• Post Reply Bookmark Topic Watch Topic
  • New Topic

WLSOAPFaultException Security token failed

 
d krishnamohan
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I generated web logic web service client for the generated WSDL file. It worked fine a week ago. Now if I run the same client application it's throwing the following exception. I could not get the meaning of it. Please help me.


Exception in thread "main" java.rmi.RemoteException: SOAPFaultException - FaultCode [{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}InvalidSecurityToken] FaultString [Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@4474c840[status: false][msg UNT Error:Message older than allowed MessageAge]] FaultActor [null]No Detail; nested exception is:
weblogic.wsee.jaxrpc.soapfault.WLSOAPFaultException: Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@4474c840[status: false][msg UNT Error:Message older than allowed MessageAge]
at examples.webservices.wsdlc.client.SIMPortType_Stub.lookupItemDetail(SIMPortType_Stub.java:89)
at TestClient.main(TestClient.java:64)
Caused by: weblogic.wsee.jaxrpc.soapfault.WLSOAPFaultException: Security token failed to validate. weblogic.xml.crypto.wss.SecurityTokenValidateResult@4474c840[status: false][msg UNT Error:Message older than allowed MessageAge]


-KM
 
H Paul
Ranch Hand
Posts: 471
4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If it helps in terms of what:

1. Your SOAP Message sent from the client to the Web Service Provider: Message Level Security + UNT.
A SOAP message with a timestamp that does not expire is vulnerable to replay attacks.

2. See Setting the SOAP Message Expiration
http://docs.oracle.com/cd/E13222_01/wls/docs92/webserv/security.html
WS-Policy: See <MessageAge> Element

3. For more detail, GOOGLE for terms like SOAP Message Expiration, replay attacks
 
d krishnamohan
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Thanks for your reply. Here is the ws-policy file:

<?xml version="1.0"?>
<wsp:Policy
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:HashPassword/>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:Policy>

I could not find any message age defined here. How do we know message expiration?
 
H Paul
Ranch Hand
Posts: 471
4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1. If you can access to the Web service [that you try to consume] on the Server side,
have a look at the WebLogic Web Service Deployment Descriptor Elements web-services.xml
and section timestamp http://docs.oracle.com/cd/E13222_01/wls/docs81/webserv/wsp.html#timestamp

2. Have a look at Using Timestamps
http://docs.oracle.com/cd/E13222_01/wls/docs81/webserv/security.html
and have a check at the request SOAP Message that the client code sent to WLServer.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!