You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by Apache Wiki <wi...@apache.org> on 2005/11/17 17:33:06 UTC

[Ws Wiki] Update of "FrontPage/WsFx/wss4jFAQ" by WernerDittmann

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Ws Wiki" for change notification.

The following page has been changed by WernerDittmann:
http://wiki.apache.org/ws/FrontPage/WsFx/wss4jFAQ

------------------------------------------------------------------------------
   * All timestaps use millisecond precision
   * The default time difference between {{{Created}}} and {{{Expires}}} is set
   to 300 seconds (5 minutes). 
+  * The handler performs strict timestamp handling, i.e. throws an exception
+  if verification of the timestamp fails.
  Use the following handler parameters to change these settings:
   * {{{timeToLive}}} to specify another time difference between
   {{{Created}}} and {{{Expires}}}. The value of this parameter is an
@@ -234, +236 @@

   * {{{precisionInMilliseconds}}} to switch off the millisecond time
   precision. Set the value to {{{false}}} or {{{0}}} to generate
   timestamps without milliseconds.
+  * {{{timestampStrict}}} to switch on/off strict timestamp handling.
+  Set the value to {{{false}}} or {{{0}}} to switch off strict handling.
+  The defaul setting is '''on'''. According to WSS specfications it is optional
+  to report a fault if timestamp verifications fails.
  WSS4J uses the ''UTC'' timezone (''zulu time'') to generate
  timestamps. This is according to the WSS specifications.
  
@@ -241, +247 @@

  not expired). This is done in two steps:
   * In the first step the WSSecurity``Engine (WSS4J 1.x.y) or the
   Timestamp``Processor (since WSS4J 2.x.x) checks the {{{Expires}}}
-  timestanp against the server's current time.  
+  timestanp against the server's current time. If this check fails then
+  then handler throws an exception if strict timestamp handling is on.
   * In the second step the WSS4J handler, either {{{WSDoAllReceiver}}}
   or {{{WSS4JHandler}}}, performs a check based on server
-  information. The server computes a valid creation time by subtraction
+  information. The server computes a valid creation time by subtracting
   the time-to-live from the current time at the server and checks the
   {{{Created}}} time aginst this computed value. The default
   time-to-live value is 300 seconds. You may specify a {{{timeToLive}}}
   parameter in the handler's request path at the server to define
-  another value for the time difference.
+  another value for the time difference. This handler perfoms this check
+  only if strict timestamp handling is on.