Christian, which version of WSS4J do you use? I've done some enhancemencts for Timestamp handling in the current SVN version (pls refer to checkin done at November, 17). I didn't mark it as resolved because I've no way to perform interop tests with this.
Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Christian Müller (JIRA) [mailto:[EMAIL PROTECTED] > Gesendet: Montag, 9. Januar 2006 14:42 > An: [email protected] > Betreff: [jira] Updated: (WSS-26) "Expires" element required > when it should be optional > > [ http://issues.apache.org/jira/browse/WSS-26?page=all ] > > Christian Müller updated WSS-26: > -------------------------------- > > Attachment: patch_WSS-26.txt > > Hi Davanum, hi Werner! > > Fix to handle wsu:Timestamp element without wsu:Created an/or > wsu:Expires element on the receiver side. > This fix not included api-changes to set a flag (e.g. in > WSSConfig) to include/create a wsu:Created an/or wsu:Expires > element o the sender side. If you need this, let me know... :o) > > Regards, > Christian > > > "Expires" element required when it should be optional > > ----------------------------------------------------- > > > > Key: WSS-26 > > URL: http://issues.apache.org/jira/browse/WSS-26 > > Project: WSS4J > > Type: Bug > > Environment: n/a > > Reporter: Ever A. Olano > > Assignee: Davanum Srinivas > > Attachments: patch_WSS-26.txt > > > > Hello. While testing my WSS4J-based validation code using > Parasoft's SOA Test as my client, I found that WSS4J fails > the validation when the request includes a Timestamp with no > "Expires" element under it. I looked at the code and it does > seem to assume that there's always an Expires element. In > fact, it also assumes that "Created" is present. In the > spec, both fields are optional. > > Also, I believe the spec says the validating code SHOULD > (not MUST) throw a fault if the security semantics have > expired. So, I think there should be a way to tell WSS4J to > just ignore the timestamp, if present. Or is there? > > Thanks, > > Ever > > -- > This message is automatically generated by JIRA. > - > If you think it was sent incorrectly contact one of the > administrators: > http://issues.apache.org/jira/secure/Administrators.jspa > - > For more information on JIRA, see: > http://www.atlassian.com/software/jira > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
