You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by co...@apache.org on 2011/12/02 14:53:24 UTC

svn commit: r1209482 - /cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java

Author: coheigea
Date: Fri Dec  2 13:53:23 2011
New Revision: 1209482

URL: http://svn.apache.org/viewvc?rev=1209482&view=rev
Log:
[CXF-3948] - CXF 2.3.x does not configure the Future TTL value for Timestamp processing

Modified:
    cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java

Modified: cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1209482&r1=1209481&r2=1209482&view=diff
==============================================================================
--- cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/branches/2.3.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Fri Dec  2 13:53:23 2011
@@ -363,7 +363,19 @@ public class WSS4JInInterceptor extends 
                     (WSSecurityEngineResult) timestampResults.get(i);
                 Timestamp timestamp = (Timestamp)result.get(WSSecurityEngineResult.TAG_TIMESTAMP);
 
-                if (timestamp != null && !verifyTimestamp(timestamp, decodeTimeToLive(reqData))) {
+                String futureTTL = 
+                    getString(WSHandlerConstants.TTL_FUTURE_TIMESTAMP, reqData.getMsgContext());
+                int futureTimeToLive = 60;
+                if (futureTTL != null) {
+                    try {
+                        futureTimeToLive = Integer.parseInt(futureTTL);
+                    } catch (NumberFormatException e) {
+                        futureTimeToLive = 60;
+                    }
+                }
+                    
+                if (timestamp != null 
+                    && !verifyTimestamp(timestamp, decodeTimeToLive(reqData), futureTimeToLive)) {
                     LOG.warning("The timestamp could not be validated");
                     throw new WSSecurityException(WSSecurityException.MESSAGE_EXPIRED);
                 }