[CMIS-223] Client SOAP messages expire after 24 hours - ASF JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.1.0-incubating
Fix Version/s: 0.1.0-incubating
Component/s: opencmis-client-bindings
Labels:
None

Description

There is a hardcoded expiration time for client SOAP messages. This expiration time is only set once with the first request. That makes a client session that uses the Web Services binding unusable after 24 hours.

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

PortPolicy.patch

25/Jun/10 15:43

7 kB

Aaron Korver

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Aaron Korver added a comment - 25/Jun/10 15:35 - edited

See https://issues.alfresco.com/jira/browse/ALF-3648

This is the important part. When the message was sent, it was at time 2010-06-23T19:47:55.646Z The created timestamp on the SOAP header is 2010-06-23T19:39:57Z. That's an 8 min difference and it still thinks the message is invalid. I believe that is because Alfresco's server is not respecting the Expires attribute.
Here is the POST to Alfresco.

POST /alfresco/cmis/ObjectService HTTP/1.1

Content-type: text/xml;charset="utf-8"

Authorization: Basic Y2xpZnRvbi11c2VyOnBhc3N3b3Jk

Soapaction: ""

Accept: text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2

User-Agent: JAX-WS RI 2.1.7-b01-

Host: tcgdocs:8080

Connection: keep-alive

Transfer-Encoding: chunked



2e8

<?xml version="1.0" ?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
   <S:Header>
      <Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <Created>2010-06-23T19:39:57Z</Created><Expires>2010-06-24T19:39:57Z</Expires>
         </Timestamp>
         <UsernameToken>
            <Username>my-user</Username><Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</Password>
            <Created xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2010-06-23T19:39:57Z</Created>
         </UsernameToken>
      </Security>
   </S:Header>
<S:Body>

<ns2:getContentStream xmlns="http://docs.oasis-open.org/ns/cmis/core/200908/" xmlns:ns2="http://docs.oasis-open.org/ns/cmis/messaging/200908/">
<ns2:repositoryId>def2b665-75fe-4a0d-909d-4107351ca0a8</ns2:repositoryId>
<ns2:objectId>workspace://SpacesStore/ee944878-1be9-45cb-a535-7ff96fa0a578&lt;/ns2:objectId&gt;&lt;/ns2:getContentStream&gt;&lt;/S:Body&gt;&lt;/S:Envelope>

This is the response

HTTP/1.1 500 Internal Server Error

Server: Apache-Coyote/1.1

Content-Type: text/xml;charset=UTF-8

Content-Length: 920

Date: Wed, 23 Jun 2010 19:47:55 GMT

Connection: close



<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

   <soap:Header>

      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-29361942">
            <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2010-06-23T19:47:55.646Z</wsu:Created>
            <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2010-06-23T19:52:55.646Z</wsu:Expires>
          </wsu:Timestamp>
       </wsse:Security>
    </soap:Header>
<soap:Body><soap:Fault>
<faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:MessageExpired</faultcode>
<faultstring>The message has expired</faultstring
></soap:Fault></soap:Body></soap:Envelope>

Show

Aaron Korver added a comment - 25/Jun/10 15:35 - edited See https://issues.alfresco.com/jira/browse/ALF-3648 This is the important part. When the message was sent, it was at time 2010-06-23T19:47:55.646Z The created timestamp on the SOAP header is 2010-06-23T19:39:57Z. That's an 8 min difference and it still thinks the message is invalid. I believe that is because Alfresco's server is not respecting the Expires attribute. Here is the POST to Alfresco. POST /alfresco/cmis/ObjectService HTTP/1.1 Content-type: text/xml;charset= "utf-8" Authorization: Basic Y2xpZnRvbi11c2VyOnBhc3N3b3Jk Soapaction: "" Accept: text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 User-Agent: JAX-WS RI 2.1.7-b01- Host: tcgdocs:8080 Connection: keep-alive Transfer-Encoding: chunked 2e8 <?xml version= "1.0" ?> <S:Envelope xmlns:S= "http: //schemas.xmlsoap.org/soap/envelope/" > <S:Header> <Security xmlns= "http: //docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > <Timestamp xmlns= "http: //docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" > <Created>2010-06-23T19:39:57Z</Created><Expires>2010-06-24T19:39:57Z</Expires> </Timestamp> <UsernameToken> <Username>my-user</Username><Password Type= "http: //docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" >password</Password> <Created xmlns= "http: //docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" >2010-06-23T19:39:57Z</Created> </UsernameToken> </Security> </S:Header> <S:Body> <ns2:getContentStream xmlns= "http: //docs.oasis-open.org/ns/cmis/core/200908/" xmlns:ns2= "http://docs.oasis-open.org/ns/cmis/messaging/200908/" > <ns2:repositoryId>def2b665-75fe-4a0d-909d-4107351ca0a8</ns2:repositoryId> <ns2:objectId>workspace: //SpacesStore/ee944878-1be9-45cb-a535-7ff96fa0a578</ns2:objectId></ns2:getContentStream></S:Body></S:Envelope> This is the response HTTP/1.1 500 Internal Server Error Server: Apache-Coyote/1.1 Content-Type: text/xml;charset=UTF-8 Content-Length: 920 Date: Wed, 23 Jun 2010 19:47:55 GMT Connection: close <soap:Envelope xmlns:soap= "http: //schemas.xmlsoap.org/soap/envelope/" > <soap:Header> <wsse:Security xmlns:wsse= "http: //docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" > <wsu:Timestamp xmlns:wsu= "http: //docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id= "Timestamp-29361942" > <wsu:Created xmlns:wsu= "http: //docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" >2010-06-23T19:47:55.646Z</wsu:Created> <wsu:Expires xmlns:wsu= "http: //docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" >2010-06-23T19:52:55.646Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </soap:Header> <soap:Body><soap:Fault> <faultcode xmlns:ns1= "http: //docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" >ns1:MessageExpired</faultcode> <faultstring>The message has expired</faultstring ></soap:Fault></soap:Body></soap:Envelope>

Hide

Permalink

Aaron Korver added a comment - 25/Jun/10 15:43

A potential patch for the SOAP header

Show

Aaron Korver added a comment - 25/Jun/10 15:43 A potential patch for the SOAP header

Hide

Permalink

Aaron Korver added a comment - 25/Jun/10 15:44

Not sure if this will work with the full suite. I've tested this locally and this fixes the problem for us.

Show

Aaron Korver added a comment - 25/Jun/10 15:44 Not sure if this will work with the full suite. I've tested this locally and this fixes the problem for us.

Hide

Permalink

Florian Müller added a comment - 22/Jul/10 14:34

The provided patch wasn't thread safe. The new code should be.

Show

Florian Müller added a comment - 22/Jul/10 14:34 The provided patch wasn't thread safe. The new code should be.

Client SOAP messages expire after 24 hours

Details

Description

Attachments

Activity

People

Dates

Development

Agile