Announcement Announcement Module
Collapse
No announcement yet.
SWS, XWSS and Timestamp Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SWS, XWSS and Timestamp

    Hello,

    I've got problems with Timestamp verification using XwsSecurityInterceptor.

    Signature for both Body and Timestamp is verified without any problems, but I can provide any Created/Expires date - no matter if they are in past or future, all dates are accepted.

    Am I doing something wrong or is it bug?

    I remember using older version of Spring-WS (1.0.x) in other application and we've got a lot of troubles with different dates on our servers - so timestamp verification worked well Now only difference is application server - Weblogic instead of JBoss but I don't know if that matters (using the same stack of frameworks).

    Code:
        <bean id="xwsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
            <property name="policyConfiguration" value="classpath:securityPolicy.xml"/>
            <property name="callbackHandlers">
                <list>
                    <ref bean="keyStoreHandler"/>
                </list>
            </property>
    </bean>
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
    	<xwss:RequireSignature>
    		<xwss:X509Token certificateAlias="${service.trustStore.alias}" />
    	</xwss:RequireSignature>
    </xwss:SecurityConfiguration>
    Tried with and without requireTimestamp="true" - documentation says true is default value, so this shouldn't matter.
    Also tried setting different times:
    Code:
    <xwss:RequireTimestamp maxClockSkew="60" timestampFreshnessLimit="300" />
    No difference.

    Any suggestions?
Working...
X