[
https://issues.apache.org/jira/browse/WSS-26?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh closed WSS-26.
----------------------------------
> "Expires" element required when it should be optional
> -----------------------------------------------------
>
> Key: WSS-26
> URL: https://issues.apache.org/jira/browse/WSS-26
> Project: WSS4J
> Issue Type: Bug
> Environment: n/a
> Reporter: Ever A. Olano
> Assignee: Davanum Srinivas
> Attachments: patch_WSS-26.txt
>
>
> Hello. While testing my WSS4J-based validation code using Parasoft's SOA
> Test as my client, I found that WSS4J fails the validation when the request
> includes a Timestamp with no "Expires" element under it. I looked at the
> code and it does seem to assume that there's always an Expires element. In
> fact, it also assumes that "Created" is present. In the spec, both fields
> are optional.
> Also, I believe the spec says the validating code SHOULD (not MUST) throw a
> fault if the security semantics have expired. So, I think there should be a
> way to tell WSS4J to just ignore the timestamp, if present. Or is there?
> Thanks,
> Ever
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
