Return-Path: Delivered-To: apmail-ws-wss4j-dev-archive@www.apache.org Received: (qmail 93082 invoked from network); 17 Nov 2005 07:20:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 17 Nov 2005 07:20:05 -0000 Received: (qmail 39042 invoked by uid 500); 17 Nov 2005 07:20:04 -0000 Delivered-To: apmail-ws-wss4j-dev-archive@ws.apache.org Received: (qmail 38980 invoked by uid 500); 17 Nov 2005 07:20:03 -0000 Mailing-List: contact wss4j-dev-help@ws.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list wss4j-dev@ws.apache.org Received: (qmail 38969 invoked by uid 99); 17 Nov 2005 07:20:03 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Nov 2005 23:20:03 -0800 Received: from ajax.apache.org (ajax.apache.org [127.0.0.1]) by ajax.apache.org (Postfix) with ESMTP id 83DD821C for ; Thu, 17 Nov 2005 08:19:42 +0100 (CET) Message-ID: <1684368202.1132211982537.JavaMail.jira@ajax.apache.org> Date: Thu, 17 Nov 2005 08:19:42 +0100 (CET) From: "Werner Dittmann (JIRA)" To: wss4j-dev@ws.apache.org Subject: [jira] Commented: (WSS-26) "Expires" element required when it should be optional In-Reply-To: <221786967.1132192171987.JavaMail.jira@ajax.apache.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/WSS-26?page=comments#action_12357855 ] Werner Dittmann commented on WSS-26: ------------------------------------ Thanks for the interop testing. currentls there is no such parameter to specify "forget timestamp" or so. Will do this as an improvement in the current SVN version, pls allow a few days for delivery :-) Regards, Werner > "Expires" element required when it should be optional > ----------------------------------------------------- > > Key: WSS-26 > URL: http://issues.apache.org/jira/browse/WSS-26 > Project: WSS4J > Type: Bug > Environment: n/a > Reporter: Ever A. Olano > Assignee: Davanum Srinivas > > Hello. While testing my WSS4J-based validation code using Parasoft's SOA Test as my client, I found that WSS4J fails the validation when the request includes a Timestamp with no "Expires" element under it. I looked at the code and it does seem to assume that there's always an Expires element. In fact, it also assumes that "Created" is present. In the spec, both fields are optional. > Also, I believe the spec says the validating code SHOULD (not MUST) throw a fault if the security semantics have expired. So, I think there should be a way to tell WSS4J to just ignore the timestamp, if present. Or is there? > Thanks, > Ever -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org For additional commands, e-mail: wss4j-dev-help@ws.apache.org