You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by Apache Wiki <wi...@apache.org> on 2005/11/17 17:33:06 UTC
[Ws Wiki] Update of "FrontPage/WsFx/wss4jFAQ" by WernerDittmann
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Ws Wiki" for change notification.
The following page has been changed by WernerDittmann:
http://wiki.apache.org/ws/FrontPage/WsFx/wss4jFAQ
------------------------------------------------------------------------------
* All timestaps use millisecond precision
* The default time difference between {{{Created}}} and {{{Expires}}} is set
to 300 seconds (5 minutes).
+ * The handler performs strict timestamp handling, i.e. throws an exception
+ if verification of the timestamp fails.
Use the following handler parameters to change these settings:
* {{{timeToLive}}} to specify another time difference between
{{{Created}}} and {{{Expires}}}. The value of this parameter is an
@@ -234, +236 @@
* {{{precisionInMilliseconds}}} to switch off the millisecond time
precision. Set the value to {{{false}}} or {{{0}}} to generate
timestamps without milliseconds.
+ * {{{timestampStrict}}} to switch on/off strict timestamp handling.
+ Set the value to {{{false}}} or {{{0}}} to switch off strict handling.
+ The defaul setting is '''on'''. According to WSS specfications it is optional
+ to report a fault if timestamp verifications fails.
WSS4J uses the ''UTC'' timezone (''zulu time'') to generate
timestamps. This is according to the WSS specifications.
@@ -241, +247 @@
not expired). This is done in two steps:
* In the first step the WSSecurity``Engine (WSS4J 1.x.y) or the
Timestamp``Processor (since WSS4J 2.x.x) checks the {{{Expires}}}
- timestanp against the server's current time.
+ timestanp against the server's current time. If this check fails then
+ then handler throws an exception if strict timestamp handling is on.
* In the second step the WSS4J handler, either {{{WSDoAllReceiver}}}
or {{{WSS4JHandler}}}, performs a check based on server
- information. The server computes a valid creation time by subtraction
+ information. The server computes a valid creation time by subtracting
the time-to-live from the current time at the server and checks the
{{{Created}}} time aginst this computed value. The default
time-to-live value is 300 seconds. You may specify a {{{timeToLive}}}
parameter in the handler's request path at the server to define
- another value for the time difference.
+ another value for the time difference. This handler perfoms this check
+ only if strict timestamp handling is on.