[RAMPART-357] Timestamp verification handled at two locations in different ways - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

Currently, when verifying timestamp, 'Expired' is verified in WSS4J level if timestampStrict enabled.
'Created' is verified in PolicyBasedResultsValidator.

timestampMaxSkew is taken into consideration only when verifying 'Created' in timestamp inside PolicyBasedResultsValidator.

IMO, both 'Expired' and 'Created' should be verified in PolicyBasedResultsValidator in a consistent way, taking timestampMaxSkew into consideration in both the occasions.

Hence the proposed solution is like below:
-Disable timestampStrict in WSConfig by default through Rampart.
-Verify both 'Expired' and 'Created' in PolicyBasedResultsValidator.
-Allow to enable verification at WSS4J level through rampart config, if someone needs it.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

rampart_patch_trunk_v2.patch
14/Feb/12 11:39
11 kB
Hasini Gunasinghe
rampart_357_trunk.patch
14/Feb/12 08:11
11 kB
Amila Jayasekara
rampart_357.patch
06/Feb/12 08:49
9 kB
Hasini Gunasinghe

Activity

People

Assignee:: Unassigned

Reporter:: Hasini Gunasinghe

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 06/Feb/12 07:53

Updated:: 07/Mar/12 05:26

Resolved:: 15/Feb/12 09:27