[ http://issues.apache.org/jira/browse/WSS-26?page=all ]
Christian Müller updated WSS-26:
--------------------------------
Attachment: patch_WSS-26.txt
Hi Davanum, hi Werner!
Fix to handle wsu:Timestamp element without wsu:Created an/or wsu:Expires
element on the receiver side.
This fix not included api-changes to set a flag (e.g. in WSSConfig) to
include/create a wsu:Created an/or wsu:Expires element o the sender side. If
you need this, let me know... :o)
Regards,
Christian
> "Expires" element required when it should be optional
> -----------------------------------------------------
>
> Key: WSS-26
> URL: http://issues.apache.org/jira/browse/WSS-26
> Project: WSS4J
> Type: Bug
> Environment: n/a
> Reporter: Ever A. Olano
> Assignee: Davanum Srinivas
> Attachments: patch_WSS-26.txt
>
> Hello. While testing my WSS4J-based validation code using Parasoft's SOA
> Test as my client, I found that WSS4J fails the validation when the request
> includes a Timestamp with no "Expires" element under it. I looked at the
> code and it does seem to assume that there's always an Expires element. In
> fact, it also assumes that "Created" is present. In the spec, both fields
> are optional.
> Also, I believe the spec says the validating code SHOULD (not MUST) throw a
> fault if the security semantics have expired. So, I think there should be a
> way to tell WSS4J to just ignore the timestamp, if present. Or is there?
> Thanks,
> Ever
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
