Richard, WSS4J does not support the checking of the createdTime included in UsernameToken. createdTime is included in the results structure and handed over to the app. Also it is used to form the digested password if necessary.
There is also no "expired" timestamp in the usernameToken. Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Richard Gregory [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 16. Dezember 2005 17:18 > An: [email protected] > Betreff: Time to live of UsernameToken Timestamp > > Hi, > > I know that if a timestamp element is included in the > security header it > is checked against a time to live (default 5 minutes). Is > there anything > built into wss4j to check the created timestamp of a UsernameToken in > the same way (as recommended by the OASIS spec), or is it up > to users to > implement this if required? I had a look though the > documentation but I > couldn't find anything, so I'm guessing the latter, but I > just thought > I'd check before I implmented this myself. > > Thanks, > > Richard. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
