Hi All, We are having problem with timetolive in talend esbruntime. Is there way we can disable the timetolive. I found one file at location etc\org.talend.esb.locator.cfg There i changed the following code: # If 'true' and one of the services (SOAP/REST) is installed # then locator will perform checks on endpoints # with expired time-to-live and remove them. locator.endpoints.timetolive.check=true # Interval for checks in seconds. locator.endpoints.timetolive.interval=300 I tried making locator.endpoints.timetolive.check=false and restarting service also changing locator.endpoints.timetolive.interval=3600 and restarting service. But its not working. Does any one has idea regarding this? Please let me know. Thanking you in advance.
Hi, You have to refresh the Locator bundle after the parameters change in the etc\org.talend.esb.locator.cfg, to make the changes take effect. karaf@trun()> refresh locator Then redeploy your Service again. Regards.
Hi xldai, Thanks for your reply. i have tried karaf@trun()> refresh locator command and redeploy service but its not taking effect. Actually i want to ignore the checking of <wsu:Created> from soap header for the request posted on Talend soap service. The soap header is like following: <soapenv:Header> <wsseecurity soapenv:mustUnderstand="1" xmlns:wsse="" xmlns:wsu=""> <wsse:UsernameToken wsu:Id="UsernameToken-F3DD642F9E86D4CF28148967785889619"> <wsse:Username>abc</wsse:Username> <wsseassword Type="">abc</wsseassword> <wsse:Nonce EncodingType="">5sWcEMjw30Y7p4zfJZzAcQ==</wsse:Nonce> <wsu:Created>2017-03-16T15:24:18.896Z</wsu:Created> </wsse:UsernameToken> </wsseecurity> </soapenv:Header> Can you please suggest are we going on correct track? and also can you suggest how we can implement it. Thanks !
ok We have soap service which is running on https so that it can be accessed from internet. And the problem is that the client making request on web service is not having internet time sync on their side and they include <wsu:Created> part in header so they get the following fault response as: <faultcode xmlns:ns1="">ns1ecurityError</faultcode> <faultstring>A security error was encountered when verifying the message</faultstring> So is their an way that even if the <wsu:Created> at xpath "/soapenv:Envelope/soapenv:Header/wsseecurity/wsse:UsernameToken/wsu:Created" node is mentioned in soap request header we can skip check on it and allow the webservice to work normally.
Hi, The "Nonce" and "Created" is used for against replay attacks. there is a CXF WS-Security Configuration parameter "ws-security.timestamp.timeToLive" can be used to set the timeToLive, also there is a "ws-security.enable.timestamp.cache" can be used to enable/disable the timestamp cache. For detail here http://cxf.apache.org/docs/ws-securitypolicy.html Have you created your Service using Studio? or you develop it with java/spring? Regards.
Hi, I would say there is no option to disable the "Nonce/Created" checking in the tESBProviderRequest component from Studio. and I don't think your use case is a valid usecase, from the UsernameTokenProfile spec (http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-UsernameTokenProfile-v1.1.1-os.html) the Nonce/Created are optional element in the Soap Header of the request, if they are existing in the Header then the value of them should be make sure "correct" for validate. So no offical support for your use case in the Studio, if you are seeking a tricky way, Like I said, we are using the CXF as backend lib to generate the source code of the Service, you may try to add these "ws-security.timestamp.timeToLive" CXF properties manually into the Service kar blueprint following the CXF docs, but not sue it really works we didn't test this. Regards.