I am using WebSphere 6.1 server.
In my application, we use web services for the communication of standalone client(Swing) with web part.
From web part, we use WebSphere MQ to communicate with the Pro*C part. When we trigger a button in client part, the web is called which in turn invokes the MQ for a response.
We face the below error when we do the above operation:
LTPAServerObj W SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu Nov 20 07:56:12 CET 2014, current Date: Thu Nov 20 13:58:28 CET 2014.
SRTServletRes W WARNING: Cannot set header. Response already committed.
LTPAServerObj W SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu Nov 20 08:06:03 CET 2014, current Date: Thu Nov 20 14:01:36 CET 2014.
The MQ responses are OK as we trace the logs.
My Question:
Does this LTPA token expiration prevent my websphere server from sending the SOAP response to client part?
Related
I am trying to understand the email header and I found out using email header checker (i.g. mxtoolbox) can easily get the information. But I wonder how does this work?
For example, I have a email header showing like this:
Received: from DM5PR04MB0251.namprd04.prod.outlook.com (::1) by
DM6PR04MB6592.namprd04.prod.outlook.com with HTTPS; Tue, 13 Sep 2022 00:17:52
+0000
Received: from DB6PR1001CA0016.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:4:b7::26)
by DM5PR04MB0251.namprd04.prod.outlook.com (2603:10b6:3:74::12) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.22; Tue, 13 Sep
2022 00:17:51 +0000
Received: from DB8EUR06FT019.eop-eur06.prod.protection.outlook.com
(2603:10a6:4:b7:cafe::4b) by DB6PR1001CA0016.outlook.office365.com
(2603:10a6:4:b7::26) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.14 via Frontend
Transport; Tue, 13 Sep 2022 00:17:51 +0000
...
...
And it shows blank in the from information.
Do you know why is this?
Error message in Talend tool connecting with server - How to resolve this issue
Execution failed : java.security.cert.CertificateExpiredException: NotAfter: Sun Jan 17 05:36:12 IST 2021
[NotAfter: Sun Jan 17 05:36:12 IST 2021]
You're most likely using a subscription product that comes with support. You can find the required steps here:
https://community.talend.com/s/article/FAQ-for-REQUIRED-by-Jan-17-2021-Mandatory-Talend-Certificate-update-for-Talend-On-premises-and-cloud?language=en_US
Applying the latest cumulative patch should fix your problem.
When I select multiple files at once (Image1 and Image2) I see only one progressbar as follows :
My upload widget looks like this
uploader = new Uploader();
uploader.addOnFinishUploadHandler(uploadHandler);
uploader.avoidRepeatFiles(true);
uploader.setAutoSubmit(true);
uploaderPanel.add(uploader);
progressBar = new ModalUploadStatus();
uploader.setStatusWidget(progressBar);
And in the serverside I'm not using any custom servlet. Any suggestions ?
