Author: coheigea
Date: Wed Nov 14 15:27:29 2018
New Revision: 1846590
URL: http://svn.apache.org/viewvc?rev=1846590&view=rev
Log:
Put the Date check before the ReplayCache check for UsernameTokens
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java
Modified:
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java?rev=1846590&r1=1846589&r2=1846590&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java
(original)
+++
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java
Wed Nov 14 15:27:29 2018
@@ -136,6 +136,11 @@ public class UsernameTokenProcessor impl
UsernameToken ut =
new UsernameToken(token, allowNamespaceQualifiedPasswordTypes,
data.getBSPEnforcer());
+ // Validate whether the security semantics have expired
+ if (!ut.verifyCreated(utTTL, futureTimeToLive)) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
+ }
+
// Test for replay attacks
ReplayCache replayCache = data.getNonceReplayCache();
if (replayCache != null && ut.getNonce() != null) {
@@ -158,11 +163,6 @@ public class UsernameTokenProcessor impl
}
}
- // Validate whether the security semantics have expired
- if (!ut.verifyCreated(utTTL, futureTimeToLive)) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
- }
-
Credential credential = new Credential();
credential.setUsernametoken(ut);
if (validator != null) {
