2 Replies Latest reply on Sep 25, 2008 2:06 AM by gressho

    timestamp and WS-Security

    gressho Newbie

      Hello,

      since JBossWS 3.0.2 a timestamp-verification tag is available. So I've deployed
      a server configuration file like the following:

      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.jboss.com/ws-security/config
       http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
       <key-store-file>META-INF/ikmapp.jks</key-store-file>
       <key-store-password>xxx</key-store-password>
       <key-store-type>jks</key-store-type>
       <trust-store-file>META-INF/wsse10.truststore</trust-store-file>
       <trust-store-password>xxx</trust-store-password>
      
       <config>
       <timestamp ttl="300"/>
       <timestamp-verification createdTolerance="30" warnCreated="false" expiresTolerance="10" warnExpires="false"/>
       <requires>
       <signature/>
       </requires>
       </config>
      
      </jboss-ws-security>
      


      The result is questionable. I'm calling a service and get an exception. The log claims
      the message is from the future. When I update the time of my system by ntp I receive
      normally a variance of about -0.052230 sec and fewer!
      I even tried to deactivate timestamps on my client but with no result.
      Our server is a cluster based on JBoss 4.2.3 (JDK 6) with JBossWS 3.0.3 installed.
      Has anybody a solution for this?

      Best wishes

      Werner

        • 1. Re: timestamp and WS-Security
          Alan Feng Novice

          I think the timestamp-verification tag is out side of the config tag. Something like this:

          <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://www.jboss.com/ws-security/config
           http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
           <key-store-file>META-INF/ikmapp.jks</key-store-file>
           <key-store-password>xxx</key-store-password>
           <key-store-type>jks</key-store-type>
           <trust-store-file>META-INF/wsse10.truststore</trust-store-file>
           <trust-store-password>xxx</trust-store-password>
          
           <config>
           <requires>
           <signature/>
           </requires>
           </config>
          
           <timestamp-verification createdTolerance="30" warnCreated="false" expiresTolerance="10" warnExpires="false"/>
          </jboss-ws-security>
          


          The setting works as we just deployed a soap service and using this setting to avoid the "future timestamp" exception.

          Not sure if the existing is still needed or not but we removed it.

          It would be nice to have the XSD published... the schema location given is not valid.

          • 2. Re: timestamp and WS-Security
            gressho Newbie

            Oh, great, it works now as expected!!!
            Think you're right, the XSD should be published.