Jose,
WSS4J sends the time as UTC as required by the OASIS WSS specifications, thus
different
timezones shouldn't matter. Only if the clocks are out of sync then this
exception may
happen. Usually 5 minutes TimeToLive should be good enough (well some PC
hardware have
lousy clocks, I always use NTP to synchronize clocks on my systems here).
Regards,
Werner
________________________________
Von: ext José Ferreiro [mailto:[EMAIL PROTECTED]
Gesendet: Mittwoch, 14. Mai 2008 17:18
An: [EMAIL PROTECTED]; wss4j-dev
Betreff: Re: AXIS 1.4 and WSS4J - Client with different LOCAL TIMES
[SOLUTION]
Here is the solution:
I started developing a secure web service in my development computer.
However when I deployed the application (in another server[JBoss]) to
simulate different clients connecting to the web service with different LOCAL
TIME ZONES, things went bad...
Problems with TIMESTAMP validation...
I got error the following error depending on the tested client (either
dotnet or java):
In Microsoft
[dotnet framework 2.0, WSE 3.0]
WSE065: Creation time of the timestamp is in the future. This typically
indicates lack of synchronization between
sender and receiver clocks.
or for java
[Axis 1.4, wss4j 1.5.3]
Exception: WSDoAllReceiver: security processing failed; nested
exception is:
org.apache.ws.security.WSSecurityException: An error was discovered
processing the <wsse:Security> header. (WSSecurityEngine: Invalid timestamp The
security semantics of message have expired)
The problems are due that the two clocks in the clients and the server
are not synchonized.
JAVA World: WSS4J - Use the timeToLive parameter in the handler to
resolve this problem [1] [2].
MICROSOFT World: WSE 3.0 - Use the tags timeToleranceInSeconds and
defaultTtlInSeconds in the app.config file of the web service in your project
(illustration follows with the corresponding xml tags) [3]
<configuration>
<microsoft.web.services3>
<security>
<timeToleranceInSeconds value = "3600" />
<defaultTtlInSeconds value = "3600" />
[1] - http://wiki.apache.org/ws/FrontPage/WsFx/wss4jFAQ#time
[2] -
http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHandlerConstants.html#TTL_TIMESTAMP
[3] - http://msdn.microsoft.com/en-us/library/ms824668.aspx
[fyi] -
http://www.google.ch/search?q=Secure+Web+Services+Interoperability+using+X.509+Certificate+Token+Profile+(AXIS+1.4%2C+WSS4J+1.5.3%2C+dotnet+2.0%2C+WSE+3.0+)&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr-FR:official&client=firefox-a
Hope this helps!
Jose Ferreiro
On Wed, May 14, 2008 at 1:38 PM, José Ferreiro <> wrote:
Dear newsgroup,
I successfully developed a server side service using axis 1.4
and wss4j 1.5.3.
I implemented the signature, encryption and timestamp features.
I may manage the local time in the server.
Nevertheless, I will have clients from different local times
(not same time as in the server. the local time in the server is GMT+1 ).
How can a java client implement/apply the right timestamp
according to the server GMT+1 using axis 1.4 and wss4j 1.5.3?
All suggestions are welcome.
Thank you in advance
Jose Ferreiro
--
José Ferreiro
EPFL Communication Systems engineer