I'm using GWTupload 1.0.1 with GWT 2.4.0
EDIT
It seems that the uploader is uploading the two files as a bundle. Here is the log I'm getting during the upload :
INFO: server response transferred 14/1407 [Image1.jpg, Image2.jpg]
INFO: server response transferred 14/1407 [Image1.jpg, Image2.jpg]
INFO: Mon Jun 01 10:39:55 EDT 2015 Gwt client Uploader
INFO: server response transferred 26/1407 [Image1.jpg, Image2.jpg]
INFO: server response transferred 26/1407 [Image1.jpg, Image2.jpg]
INFO: Mon Jun 01 10:39:55 EDT 2015 Gwt client Uploader
INFO: server response transferred 33/1407 [Image1.jpg, Image2.jpg]
INFO: server response transferred 33/1407 [Image1.jpg, Image2.jpg]
INFO: Mon Jun 01 10:39:56 EDT 2015 Gwt client Uploader
INFO: server response transferred 44/1407 [Image1.jpg, Image2.jpg]
INFO: server response transferred 44/1407 [Image1.jpg, Image2.jpg]
INFO: Mon Jun 01 10:39:56 EDT 2015 Gwt client Uploader
INFO: server response transferred 52/1407 [Image1.jpg, Image2.jpg]
INFO: server response transferred 52/1407 [Image1.jpg, Image2.jpg]
INFO: Mon Jun 01 10:39:57 EDT 2015 Gwt client Uploader
INFO: server response transferred 63/1407 [Image1.jpg, Image2.jpg]
INFO: server response transferred 63/1407 [Image1.jpg, Image2.jpg]
INFO: Mon Jun 01 10:39:57 EDT 2015 Gwt client Uploader
INFO: server response transferred 70/1407 [Image1.jpg, Image2.jpg]
INFO: server response transferred 70/1407 [Image1.jpg, Image2.jpg]
INFO: Mon Jun 01 10:39:58 EDT 2015 Gwt client Uploader
INFO: server response transferred 81/1407 [Image1.jpg, Image2.jpg]
INFO: server response transferred 81/1407 [Image1.jpg, Image2.jpg]
INFO: Mon Jun 01 10:39:58 EDT 2015 Gwt client Uploader
INFO: server response transferred 89/1407 [Image1.jpg, Image2.jpg]
INFO: server response transferred 89/1407 [Image1.jpg, Image2.jpg]
...
Not sure why, but when using Code Signing using symantec's timestamp server it sets the expiration for the year 2020. This defeats the purpose of using a timestamp server if my program is still going to expire.
Following is the output when using signtool.exe to verify the timestamp application:
Signature Index: 0 (Primary Signature)
Hash of file (sha1): A6F0CEC09F02900D7977C60A87567031D0D96C7A
Signing Certificate Chain:
Issued to: thawte Primary Root CA
Issued by: thawte Primary Root CA
Expires: Wed Jul 16 19:59:59 2036
SHA1 hash: 91C6D6EE3E8AC86384E548C299295C756C817B81
Issued to: Thawte Code Signing CA - G2
Issued by: thawte Primary Root CA
Expires: Fri Feb 07 19:59:59 2020
SHA1 hash: 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Issued to: My Company
Issued by: Thawte Code Signing CA - G2
Expires: Tue Aug 11 19:59:59 2015
SHA1 hash: E45B4CBFBA095DB9465F2371C161EF500201561B
The signature is timestamped: Wed Oct 22 12:15:44 2014
Timestamp Verified by:
Issued to: Thawte Timestamping CA
Issued by: Thawte Timestamping CA
Expires: Thu Dec 31 19:59:59 2020
SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656
Issued to: Symantec Time Stamping Services CA - G2
Issued by: Thawte Timestamping CA
Expires: Wed Dec 30 19:59:59 2020
SHA1 hash: 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Issued to: Symantec Time Stamping Services Signer - G4
Issued by: Symantec Time Stamping Services CA - G2
Expires: Tue Dec 29 19:59:59 2020
SHA1 hash: 65439929B67973EB192D6FF243E6767ADF0834E4
Successfully verified: SetupGoVivoConsole.exe
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
Please note that this certificate is set for 1 year expiry, so it is using a timestamp from the server that Symantec provides. According to the (limited) documentation on this subject, using a timestamp server when signing an application should eliminate the application from expiring after the certificate has expired. According to the information I see above, this is not the case as my application will stop functioning on Tue Dec 29 19:59:59 2020.
The command I am using for signtool is as follows :
signtool.exe sign /f "certificate.pfx" /ac "thawte.crt" /p "mypassword" /t http://timestamp.verisign.com/scripts/timstamp.dll "ExecutableToSign.exe"
The purposes of using time stamping is not to make your signature valid forever. Its purposes it to extend the useful life of your signature, from the usual 1 to 3 years that code-signing certificates are valid, to up to 10 years. This is long enough for most needs -who really thinks their code will be traveling through insecure networks (and therefore in need of code signing)and executing 10 years from now.
