> If in request message there is timestamp validate it > If in request message there is no timestamp just handle this message without > validation.
The old way of configuring WS-Security which you are using is not flexible to handle this scenario. You need to switch to using WS-SecurityPolicy: http://cxf.apache.org/docs/ws-securitypolicy.html Colm. On Tue, Dec 4, 2012 at 12:00 PM, marcin.kasinski <[email protected]>wrote: > > > In first post I wrote: > > From documentation I can read : timestampStrict: Set whether to enable > strict Timestamp handling. Default is "true". > > > Thats why on server side I placed timestampStrict = false. > > My undestanding od this: client can send timestamp, but if not it is not > problem for service. > > > What I would like to achieve: > > If in request message there is timestamp validate it > If in request message there is no timestamp just handle this message > without > validation. > > What I do wrong ? > > > > > > > ----- > > Regards > Marcin Kasinski > http://itzone.com.pl > -- > View this message in context: > http://cxf.547215.n5.nabble.com/CXF-WSS4J-and-timestampStrict-tp5719532p5719617.html > Sent from the cxf-dev mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
