Hi,I use ws-security with UsernameToken and Timestamp. Some of our clients
have problems with time synchronizing and some require the Timestamp on
request. So I'd like to do optional timestamp validation.
As I've seen in docs, ws-security on cxf is based
WSS4J. In org.apache.ws.security.handler.WSHandlerConstants, there is
a timestampStrict option configuration.
I quote the meaning of this property :
"Strict Timestamp handling: throw an exception if a Timestamp contains an
Expires element and the semantics of the request are expired, i.e. the
current time at the receiver is past the expires time. "
In the source code of WSS4JInInterceptor, I see that only timeToLive is
passed for timestamp verification.
Could it be possible to had timestampStrict handling in WSS4JInInterceptor,
to only log a warning message if the timestamp is expired ?
Thanks,
Vincent Beretti.
