ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (Closed) (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (WSS-26) "Expires" element required when it should be optional
Date Mon, 03 Oct 2011 09:04:37 GMT

     [ https://issues.apache.org/jira/browse/WSS-26?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh closed WSS-26.
----------------------------------

    
> "Expires" element required when it should be optional
> -----------------------------------------------------
>
>                 Key: WSS-26
>                 URL: https://issues.apache.org/jira/browse/WSS-26
>             Project: WSS4J
>          Issue Type: Bug
>         Environment: n/a
>            Reporter: Ever A. Olano
>            Assignee: Davanum Srinivas
>         Attachments: patch_WSS-26.txt
>
>
> Hello.  While testing my WSS4J-based validation code using Parasoft's SOA Test as my
client, I found that WSS4J fails the validation when the request includes a Timestamp with
no "Expires" element under it.  I looked at the code and it does seem to assume that there's
always an Expires element.  In fact, it also assumes that "Created" is present.  In the spec,
both fields are optional.
> Also, I believe the spec says the validating code SHOULD (not MUST) throw a fault if
the security semantics have expired.  So, I think there should be a way to tell WSS4J to just
ignore the timestamp, if present.  Or is there?
> Thanks,
> Ever

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message