A time stamping service does nothing more than signing a hash of your own digital signature, plus the current time (as provided by the time stamping service) with the time-stamping sevice's certificate which they (hopefully) guard a lot better than most users of digital certificates and which has been therefore granted a much longer shelf-life. Long-lived as they are, they are still just digital certificates and for basic security every one of those eventually must expire. Given that computers keep getting more powerful even the most secure algorithms and longest signing keys supported today will eventually be insecure.
Note that the expiration date is nothing more than the longest time a certificate (either your code signing one or the time-stamping one) could be valid for. Even today some time-stamping servers use SHA-1 for signing (e.g. that is what your time-stamping example is using). When that algorithm is no longer trusted (and it shouldn't be too long now), all those SHA-1 time stamps will no longer be trusted. That will happen even if the expiration date hasn't been reached.
You should look into other time-stamping services. There are a few out there that will expire a lot further out and use SHA256
If someone ever comes up with an encryption that can never be broken even as computers get better someone will finally create that "forever" timestamp that you ask for. Don't hold your breath.
Cheers!
I can verify from my painful experience today: an expired timestamp certificate (in my case, Comodo's timestamp cert) will cause Windows (7) to fail the overall code signing check with error 0x80096005.
So yeah, contrary to what's being stated by all cert providers I've looked at, timestamping does not guarantee that your signed executable remains valid in perpetuity.
Look for a timestamp service using a cert. with an expiration date loooong in the future.
According to the information I see above, this is not the case as my application will stop functioning on Tue Dec 29 19:59:59 2020.
Why would it stop functioning? Have you tried it? Try to set date on your computer to 2021 and see what happens. Personally I have not tried it but my colleague did. Windows will still run the program. It will validate the application to the date of signing. TSA server certificate was valid then so it should not be a problem.
If you wouldn't have timestamp on the application's signature that would be a problem. After the certificate of signer expires windows will not run the application. But when using timestamp windows does not care about expiry date of TSA certificate.
My QuickFIX client is sending logout before login everyday. Is it possible not to have this logout message sent before login ... ?
Followings are the setting I am using now:
[default]
FileStorePath=/home/quickfix/crons/exe/quickfix/filestore
ConnectionType=initiator
SenderCompID=TN7_42
TargetCompID=EMS
SocketConnectHost=xxxxx
TimeZone=Asia/Tokyo
StartTime=07:50:00 Asia/Tokyo
EndTime=20:00:00 Asia/Tokyo
HeartBtInt=30
ReconnectInterval=5
CheckLatency=N
UseLocalTime=Y
[session]
BeginString=FIX.4.2
SocketConnectPort=12061
ResetOnLogon=Y
ResetOnLogout=Y
ResetOnDisconnect=Y
RefreshOnLogon=N
.. and following is the log message I get everyday:
Oct 11, 2011 7:56:00 AM quickfix.SessionSchedule <init>
INFO: [FIX.4.2:TN7_42->EMS] daily, 22:50:00-UTC - 11:00:00-UTC
<20111010-22:56:00.820, FIX.4.2:TN7_42->EMS, event> (Session FIX.4.2:TN7_42->EMS schedule is daily, 22:50:00-UTC - 11:00:00-UTC)
<20111010-22:56:00.821, FIX.4.2:TN7_42->EMS, event> (Session state is not current; resetting FIX.4.2:TN7_42->EMS)
<20111010-22:56:00.821, FIX.4.2:TN7_42->EMS, event> (Created session: FIX.4.2:TN7_42->EMS)
Oct 11, 2011 7:56:00 AM quickfix.mina.NetworkingOptions logOption
