Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-231

There is an issue with the position of the <Timestamp> element in the <Security> header when using WSS4J calling .NET Web Services with WS-Security.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.8
    • Fix Version/s: 1.6.8
    • Component/s: WSS4J Core
    • Environment:
      Windows, Solaris

      Description

      There is an issue with the position of the <Timestamp> element in the <Security> header when using WSS4J calling .NET Web Services with WS-Security. When using the "Timestamp Signature" action over https, we are receiving the following error: "Signing without primary signature requires timestamp". When I modified org.apache.ws.security.message.WSSecSignature to position <Timestamp> as the first element in <Security> it worked fine (by default <Timestamp> is the last element and after the <Signature>). Can this be fixed or can you make Timestamp positioned first as a configuration option?

      <soapenv:Header>
      <wsse:Security>

      <wsu:Timestamp>
      <wsu:Created>2010-05-06T16:46:31.594Z</wsu:Created>
      <wsu:Expires>2010-05-06T16:51:31.594Z</wsu:Expires>
      </wsu:Timestamp>

      <wsse:BinarySecurityToken</wsse:BinarySecurityToken>

      <ds:Signature>
      ....
      </ds:Signature>
      </wsse:Security>
      </soapenv:Header>

        Attachments

        1. patch.txt
          5 kB
          Abd K

          Issue Links

            Activity

              People

              • Assignee:
                coheigea Colm O hEigeartaigh
                Reporter:
                cweitner Chris Weitner
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: