You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Alexander Savinov <ku...@gmail.com> on 2014/05/28 12:27:03 UTC
WSS4J Timestamp validation
I am using WSS4J 2.0 to create the SecurityHeader.
I have created the Timestamp, it looks correct.
<wsu:Timestamp wsu:Id="TS-125be995-154f-4da5-807c-72059bd69a6b">
<wsu:Created>2014-05-28T10:23:38.747Z</wsu:Created>
<wsu:Expires>2014-05-28T10:28:38.747Z</wsu:Expires>
</wsu:Timestamp>
Time in my timezone is 12:24, but this shouldn`t matter if i understood
correct, but i am getting an Exception.
Invalid timestamp: A replay attack has been detected
Can somebody help me with this issue or give a hint.
RE: WSS4J Timestamp validation
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
Can be the case that you send the same request more than once to the service?
Service detects replay attack in this case.
Regards,
Andrei.
> -----Original Message-----
> From: Alexander Savinov [mailto:kure.saru@gmail.com]
> Sent: Mittwoch, 28. Mai 2014 12:27
> To: users@cxf.apache.org
> Subject: WSS4J Timestamp validation
>
> I am using WSS4J 2.0 to create the SecurityHeader.
> I have created the Timestamp, it looks correct.
>
> <wsu:Timestamp wsu:Id="TS-125be995-154f-4da5-807c-72059bd69a6b">
> <wsu:Created>2014-05-28T10:23:38.747Z</wsu:Created>
> <wsu:Expires>2014-05-28T10:28:38.747Z</wsu:Expires>
> </wsu:Timestamp>
>
> Time in my timezone is 12:24, but this shouldn`t matter if i understood correct,
> but i am getting an Exception.
>
> Invalid timestamp: A replay attack has been detected
>
> Can somebody help me with this issue or give a hint.
Re: WSS4J Timestamp validation
Posted by Colm O hEigeartaigh <co...@apache.org>.
You are sending multiple messages with the same Timestamp, and the service
endpoint is treating it as a message replay attack. Your options are:
a) Generate a unique timestamp per-request (recommended)
b) Disable replay attack detection on the service side (not recommended),
by setting the JAX-WS property "ws-security.enable.timestamp.cache" to
"false".
Colm.
On Wed, May 28, 2014 at 11:27 AM, Alexander Savinov <ku...@gmail.com>wrote:
> I am using WSS4J 2.0 to create the SecurityHeader.
> I have created the Timestamp, it looks correct.
>
> <wsu:Timestamp wsu:Id="TS-125be995-154f-4da5-807c-72059bd69a6b">
> <wsu:Created>2014-05-28T10:23:38.747Z</wsu:Created>
> <wsu:Expires>2014-05-28T10:28:38.747Z</wsu:Expires>
> </wsu:Timestamp>
>
> Time in my timezone is 12:24, but this shouldn`t matter if i understood
> correct, but i am getting an Exception.
>
> Invalid timestamp: A replay attack has been detected
>
> Can somebody help me with this issue or give a hint.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com