cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: CXF WSS4J and timestampStrict
Date Tue, 04 Dec 2012 12:04:07 GMT
> If in request message there is timestamp validate it
> If in request message there is no timestamp just handle this message
without
> validation.

The old way of configuring WS-Security which you are using is not flexible
to handle this scenario. You need to switch to using WS-SecurityPolicy:

http://cxf.apache.org/docs/ws-securitypolicy.html

Colm.

On Tue, Dec 4, 2012 at 12:00 PM, marcin.kasinski
<marcin.kasinski@gmail.com>wrote:

>
>
> In first post I wrote:
>
> From documentation I can read : timestampStrict: Set whether to enable
> strict Timestamp handling. Default is "true".
>
>
> Thats why on server side I placed timestampStrict = false.
>
> My undestanding od this: client can send timestamp, but if not it is not
> problem for service.
>
>
> What I would like to achieve:
>
> If in request message there is timestamp validate it
> If in request message there is no timestamp just handle this message
> without
> validation.
>
> What I do wrong ?
>
>
>
>
>
>
> -----
>
> Regards
> Marcin Kasinski
> http://itzone.com.pl
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-WSS4J-and-timestampStrict-tp5719532p5719617.html
> Sent from the cxf-dev mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message