Six Stars

TimeToLive not getting effect.

Hi All,
We are having problem with timetolive in talend esbruntime.
Is there way we can disable the timetolive.
I found one file at location etc\org.talend.esb.locator.cfg
There i changed the following code:
# If 'true' and one of the services (SOAP/REST) is installed
# then locator will perform checks on endpoints
# with expired time-to-live and remove them.
locator.endpoints.timetolive.check=true
# Interval for checks in seconds.
locator.endpoints.timetolive.interval=300
I tried making locator.endpoints.timetolive.check=false and restarting service also changing locator.endpoints.timetolive.interval=3600 and restarting service.
But its not working.
Does any one has idea regarding this?
Please let me know.
Thanking you in advance.
8 REPLIES
Employee

Re: TimeToLive not getting effect.

Hi,
You have to refresh the Locator bundle after the parameters change in the etc\org.talend.esb.locator.cfg, to make the changes take effect.
karaf@trun()> refresh locator
Then redeploy your Service again.
Regards.
Six Stars

Re: TimeToLive not getting effect.

Hi xldai,
Thanks for your reply.
i have tried karaf@trun()> refresh locator command and redeploy service but its not taking effect.
Actually i want to ignore the checking of <wsu:Created> from soap header for the request posted on Talend soap service. The soap header is like following:
<soapenv:Header>
      <wsseSmiley Frustratedecurity soapenv:mustUnderstand="1" xmlns:wsse="" xmlns:wsu="">
         <wsse:UsernameToken wsu:Id="UsernameToken-F3DD642F9E86D4CF28148967785889619">
            <wsse:Username>abc</wsse:Username>
            <wsseSmiley Tongueassword Type="">abc</wsseSmiley Tongueassword>
            <wsse:Nonce EncodingType="">5sWcEMjw30Y7p4zfJZzAcQ==</wsse:Nonce>
            <wsu:Created>2017-03-16T15:24:18.896Z</wsu:Created>
         </wsse:UsernameToken>
      </wsseSmiley Frustratedecurity>
   </soapenv:Header>
Can you please suggest are we going on correct track? and also can you suggest how we can implement it.
Thanks !
Employee

Re: TimeToLive not getting effect.

Well, are you talking about the timestamp in the UsernameToken header? it's totally none relevent to the Locator configuration.
You have to describe your scenario in detail.
Regards.
Six Stars

Re: TimeToLive not getting effect.

ok
We have soap service which is running on https so that it can be accessed from internet.
And the problem is that the client making request on web service is not having internet time sync on their side and they include  <wsu:Created> part in header so they get the following fault response as:
         <faultcode xmlns:ns1="">ns1Smiley FrustratedecurityError</faultcode>
         <faultstring>A security error was encountered when verifying the message</faultstring>
So is their an way that even if the <wsu:Created> at xpath "/soapenv:Envelope/soapenv:Header/wsseSmiley Frustratedecurity/wsse:UsernameToken/wsu:Created" node is mentioned in soap request header we can skip check on it and allow the webservice to work normally.
Employee

Re: TimeToLive not getting effect.

Hi,
The "Nonce" and "Created" is used for against replay attacks. there is a CXF WS-Security Configuration parameter "ws-security.timestamp.timeToLive" can be used to set the timeToLive, also there is a "ws-security.enable.timestamp.cache" can be used to enable/disable the timestamp cache. For detail here http://cxf.apache.org/docs/ws-securitypolicy.html
Have you created your Service using Studio? or you develop it with java/spring?
Regards.
Six Stars

Re: TimeToLive not getting effect.

Web service is created using Talend Open Studio.
Can you please suggest a way we can disable this?
Thanks !
Employee

Re: TimeToLive not getting effect.

Hi,
I would say there is no option to disable the "Nonce/Created" checking in the tESBProviderRequest component from Studio. and I don't think your use case is a valid usecase, from the UsernameTokenProfile spec (http://docs.oasis-open.org/wss-m/wss/v1.1.1/os/wss-UsernameTokenProfile-v1.1.1-os.html) the Nonce/Created are optional element in the Soap Header of the request, if they are existing in the Header then the value of them should be make sure "correct" for validate.
So no offical support for your use case in the Studio, if you are seeking a tricky way, Like I said, we are using the CXF as backend lib to generate the source code of the Service, you may try to add these "ws-security.timestamp.timeToLive" CXF properties manually into the Service kar blueprint following the CXF docs, but not sue it really works we didn't test this.
Regards.
Six Stars

Re: TimeToLive not getting effect.

Hi,
ok thanks for your reply and suggestions Smiley Happy .