svn commit: r1130106 - in /webservices/wss4j/branches/1_5_x-fixes: src/org/apache/ws/security/handler/WSHandler.java src/org/apache/ws/security/handler/WSHandlerConstants.java test/wssec/TestWSSecurityTimestamp.java

Wed, 01 Jun 2011 04:36:58 -0700 

Author: coheigea
Date: Wed Jun  1 11:36:27 2011
New Revision: 1130106

URL: http://svn.apache.org/viewvc?rev=1130106&view=rev
Log:
[WSS-291] - Default to allowing future created timestamps up to 60s

Modified:
    
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
    
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
    
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityTimestamp.java

Modified: 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java?rev=1130106&r1=1130105&r2=1130106&view=diff
==============================================================================
--- 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
 (original)
+++ 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandler.java
 Wed Jun  1 11:36:27 2011
@@ -1406,7 +1406,7 @@ public abstract class WSHandler {
      * @throws WSSecurityException
      */
     protected boolean verifyTimestamp(Timestamp timestamp, int timeToLive) 
throws WSSecurityException {
-        return verifyTimestamp(timestamp, timeToLive, 0);
+        return verifyTimestamp(timestamp, timeToLive, 60);
     }
     
     /**

Modified: 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java?rev=1130106&r1=1130105&r2=1130106&view=diff
==============================================================================
--- 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
 (original)
+++ 
webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/handler/WSHandlerConstants.java
 Wed Jun  1 11:36:27 2011
@@ -787,11 +787,9 @@ public class WSHandlerConstants {
     
     /**
      * This configuration tag specifies the time in seconds in the future 
within which
-     * the Created time of an incoming Timestamp is valid. WSS4J rejects by 
default any
-     * timestamp which is "Created" in the future, and so there could 
potentially be
-     * problems in a scenario where a client's clock is slightly askew. The 
default
-     * value for this parameter is "0", meaning that no future-created 
Timestamps are
-     * allowed.
+     * the Created time of an incoming Timestamp is valid. The default value 
is "60",
+     * to avoid problems where clocks are slightly askew. To reject all 
future-created
+     * Timestamps, set this value to "0". 
      */
     public static final String TTL_FUTURE_TIMESTAMP = "futureTimeToLive";
 

Modified: 
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityTimestamp.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityTimestamp.java?rev=1130106&r1=1130105&r2=1130106&view=diff
==============================================================================
--- 
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityTimestamp.java 
(original)
+++ 
webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecurityTimestamp.java 
Wed Jun  1 11:36:27 2011
@@ -262,11 +262,11 @@ public class TestWSSecurityTimestamp ext
     }
     
     /**
-     * This is a test for processing an Timestamp where the "Created" element 
is in the future.
-     * This Timestamp should be rejected by default, and then accepted once 
the future 
-     * time-to-live configuration is enabled.
+     * This is a test for processing an Timestamp where the "Created" element 
is in the (near)
+     * future. It should be accepted by default when it is created 30 seconds 
in the future, 
+     * and then rejected once we configure "0 seconds" for future-time-to-live.
      */
-    public void testFutureCreated() throws Exception {
+    public void testNearFutureCreated() throws Exception {
         
         Document doc = unsignedEnvelope.getAsDocument();
         WSSecHeader secHeader = new WSSecHeader();
@@ -309,7 +309,7 @@ public class TestWSSecurityTimestamp ext
         assertTrue(receivedTimestamp != null);
         
         MyHandler myHandler = new MyHandler();
-        if (myHandler.publicVerifyTimestamp(receivedTimestamp, 300)) {
+        if (myHandler.publicVerifyTimestamp(receivedTimestamp, 300, 0)) {
             fail("The timestamp validation should have failed");
         }
         assertTrue(myHandler.publicVerifyTimestamp(receivedTimestamp, 300, 
60));

Reply via email to