cxfws-securitywss4j

How to make wss4j to not create expires element in soap header


Is there any option in wss4j or cxf that controls whether <expires> element from ws-security is included in SOAP header.

What I want to achieve is that SOAP header contains only <created> element, e.g.

<wsu:Timestamp wsu:Id="Timestamp-2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsu:Created>2011-12-07T14:39:03Z</wsu:Created>
</wsu:Timestamp>

I'm using wss4j 1.5.10 and cxf 2.3.x

Note that xsd schema for timestamp has

<xsd:element ref="wsu:Expires" minOccurs="0"/>

Solution

  • I needed the same thing and wasn't able to find an answer anywhere. At the end I studied the source and did it extending the WSS4JOutInterceptor and rewriting the method decodeTimeToLive this way:

    @Override
    public int decodeTimeToLive(RequestData reqData) {
         return 0;
    }
    

    Maybe not beautiful, but it worked for me.