Dear Wiki user, You have subscribed to a wiki page or wiki category on "Ws Wiki" for change notification.
The following page has been changed by WernerDittmann: http://wiki.apache.org/ws/FrontPage/WsFx/wss4jFAQ ------------------------------------------------------------------------------ * All timestaps use millisecond precision * The default time difference between {{{Created}}} and {{{Expires}}} is set to 300 seconds (5 minutes). + * The handler performs strict timestamp handling, i.e. throws an exception + if verification of the timestamp fails. Use the following handler parameters to change these settings: * {{{timeToLive}}} to specify another time difference between {{{Created}}} and {{{Expires}}}. The value of this parameter is an @@ -234, +236 @@ * {{{precisionInMilliseconds}}} to switch off the millisecond time precision. Set the value to {{{false}}} or {{{0}}} to generate timestamps without milliseconds. + * {{{timestampStrict}}} to switch on/off strict timestamp handling. + Set the value to {{{false}}} or {{{0}}} to switch off strict handling. + The defaul setting is '''on'''. According to WSS specfications it is optional + to report a fault if timestamp verifications fails. WSS4J uses the ''UTC'' timezone (''zulu time'') to generate timestamps. This is according to the WSS specifications. @@ -241, +247 @@ not expired). This is done in two steps: * In the first step the WSSecurity``Engine (WSS4J 1.x.y) or the Timestamp``Processor (since WSS4J 2.x.x) checks the {{{Expires}}} - timestanp against the server's current time. + timestanp against the server's current time. If this check fails then + then handler throws an exception if strict timestamp handling is on. * In the second step the WSS4J handler, either {{{WSDoAllReceiver}}} or {{{WSS4JHandler}}}, performs a check based on server - information. The server computes a valid creation time by subtraction + information. The server computes a valid creation time by subtracting the time-to-live from the current time at the server and checks the {{{Created}}} time aginst this computed value. The default time-to-live value is 300 seconds. You may specify a {{{timeToLive}}} parameter in the handler's request path at the server to define - another value for the time difference. + another value for the time difference. This handler perfoms this check + only if strict timestamp handling is on.
