Hi Werner,
Thanks for the reply. I'll implement something myself to do the chec, I
guess it won't be too difficult.
Regards,
Richard.
Dittmann, Werner wrote:
Richard,
WSS4J does not support the checking of the
createdTime included in UsernameToken. createdTime
is included in the results structure and handed over to
the app. Also it is used to form the digested password
if necessary.
There is also no "expired" timestamp in the usernameToken.
Regards,
Werner
-----Ursprüngliche Nachricht-----
Von: Richard Gregory [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 16. Dezember 2005 17:18
An: [email protected]
Betreff: Time to live of UsernameToken Timestamp
Hi,
I know that if a timestamp element is included in the
security header it
is checked against a time to live (default 5 minutes). Is
there anything
built into wss4j to check the created timestamp of a UsernameToken in
the same way (as recommended by the OASIS spec), or is it up
to users to
implement this if required? I had a look though the
documentation but I
couldn't find anything, so I'm guessing the latter, but I
just thought
I'd check before I implmented this myself.
Thanks,
Richard.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
