You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/12/02 14:53:24 UTC
svn commit: r1209482 -
/cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Author: coheigea
Date: Fri Dec 2 13:53:23 2011
New Revision: 1209482
URL: http://svn.apache.org/viewvc?rev=1209482&view=rev
Log:
[CXF-3948] - CXF 2.3.x does not configure the Future TTL value for Timestamp processing
Modified:
cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Modified: cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1209482&r1=1209481&r2=1209482&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Fri Dec 2 13:53:23 2011
@@ -363,7 +363,19 @@ public class WSS4JInInterceptor extends
(WSSecurityEngineResult) timestampResults.get(i);
Timestamp timestamp = (Timestamp)result.get(WSSecurityEngineResult.TAG_TIMESTAMP);
- if (timestamp != null && !verifyTimestamp(timestamp, decodeTimeToLive(reqData))) {
+ String futureTTL =
+ getString(WSHandlerConstants.TTL_FUTURE_TIMESTAMP, reqData.getMsgContext());
+ int futureTimeToLive = 60;
+ if (futureTTL != null) {
+ try {
+ futureTimeToLive = Integer.parseInt(futureTTL);
+ } catch (NumberFormatException e) {
+ futureTimeToLive = 60;
+ }
+ }
+
+ if (timestamp != null
+ && !verifyTimestamp(timestamp, decodeTimeToLive(reqData), futureTimeToLive)) {
LOG.warning("The timestamp could not be validated");
throw new WSSecurityException(WSSecurityException.MESSAGE_EXPIRED);
}