[
https://issues.apache.org/jira/browse/WSS-441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13678113#comment-13678113
]
Colm O hEigeartaigh commented on WSS-441:
-----------------------------------------
I've committed a modified version of this patch, which allows you to plug in a
WSTimeSource implementation via the WSSConfig class. This allows you to set the
Created Time for both UsernameToken + Timestamp Created values on the outbound
side. The static stuff was a security risk, as it would allow other code in the
VM to control Timestamps. I didn't see a good reason to include this
functionality on the receiving side.
Colm.
> Allow the date/time in the security headers to be spoofed
> ---------------------------------------------------------
>
> Key: WSS-441
> URL: https://issues.apache.org/jira/browse/WSS-441
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.6.10
> Reporter: David R Robison
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.11
>
> Attachments: wws4j.patch
>
>
> When using ONVIF with ws-security to talk to digital cameras, the cameras are
> not always time synced with the system. After polling the camera's current
> date/time I need to spoof my the times in the security headers in order to
> properly set the camera's date/time. Once that is done then I can use the
> system's clock for the security timestamps. This change adds a time source
> that can be overridden to return a fake system time that is consistent with
> the current time in the camera
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
