You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Alexander Savinov <ku...@gmail.com> on 2014/05/28 12:27:03 UTC

WSS4J Timestamp validation

I am using WSS4J 2.0 to create the SecurityHeader.
I have created the Timestamp, it looks correct.

<wsu:Timestamp wsu:Id="TS-125be995-154f-4da5-807c-72059bd69a6b">
                <wsu:Created>2014-05-28T10:23:38.747Z</wsu:Created>
                <wsu:Expires>2014-05-28T10:28:38.747Z</wsu:Expires>
            </wsu:Timestamp>

Time in my timezone is 12:24, but this shouldn`t matter if i understood
correct, but i am getting an Exception.

 Invalid timestamp: A replay attack has been detected

Can somebody help me with this issue or give a hint.

RE: WSS4J Timestamp validation

Posted by Andrei Shakirin <as...@talend.com>.

Hi,

Can be the case that you send the same request more than once to the service?
Service detects replay attack in this case.

Regards,
Andrei.

> -----Original Message-----
> From: Alexander Savinov [mailto:kure.saru@gmail.com]
> Sent: Mittwoch, 28. Mai 2014 12:27
> To: users@cxf.apache.org
> Subject: WSS4J Timestamp validation
> 
> I am using WSS4J 2.0 to create the SecurityHeader.
> I have created the Timestamp, it looks correct.
> 
> <wsu:Timestamp wsu:Id="TS-125be995-154f-4da5-807c-72059bd69a6b">
>                 <wsu:Created>2014-05-28T10:23:38.747Z</wsu:Created>
>                 <wsu:Expires>2014-05-28T10:28:38.747Z</wsu:Expires>
>             </wsu:Timestamp>
> 
> Time in my timezone is 12:24, but this shouldn`t matter if i understood correct,
> but i am getting an Exception.
> 
>  Invalid timestamp: A replay attack has been detected
> 
> Can somebody help me with this issue or give a hint.

Re: WSS4J Timestamp validation

Posted by Colm O hEigeartaigh <co...@apache.org>.

You are sending multiple messages with the same Timestamp, and the service
endpoint is treating it as a message replay attack. Your options are:

a) Generate a unique timestamp per-request (recommended)
b) Disable replay attack detection on the service side (not recommended),
by setting the JAX-WS property "ws-security.enable.timestamp.cache" to
"false".

Colm.

On Wed, May 28, 2014 at 11:27 AM, Alexander Savinov <ku...@gmail.com>wrote:

> I am using WSS4J 2.0 to create the SecurityHeader.
> I have created the Timestamp, it looks correct.
>
> <wsu:Timestamp wsu:Id="TS-125be995-154f-4da5-807c-72059bd69a6b">
>                 <wsu:Created>2014-05-28T10:23:38.747Z</wsu:Created>
>                 <wsu:Expires>2014-05-28T10:28:38.747Z</wsu:Expires>
>             </wsu:Timestamp>
>
> Time in my timezone is 12:24, but this shouldn`t matter if i understood
> correct, but i am getting an Exception.
>
>  Invalid timestamp: A replay attack has been detected
>
> Can somebody help me with this issue or give a hint.
>

-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com