Hello
Sorry in advance if this is addressed to the wrong list - it's Axis2 related,
but could be a WSS4J or Rampart issue.
We have a web service developed with Axis2 v1.5, using Rampart v1.4 for
WS-Security. The service is configured such that each request requires a
WS-Security Header that contains a UsernameToken and Timestamp.
So, an example request looks like this (uninteresting bits replaced with ...
for brevity):
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
... >
<soapenv:Header>
<wsse:Security xmlns:wsse="..." xmlns:wsu="..."
soapenv:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-31497800">
<wsu:Created>2009-11-02T14:00:00Z</wsu:Created>
<wsu:Expires>2009-11-02T15:00:00Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-10697954">
<wsse:Username>...</wsse:Username>
<wsse:Password Type="...#PasswordText">...</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>.... </soapenv:Body>
</soapenv:Envelope>
Up until recently, this worked without a hitch. However, it stopped working
last weekend when the clocks went back (I'm in London, the local time used to
be GMT +1h, i.e. UTC+01:00, it's now UTC).
So, whilst we were in British Summer Time (i.e. UTC +1h), everything was OK.
If the current time was 14:30, I could send a request such as that above with
Created=14:00 and Expires=15:00 and it would work.
However, since the clocks have changed (BST is now over and the local time is
UTC+0h), it doesn't work anymore. Now, if the current time is 14:30 and I send
the request with Created=14:00 and Expired=15:00, I get an error in Tomcat's
STDOUT:
[ERROR] WSDoAllReceiver: The timestamp could not be validated
org.apache.axis2.AxisFault: WSDoAllReceiver: The timestamp could not be
validated
at
org.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:334)
at
org.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:86)
at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72)
at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142)
...
Instead, I have to add an hour to each of the timestamps (even though they're
specified as Z, i.e. UTC). So, if the current time is 14:30 and I send the
request with Created=15:00 and Expired=16:00, it works.
I got concerned about timezones on different machines, clock sync, etc., so in
the end I decided to run everything locally. I've restarted the machine since
the clocks changed, Java agrees that that local timezone is GMT+00:00 and yet
with the client and the server both on the same machine, I still get the error
unless I force the timestamps to an hour in the future.
Note that I do not have a problem with a smaller window. I.e. If the current
time is 14:30 and I send the request with Created=14:29 and Expired=14:34 (i.e.
a five-minute instead of one-hour timespan), it works.
Any ideas on what's causing this?
Thanks very much
Darren Clarke
________________________________
The information contained in this message is confidential and is intended for
the addressee only. Any unauthorised dissemination or copying or use or
disclosure of information contained herein is strictly prohibited and may be
illegal. If you are not the named or intended recipient please notify us
immediately by telephone (+44 207 154 2070) or return e-mail. We have installed
active virus software but do not accept liability or responsibility for the
security or reliability of transmission or for any virus transmitted; as such
you should carry out your own virus checks before opening any attachment.
Mfuse Limited registered in England and Wales, company number 04468412.
Registered Office: 3rd Floor, Mitre House, 177 Regent Street, London W1B 4JN
