{mci.ws.service}}"
id="serviceEndPoint" serviceClass="mci.hbe.ky.IMciService"
wsdlURL="wsdl/MciService_stl2_2020.05.20.wsdl"
xmlns:s="http://Ky.Hbe.Mci";>
<cxf:inInterceptors>
<ref bean="loggingInInterceptor"/>
</cxf:inInterceptors>
<cxf:outInterceptors>
<ref bean="loggingOutInterceptor"/>
</cxf:outInterceptors>
<cxf:inFaultInterceptors>
<ref bean="loggingInInterceptor"/>
</cxf:inFaultInterceptors>
<cxf:outFaultInterceptors>
<ref bean="loggingOutInterceptor"/>
</cxf:outFaultInterceptors>
<cxf:properties>
<entry key="ws-security.timestamp.timeToLive" value="600"/>
<entry key="ws-security.timestamp.futureTimeToLive " value="60"/>
<entry key="hostnameverifier" value="hostnameVerifier"/>
<entry key="ws-security.must-understand" value="false"/>
<entry key="ws-security.enable.timestamp" value="true"/>
<entry key="ws-security.enable.timestamp.cache" value="false"/>
<entry key="loggingFeatureEnabled" value="true"/>
</cxf:properties>
</cxf:cxfEndpoint>
<http-conf:conduit
name="{http://Ky.Hbe.Mci}MciBasicHttpEndpoint.http-conduit";>
<http-conf:client AllowChunking="false" Connection="Keep-Alive"
ConnectionTimeout="30000" MaxRetransmits="4"
ReceiveTimeout="15000"/>
<http-conf:tlsClientParameters disableCNCheck="false">
<sec:keyManagers keyPassword="${server.keymanager.password}">
<sec:keyStore password="${server.keystore.password}"
resource="${jboss.home.dir}\opts\certs\${server.keystore}"
type="JKS"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore password="${server.truststore.password}"
resource="${jboss.home.dir}\opts\certs\${server.truststore}" type="JKS"/>
</sec:trustManagers>
<sec:cipherSuites>
<sec:cipherSuite>TLS_RSA_WITH_AES_256_CBC_SHA</sec:cipherSuite>
</sec:cipherSuites>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:exclude>.*WITH_NULL.*</sec:exclude>
<sec:exclude>.*DH_anon.*</sec:exclude>
</sec:cipherSuitesFilter>
</http-conf:tlsClientParameters>
</http-conf:conduit>
Thanks Marci