INFO: Socket option: SocketTcpNoDelay=true
Oct 11, 2011 7:56:00 AM quickfix.mina.NetworkingOptions logOption
INFO: Socket option: SocketSynchronousWrites=false
Oct 11, 2011 7:56:00 AM quickfix.mina.NetworkingOptions logOption
INFO: Socket option: SocketSynchronousWriteTimeout=30000
Oct 11, 2011 7:56:00 AM quickfix.mina.initiator.IoSessionInitiator <init>
INFO: [FIX.4.2:TN7_42->EMS] [/xxxxx:12061]
Oct 11, 2011 7:56:00 AM quickfix.mina.SessionConnector startSessionTimer
INFO: SessionTimer started
Oct 11, 2011 7:56:00 AM quickfix.mina.initiator.InitiatorIoHandler sessionCreated
INFO: MINA session created for FIX.4.2:TN7_42->EMS: local=/xxxxx:48477, class org.apache.mina.transport.socket.nio.SocketSessionImpl, remote=/xxxxx:12061
<20111010-22:56:01.860, FIX.4.2:TN7_42->EMS, outgoing> (8=FIX.4.2^A9=52^A35=5^A34=1^A49=TN7_42^A52=20111010-22:56:01.859^A56=EMS^A10=085^A)
Oct 11, 2011 7:56:01 AM quickfix.Session disconnect
INFO: [FIX.4.2:TN7_42->EMS] Disconnecting: Session reset
Oct 11, 2011 7:56:05 AM quickfix.mina.initiator.InitiatorIoHandler sessionCreated
INFO: MINA session created for FIX.4.2:TN7_42->EMS: local=/xxxxx:48478, class org.apache.mina.transport.socket.nio.SocketSessionImpl, remote=/xxxxx:12061
<20111010-22:56:06.844, FIX.4.2:TN7_42->EMS, outgoing> (8=FIX.4.2^A9=70^A35=A^A34=1^A49=TN7_42^A52=20111010-22:56:06.844^A56=EMS^A98=0^A108=30^A141=Y^A10=166^A)
<20111010-22:56:06.845, FIX.4.2:TN7_42->EMS, event> (Initiated logon request)
<20111010-22:56:06.847, FIX.4.2:TN7_42->EMS, incoming> (8=FIX.4.2^A9=179^A35=5^A49=EMS^A56=TN7_42^A34=1^A43=N^A52=20111010-22:56:06.846^A58=Catastropic Error: Incoming sequence number (1) is less than expected (2) without PossDupFlag being set. Logging out.^A10=226^A)
Oct 11, 2011 7:56:06 AM quickfix.Session disconnect
INFO: [FIX.4.2:TN7_42->EMS] Disconnecting: IO Session closed
<20111010-22:56:06.849, FIX.4.2:TN7_42->EMS, error> (quickfix.SessionException Logon state is not valid for message (MsgType=5))
<20111010-22:56:06.849, FIX.4.2:TN7_42->EMS, event> (Already disconnected: Verifying message failed: quickfix.SessionException: Logon state is not valid for message (MsgType=5))
<20111010-22:56:10.887, FIX.4.2:TN7_42->EMS, error> (java.net.ConnectException: java.net.ConnectException: Connection refused(Next retry in 5000 milliseconds))
<20111010-22:56:15.898, FIX.4.2:TN7_42->EMS, error> (java.net.ConnectException: java.net.ConnectException: Connection refused(Next retry in 5000 milliseconds))
You're being bitten by bug QFJ-357, which although it is against the Java project also seems to be an issue for the straight C++ version.
This has actually been fixed in trunk for C++ by the fix in revision 2269.
Incoming sequence number is less than expected
This says it all. The sequence number being sent in the FIX message to the acceptor has a different sequence number then expected from the acceptor, hence the forced logoff message. This is done primarily to keep both the acceptor and initiator in sync while sending and receiving messages.
There is a flag in the config which mentions to reset all sequence numbers during connection. Use that flag to get over this problem for now, but better stick with the original sequence numbers. In the reject message you should get the sequence number being expected by the acceptor. Parse the sequence number and then start the logon process again.
Try making your session end time a bit earlier, and confirm that you are actually sending a logout due to the end time being reached, and not just terminating your application without logging out.
There also have been one or two bugs in QuickFIX around this area which did not exist in 1.12, so you might try that older version and see if it works better for you.