ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ever A. Olano (JIRA)" <j...@apache.org>
Subject [jira] Created: (WSS-26) "Expires" element required when it should be optional
Date Thu, 17 Nov 2005 01:49:31 GMT
"Expires" element required when it should be optional
-----------------------------------------------------

         Key: WSS-26
         URL: http://issues.apache.org/jira/browse/WSS-26
     Project: WSS4J
        Type: Bug
 Environment: n/a
    Reporter: Ever A. Olano
 Assigned to: Davanum Srinivas 


Hello.  While testing my WSS4J-based validation code using Parasoft's SOA Test as my client,
I found that WSS4J fails the validation when the request includes a Timestamp with no "Expires"
element under it.  I looked at the code and it does seem to assume that there's always an
Expires element.  In fact, it also assumes that "Created" is present.  In the spec, both fields
are optional.

Also, I believe the spec says the validating code SHOULD (not MUST) throw a fault if the security
semantics have expired.  So, I think there should be a way to tell WSS4J to just ignore the
timestamp, if present.  Or is there?

Thanks,
Ever

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message