You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Werner Dittmann (JIRA)" <ji...@apache.org> on 2006/02/16 13:39:03 UTC
[jira] Resolved: (WSS-26) "Expires" element required when it should
be optional
[ http://issues.apache.org/jira/browse/WSS-26?page=all ]
Werner Dittmann resolved WSS-26:
--------------------------------
Resolution: Fixed
> "Expires" element required when it should be optional
> -----------------------------------------------------
>
> Key: WSS-26
> URL: http://issues.apache.org/jira/browse/WSS-26
> Project: WSS4J
> Type: Bug
> Environment: n/a
> Reporter: Ever A. Olano
> Assignee: Davanum Srinivas
> Attachments: patch_WSS-26.txt
>
> Hello. While testing my WSS4J-based validation code using Parasoft's SOA Test as my client, I found that WSS4J fails the validation when the request includes a Timestamp with no "Expires" element under it. I looked at the code and it does seem to assume that there's always an Expires element. In fact, it also assumes that "Created" is present. In the spec, both fields are optional.
> Also, I believe the spec says the validating code SHOULD (not MUST) throw a fault if the security semantics have expired. So, I think there should be a way to tell WSS4J to just ignore the timestamp, if present. Or is there?
> Thanks,
> Ever
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org