Error in WS-Secured header validation(WSS4j) with UsernameToken TimeStamp for different time zone
Question
I have built a web service(top down based) in Apache CXF (2.7.11) with WSS4J with UsernameToken Timestamp feature. When I test the same with SOAP UI the server & client code seems to work fine.
But there is a client code who sends the data in IST (Indian Standard Time) timezone in WS Security header; for that, client receives the error The message has expired (WSSecurityEngine: Invalid timestamp The security semantics of the message have expired) is being thrown. Investigating I found the timezone used by WSS4J is UTC. Making the timestampStrict false in WSS4JInterceptor also did not work. Any help would be appreciated.
<jaxws:inInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken Timestamp" />
<entry key="timestampStrict" value="false"/>
<entry key="user" value="test_user" />
<entry key="passwordType" value="PasswordText" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
</jaxws:inInterceptors>
1 answers
solution1
1 2014-07-14 10:04:48
It is invalid to send a Timestamp in any time other than UTC time as per the SOAP Message Security profile: "All references MUST be in UTC time.".
Colm.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.