Hmm ... well .. I'm not sure whether removing timestamp is a good idea. This is because we usually ensure the freshness of a message with the timestamp to detect replaying of the messages. When the messages are signed it is very important that the timestamp is also signed. This way we ensure that one cannot resend the message with a different timestamp.
About the clients' and server's clocks not being in sync ... I think if you ensure the server's clock is correct, then you can expect the clients' clock to be on the correct time. IMHO it is alright to reject a request from a client who hasn't set the clock of the machine properly :-) Thanks, Ruchith On 12/1/06, Subash Devkota <[EMAIL PROTECTED]> wrote:
Ruchith Thank you for the reply. I was about to write about it today and I got your email. I too discovered it today and now I have removed the Timestamp part from the configuration. It works fine now. It's one solution could be synchronizing time with Network Time Protocal in client and server. But it does not seem to be good solution as there will be many clients. And the clients may not like that or may miss that. Is there any other way of syncronizing the client and server clock? It would be great to know that. I didn't find any use of keeping timestamp in my case. I needed just security. So, I removed it. Am I correct? Please guide me if wrong. with regards Subash Ruchith Fernando wrote: > Hi Subash, > > Seems like the clocks of the two machines are not in sync. > > Please check the clocks of both machines. > > Thanks, > Ruchith > > On 11/29/06, Subash Devkota <[EMAIL PROTECTED]> wrote: > >> Hi all >> >> I am using Axis2-1.0 with Rampart module for security. >> I am facing strange type of problem. I have a web service which works >> fine in my pc. (http://localhost:7600/axis2/services/SecureServer). I >> deployed the same aar file to next computer (remote computer connected >> through VPN) and I can not get the response from server. I set the >> session timeout to 100 seconds asumming the timeout problem as >> options.setTimeOutInMilliSeconds(100000) in client side. >> But get the same error listed below: >> >> org.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed; >> nested exception is: >> org.apache.ws.security.WSSecurityException: An error was discovered >> processing the <wsse:Security> header. (WSSecurityEngine: Invalid >> timestamp The security semantics of message have expired) >> at >> org.apache.axis2.security.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:183) >> >> at >> org.apache.axis2.security.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:82) >> >> at org.apache.axis2.engine.Phase.invoke(Phase.java:381) >> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:473) >> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:445) >> at >> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:355) >> >> at >> org.apache.axis2.description.OutInAxisOperationClient.execute(OutInAxisOperation.java:279) >> >> at >> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:457) >> >> at >> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:399) >> >> at >> d2Agent.com.d2hawkeye.b2b.d2Agent.v1.WebServiceClient.getSecureVMRURL(WebServiceClient.java:138) >> >> .. >> Caused by: org.apache.ws.security.WSSecurityException: An error was >> discovered processing the <wsse:Security> header. (WSSecurityEngine: >> Invalid timestamp The security semantics of message have expired) >> at >> org.apache.ws.security.processor.TimestampProcessor.handleTimestamp(TimestampProcessor.java:82) >> >> at >> org.apache.ws.security.processor.TimestampProcessor.handleToken(TimestampProcessor.java:52) >> >> at >> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:269) >> >> at >> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:191) >> >> at >> org.apache.axis2.security.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:180) >> >> ... 12 more >> >> Can anyone help me where is the problem. >> >> Thank You >> Subash >> >> >> PRIVACY NOTICE >> >> This email and any attachments may be confidential and/or privileged. >> Use of the information contained in this email by anyone other than >> the intended recipient is strictly prohibited. If you have received >> this email in error, please notify the sender by replying to this >> message and delete this email. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- www.ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
