You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by ji...@apache.org on 2004/06/02 20:23:54 UTC

[jira] Assigned: (WSFX-9) Further implementation of timestamp handling

Message:

   The following issue has been re-assigned.

   Assignee: Werner Dittmann (mailto:werner.dittmann@t-online.de)
---------------------------------------------------------------------
View the issue:
  http://issues.apache.org/jira/browse/WSFX-9

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: WSFX-9
    Summary: Further implementation of timestamp handling
       Type: Improvement

     Status: Open
   Priority: Major

    Project: WSFX
 Components: 
             WSS4J

   Assignee: Werner Dittmann
   Reporter: Christof Soehngen

    Created: Tue, 1 Jun 2004 4:49 AM
    Updated: Wed, 2 Jun 2004 11:22 AM
Environment: CVS snapshot from 2004-06-01

Description:
I did a further implementation of the timestamp handling. The timestamp is not added automatically in WSBaseMessage anymore. Instead it can be inserted by using the action attribute ("Timestamp") in the config.

The validation of the timestamp was split in two parts. One for the validation according to the specification in the SecurityEngine, the second for any further checks in the sample Axis handler WSDoAllReceiver (I introduced a sample check of the lifetime against serverside timeToLive).

The changes I made are the following:

 - org.apache.ws.security.WSConstants:
	* Add constant for independent timestamp action

 - org.apache.ws.axis.security.WSDoAllConstants:
	* Add constant for provoking insertion of timestamp

 - org.apache.ws.axis.security.util.AxisUtil:
	* Modify method decodeAction (add action Timestamp)

 - org.apache.ws.security.errors.properties:
	* Add error message for invalid timestamp

 - Add class org.apache.ws.security.message.Timestamp (similar to  UsernameToken)

 - Add class org.apache.ws.security.message.WSAddTimestamp (similar to WSSAddUsernameToken)

 - org.apache.ws.security.message.WSBaseMessage:
	* Move insertion of timestamp to WSDoAllSender (from method insertSecurityHeader())
	* Modify call of insertSecurityHeader in org.apache.ws.security.message.WSEncryptBody
	* Modify call of insertSecurityHeader in org.apache.ws.security.message.WSSAddSAMLToken
	* Modify call of insertSecurityHeader in org.apache.ws.security.message.WSSAddUsernameToken
	* Modify call of insertSecurityHeader in org.apache.ws.security.message.WSSignEnvelope

 - org.apache.ws.security.WSSecurityEngineResult:
	* Add attribute Timestamp
	* Add method getTimestamp()
	* Add constructor for timestamp

 - org.apache.ws.security.WSSecurityEngine:
	* Modify method processSecurityHeader(): Call handleTimestamp()
	* Add method handleTimestamp()

 - WSDoAllSender:
	* Modify method invoke(): call performTSAction()
	* Add method performTSAction()

 - WSDoAllReceiver:
	* Add attribute timeToLive: Interval accepted by the receiver
	* Modify method invoke: Add call of validateTimestamp() hook
	* Add method validateTimestamp()

Comments are welcome,
Christof Soehngen


---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira