Re: [Axis2] Rampart/WSS4J timestamp check

[Amit Swaroop]

Hi,
I am facing the same problem as mentioned by you.I hope you have found the
solution to this.
I want to get the correct settings done on the server side as so far i
have'nt set the 'timetolive' parameter on server side services.xml .

The client for my service is a .net clientwhich is setting time expire
parameter as currenttime+12 hours,but on the server side i am unable to do
the same and when  the client sends a request with time difference of more
than 5 mins ,the service throws the WSDOAll receiver  fault .

I know that it is to be handled on server side now,please help.
My services.xml is as follows :
service name=AccountService 
Description
Web Service for saving the account details in Server database
/Description
messageReceivers
messageReceiver mep=http://www.w3.org/2004/08/wsdl/in-only;
class=org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver /
messageReceiver  mep=http://www.w3.org/2004/08/wsdl/in-out; 
class=org.apache.axis2.rpc.receivers.RPCMessageReceiver/
/messageReceivers

parameter name=ServiceObjectSupplier
locked=falseorg.apache.axis2.extensions.spring.receivers.SpringAppContextAwareObjectSupplier/parameter
parameter name=SpringBeanName locked=falsesendSms/parameter

parameter name=InflowSecurity
  action
itemsUsernameToken Timestamp/items
   
passwordCallbackClasscom.knowcross.gmhs.wsdldao.htngmodule.HtngSecurityCallbackHandler/passwordCallbackClass
  /action
/parameter  

/service


Regards,

Amit Swaroop


Jos Dirksen wrote:
 
 Hi,
 
 I'm currently trying out some scenarios with Rampart and run into an issue
 with the Rampart module. When just specifying the timeout security action,
 this timeout isn't checked by the incoming security handler. Is this
 correct behaviour? 
 
 On the serverside I specified the following:
 
   parameter name=InflowSecurity
   action
   itemsTimestamp/items
  /action
   /parameter
 
 And on the client side I've configured it like this:
 
 parameter name=OutflowSecurity
   action
 itemsTimestamp/items
 timeToLive1/timeToLive
   /action
 /parameter
 
 When I delay the sending of the message (e.g. by debugging) the message is
 still accepted at the server even though the ttl has passed. When I debug
 somewhat deeper into the WSS4J code, I don't see a check there. 
 
 I hope this is the correct forum to ask this question, if not I'll try at
 the WSS4J forum.
 

-- 
View this message in context: 
http://www.nabble.com/-Axis2--Rampart-WSS4J-timestamp-check-tp6156270p22843553.html
Sent from the Axis - User mailing list archive at Nabble.com.

[Axis2] Rampart/WSS4J timestamp check

[Jos Dirksen]

Hi,

I'm currently trying out some scenarios with Rampart and run into an issue
with the Rampart module. When just specifying the timeout security action,
this timeout isn't checked by the incoming security handler. Is this correct
behaviour? 

On the serverside I specified the following:

parameter name=InflowSecurity
action
itemsTimestamp/items
   /action
/parameter

And on the client side I've configured it like this:

parameter name=OutflowSecurity
  action
itemsTimestamp/items
timeToLive1/timeToLive
  /action
/parameter

When I delay the sending of the message (e.g. by debugging) the message is
still accepted at the server even though the ttl has passed. When I debug
somewhat deeper into the WSS4J code, I don't see a check there. 

I hope this is the correct forum to ask this question, if not I'll try at
the WSS4J forum.
-- 
View this message in context: 
http://www.nabble.com/-Axis2--Rampart-WSS4J-timestamp-check-tf118.html#a6156270
Sent from the Axis - User forum at Nabble.com.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Axis2] Rampart/WSS4J timestamp check

[Jos Dirksen]

Just ignore my last message. Got it working now, was running the server side
with the incorrect settings.

My apologies.


Jos Dirksen wrote:
 
 Hi,
 
 I'm currently trying out some scenarios with Rampart and run into an issue
 with the Rampart module. When just specifying the timeout security action,
 this timeout isn't checked by the incoming security handler. Is this
 correct behaviour? 
 
 On the serverside I specified the following:
 
   parameter name=InflowSecurity
   action
   itemsTimestamp/items
  /action
   /parameter
 
 And on the client side I've configured it like this:
 
 parameter name=OutflowSecurity
   action
 itemsTimestamp/items
 timeToLive1/timeToLive
   /action
 /parameter
 
 When I delay the sending of the message (e.g. by debugging) the message is
 still accepted at the server even though the ttl has passed. When I debug
 somewhat deeper into the WSS4J code, I don't see a check there. 
 
 I hope this is the correct forum to ask this question, if not I'll try at
 the WSS4J forum.
 

-- 
View this message in context: 
http://www.nabble.com/-Axis2--Rampart-WSS4J-timestamp-check-tf118.html#a6156558
Sent from the Axis - User forum at Nabble.com.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]