You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by we...@apache.org on 2005/11/17 17:08:01 UTC
svn commit: r345274 - in
/webservices/wss4j/trunk/src/org/apache/ws/security/handler: WSHandler.java
WSS4JHandler.java
Author: werner
Date: Thu Nov 17 08:07:56 2005
New Revision: 345274
URL: http://svn.apache.org/viewcvs?rev=345274&view=rev
Log:
Perform the second timestamp check (verifyTimestamp) only
if timestampStrict == true.
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=345274&r1=345273&r2=345274&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java Thu Nov 17 08:07:56 2005
@@ -89,7 +89,7 @@
.setPrecisionInMilliSeconds(decodeTimestampPrecision(reqData));
reqData.setWssConfig(wssConfig);
- Object mc = reqData.getMsgContext();
+ Object mc = reqData.getMsgContext();
String actor = getString(WSHandlerConstants.ACTOR, mc);
reqData.setActor(actor);
@@ -987,19 +987,22 @@
validCreation.setTime(new Date(currentTime));
if (doDebug) {
- log.debug("Preparing to verify the timestamp");
- DateFormat zulu = new XmlSchemaDateFormat();
- log.debug("Validation of Timestamp: Current time is "
- + zulu.format(Calendar.getInstance().getTime()));
- log.debug("Validation of Timestamp: Valid creation is "
- + zulu.format(validCreation.getTime()));
- log.debug("Validation of Timestamp: Timestamp created is "
- + zulu.format(timestamp.getCreated().getTime()));
- }
+ log.debug("Preparing to verify the timestamp");
+ DateFormat zulu = new XmlSchemaDateFormat();
+ log.debug("Validation of Timestamp: Current time is "
+ + zulu.format(Calendar.getInstance().getTime()));
+ log.debug("Validation of Timestamp: Valid creation is "
+ + zulu.format(validCreation.getTime()));
+ if (timestamp.getCreated() != null) {
+ log.debug("Validation of Timestamp: Timestamp created is "
+ + zulu.format(timestamp.getCreated().getTime()));
+ }
+ }
// Validate the time it took the message to travel
- // if (timestamp.getCreated().before(validCreation) ||
+ // if (timestamp.getCreated().before(validCreation) ||
// !timestamp.getCreated().equals(validCreation)) {
- if (!timestamp.getCreated().after(validCreation)) {
+ Calendar cre = timestamp.getCreated();
+ if (cre != null && !cre.after(validCreation)) {
if (doDebug) {
log.debug("Validation of Timestamp: The message was created too long ago");
}
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java
URL: http://svn.apache.org/viewcvs/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java?rev=345274&r1=345273&r2=345274&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSS4JHandler.java Thu Nov 17 08:07:56 2005
@@ -480,7 +480,7 @@
if (actionResult != null) {
Timestamp timestamp = actionResult.getTimestamp();
- if (timestamp != null) {
+ if (timestamp != null && reqData.getWssConfig().isTimeStampStrict()) {
if (!verifyTimestamp(timestamp, decodeTimeToLive(reqData))) {
throw new JAXRPCException("WSS4JHandler: The timestamp could not be validated");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org