[jira] Resolved: (RAMPART-50) parameter ttl not evaluated org.apache.rampart.handler.WSDoAllReceiver.processBasic

Tue, 07 Aug 2007 18:58:25 -0700 

     [ 
https://issues.apache.org/jira/browse/RAMPART-50?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ruchith Udayanga Fernando resolved RAMPART-50.
----------------------------------------------

    Resolution: Fixed

Fixed :
http://svn.apache.org/viewvc?view=rev&rev=563721

Thanks,
Ruchith

> parameter ttl not evaluated 
> org.apache.rampart.handler.WSDoAllReceiver.processBasic
> -----------------------------------------------------------------------------------
>
>                 Key: RAMPART-50
>                 URL: https://issues.apache.org/jira/browse/RAMPART-50
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.1
>            Reporter: Abdelaziz Samari
>
> In the method processBasic of the org.apache.rampart.handler.WSDoAllReceiver 
> the followed code seems to be buggy
>                               /*
>          * Perform further checks on the timestamp that was transmitted in the
>          * header. In the following implementation the timestamp is valid if 
> it
>          * was created after (now-ttl), where ttl is set on server side, not 
> by
>          * the client.
>          * 
>          * Note: the method verifyTimestamp(Timestamp) allows custom
>          * implementations with other validation algorithms for subclasses.
>          */
>         // Extract the timestamp action result from the action vector
>         actionResult = WSSecurityUtil.fetchActionResult(wsResult,
>                 WSConstants.TS);
>         if (actionResult != null) {
>             Timestamp timestamp = actionResult.getTimestamp();
>             if (timestamp != null) {
>                 String ttl = null;
>                 if ((ttl = (String) 
> getOption(WSHandlerConstants.TTL_TIMESTAMP)) == null) {
>                     ttl = (String) getProperty(msgContext,
>                             WSHandlerConstants.TTL_TIMESTAMP);
>                 }
>                 int ttl_i = 0;
>                 if (ttl != null) {
>                     try {
>                         ttl_i = Integer.parseInt(ttl);
>                     } catch (NumberFormatException e) {
>                         ttl_i = reqData.getTimeToLive();
>                     }
>                 }
>                 if (ttl_i <= 0) {
>                     ttl_i = reqData.getTimeToLive();
>                 }
>                 if (!verifyTimestamp(timestamp, reqData.getTimeToLive())) {
>                     throw new AxisFault(
>                             "WSDoAllReceiver: The timestamp could not be 
> validated");
>                 }
>             }
>         }
>         
> The parameter ttl is read (getOption rsp. getProperty) but not used to call 
> the methode verifyTimestamp. 
> The correct call is :
>               if (!verifyTimestamp(timestamp, ttl_i)) {
>                     throw new AxisFault(
>                             "WSDoAllReceiver: The timestamp could not be 
> validated");
>                 }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to