[
https://issues.apache.org/jira/browse/WSS-554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14745148#comment-14745148
]
Colm O hEigeartaigh commented on WSS-554:
-----------------------------------------
I won't fix this for 1.6.19, only 2.0.x + 2.1.x. With CXF the underlying root
exception is not returned to the client anyway due to security reasons...
Colm.
> Improved error message for timestamp in the future
> --------------------------------------------------
>
> Key: WSS-554
> URL: https://issues.apache.org/jira/browse/WSS-554
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 1.6.18
> Environment: Any
> Reporter: Rudi Grasmuck
> Assignee: Colm O hEigeartaigh
> Priority: Trivial
> Fix For: 2.0.6, 2.1.4
>
>
> The error message "The message is expired"
> (WSSecurityException.MESSAGE_EXPIRED) is returned for the case of
> timeStamp.isExpired() as well as when the created timestamp is in the future
> in the org.apache.ws.security.validate.TimestampValidator.
> When a client has a clock set a few minutes in the future (or past), their
> timestamp fails verification in the verifyCreated method in the Timestamp,
> the return of message expired is misleading and can cause a user to look in
> the wrong place. Maybe "The message timestamp is out of range!?"
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
