Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-554

Improved error message for timestamp in the future

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: 1.6.18
    • Fix Version/s: 2.0.6, 2.1.4
    • Component/s: WSS4J Core
    • Labels:
      None
    • Environment:
      Any

      Description

      The error message "The message is expired" (WSSecurityException.MESSAGE_EXPIRED) is returned for the case of
      timeStamp.isExpired() as well as when the created timestamp is in the future
      in the org.apache.ws.security.validate.TimestampValidator.

      When a client has a clock set a few minutes in the future (or past), their timestamp fails verification in the verifyCreated method in the Timestamp, the return of message expired is misleading and can cause a user to look in the wrong place. Maybe "The message timestamp is out of range!?"

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              rudster Rudi Grasmuck
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: