I was tasked with investigating and proposing a fix for the intermittent and (apparently) irreproducible error causing the web service to fail, with the following error:
Message does not conform to configured policy [ TimestampPolicy(S) AuthenticationTokenPolicy(S) ]: No Security Header found
The app represents Spring's final end for an online community that runs into a high-traffic website. Web services are accessed using the Axis2 1.4 client.
I think I was able to track the problem down to a possible concurrency problem, but it doesnβt seem to be tied to loading for sure, crash statistics do not support it (sometimes days with low load are worse than days with high load).
In any case, all client code for web services is contained in the same class with the @Repository annotation. Classes in the wider application that need access to this WebServiceClient class declared it in the class scope using the @Resource annotation, where it was automatically added as needed.
The problem, as I see it, is that in WebServiceClient stubs are declared in the class scope as follows:
private ValidationStub validationStub; private CustInfoStub custInfoStub;
and initialized in the method area when the web service is called
this.validationStub= new ValidationStub (this.url); prepareStub(this.validationPort, username, password);
where the prepareStub method creates a security header and adds it as follows:
stub._getServiceClient().addHeader(element);
I think that if I move the stubs from the scope of the class to the scope of the method, it will solve the problem, for example:
ValidationStub validationStub = new ValidationStub(this.url);
Has anyone encountered a similar problem? I'm a little worried that making this change will affect performance.