WS Security - wsu:Timestamp/@wsu:Id incorrectly implemented
When calling the HelloService from the 'simple sign' example of jbossws-samples-1.0.3.GA\wssecurity, a WSSecurityException is thrown indicating the Timestamp element is missing an Id. This error only occurs when the webservice client is generated by JDeveloper since it does not generate a wsu:id. When creating a client using jboss' wsse client configuration, the wsu:id does get generated in the soap message and the call succeeds without any problems.
According to http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf this id should be optional:
/wsu:Timestamp/@wsu:Id
1863 This optional attribute specifies an XML Schema ID that can be used to reference this
1864 element (the timestamp). This is used, for example, to reference the timestamp in a XML
1865 Signature.
However looking at the source for org.jboss.ws.wsse.element.Timestamp, id is being handled as required.
if (id == null || id.length() == 0)
throw new WSSecurityException("Invalid message, Timestamp is missing an id");
So my question is: Is this a bug in JBossws' implementation of the WS Security spec or am I looking at the wrong spec/version?
Thanks,
Mario
ERROR [org.jboss.ws.wsse.WSSecurityDispatcher] Internal error occured handling inbound message: org.jboss.ws.wsse.WSSecurityException: Invalid message, Timestamp is missing an id at org.jboss.ws.wsse.element.Timestamp.<init>(Timestamp.java:66) at org.jboss.ws.wsse.element.SecurityHeader.<init>(SecurityHeader.java:85) at org.jboss.ws.wsse.SecurityDecoder.decode(SecurityDecoder.java:182) at org.jboss.ws.wsse.WSSecurityDispatcher.handleInbound(WSSecurityDispatcher.java:143) at org.jboss.ws.wsse.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:68) at org.jboss.ws.wsse.WSSecurityHandlerInbound.handleRequest(WSSecurityHandlerInbound.java:42) at org.jboss.ws.handler.HandlerWrapper.handleRequest(HandlerWrapper.java:121) at org.jboss.ws.handler.HandlerChainBaseImpl.handleRequest(HandlerChainBaseImpl.java:245) at org.jboss.ws.handler.ServerHandlerChain.handleRequest(ServerHandlerChain.java:53) at org.jboss.ws.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:224) at org.jboss.ws.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:97) at org.jboss.ws.server.ServiceEndpoint.handleRequest(ServiceEndpoint.java:209) at org.jboss.ws.server.ServiceEndpointManager.processSOAPRequest(ServiceEndpointManager.java:355) at org.jboss.ws.server.StandardEndpointServlet.doPost(StandardEndpointServlet.java:115) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.jboss.ws.server.StandardEndpointServlet.service(StandardEndpointServlet.java:76) at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595)
