axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amila Jayasekara (Resolved) (JIRA)" <>
Subject [jira] [Resolved] (RAMPART-357) Timestamp verification handled at two locations in different ways
Date Wed, 15 Feb 2012 09:28:06 GMT


Amila Jayasekara resolved RAMPART-357.

    Resolution: Fixed

Patch is applied to trunk in revision 1243894. Therefore resolving this issue.

Thanks Hasini for the contribution.

Note: When applying this to 1.6 branch we can directly use rampart_357.patch file.

> Timestamp verification handled at two locations in different ways
> -----------------------------------------------------------------
>                 Key: RAMPART-357
>                 URL:
>             Project: Rampart
>          Issue Type: Bug
>            Reporter: Hasini Gunasinghe
>         Attachments: rampart_357.patch, rampart_357_trunk.patch, rampart_patch_trunk_v2.patch
> Currently, when verifying timestamp, 'Expired' is verified in WSS4J level if timestampStrict
> 'Created' is verified in PolicyBasedResultsValidator.
> timestampMaxSkew is taken into consideration only when verifying 'Created' in timestamp
inside PolicyBasedResultsValidator.
> IMO, both 'Expired' and 'Created' should be verified in PolicyBasedResultsValidator in
a consistent way, taking timestampMaxSkew into consideration in both the occasions.
> Hence the proposed solution is like below:
> -Disable timestampStrict in WSConfig by default through Rampart. 
> -Verify both 'Expired' and 'Created' in PolicyBasedResultsValidator.
> -Allow to enable verification at WSS4J level through rampart config, if someone needs

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message