ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Werner Dittmann (JIRA)" <>
Subject [jira] Commented: (WSS-26) "Expires" element required when it should be optional
Date Thu, 17 Nov 2005 07:19:42 GMT
    [ ] 

Werner Dittmann commented on WSS-26:

Thanks for the interop testing.
currentls there is no such parameter to specify "forget timestamp" or so.
Will do this as an improvement in the current SVN version, pls allow a few days
for delivery :-)


> "Expires" element required when it should be optional
> -----------------------------------------------------
>          Key: WSS-26
>          URL:
>      Project: WSS4J
>         Type: Bug
>  Environment: n/a
>     Reporter: Ever A. Olano
>     Assignee: Davanum Srinivas

> Hello.  While testing my WSS4J-based validation code using Parasoft's SOA Test as my
client, I found that WSS4J fails the validation when the request includes a Timestamp with
no "Expires" element under it.  I looked at the code and it does seem to assume that there's
always an Expires element.  In fact, it also assumes that "Created" is present.  In the spec,
both fields are optional.
> Also, I believe the spec says the validating code SHOULD (not MUST) throw a fault if
the security semantics have expired.  So, I think there should be a way to tell WSS4J to just
ignore the timestamp, if present.  Or is there?
> Thanks,
> Ever

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message