xwss
  1. xwss
  2. XWSS-6

Timestamp validation failes at milliseconds

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: current
    • Fix Version/s: milestone 1
    • Component/s: www
    • Labels:
      None
    • Environment:

      Operating System: Windows XP
      Platform: All

    • Issuezilla Id:
      6

      Description

      Hi,

      i'm using JWSDP2 and XWS-Security.
      I creating a WS(-application) and a WS-Client to test my web service.
      The WS-Client is also done with JDWSDP2.
      That's my (client) security info:

      <xwss:Service conformance= "bsp">
      <xwss:SecurityConfiguration dumpMessages="true" >
      <xwss:UsernameToken digestPassword="true" useNonce="true"/>
      </xwss:SecurityConfiguration>
      </xwss:Service>

      My server needs the create timestamp(for password digest). If my JWSDP2-Client
      creates it, it's working fine but it looks as follows:
      <wsu:Created>2006-10-10T14:33:39Z</wsu:Created>

      But if i use Axis with xmlsec-1.3.0 as my client technology, it creates a
      timestamp which is looking as the following line:
      <wsu:Created>2006-10-10T12:59:34.150Z</wsu:Created>

      As you can see, XMLSEC of Apache includes milli seconds. That's why JWSDP on my
      server creates this exception:

      "com.sun.xml.wss.impl.callback.TimestampValidationCallback$TimestampValidationException:
      The creation time is ahead of the current time".

      I think it's related to this bug report:
      http://forum.java.sun.com/thread.jspa?forumID=331&threadID=748336

      Please fix it. Can you notify me please, if this bug is fixed in a (nightly)
      build.

      Ingo

        Activity

        Hide
        kumarjayanti added a comment -

        Hi,

        Can you try with the latest jars available at :

        https://xwss.dev.java.net/files/documents/4864/36186/xwss-2.0.zip

        I guess this should fix your problem, because we had some other user report
        this issue earlier and to the best of my knowledge we fixed it.

        unzip the jar and copy this updated xws-security.jar to both your client and
        server environments.

        <jwspd.home>/xws-security/lib and <container.home>/xws-security/lib

        I shall wait for your confirmation before trying to investigate any further fix.

        Please note that TimeStampValidation can now be handled by the users if they
        so desire. This can be done by handling the TimestampValidationCallback in the
        CallbackHandler.

        } else if (callbacks[i] instanceof TimestampValidationCallback)

        { TimestampValidationCallback cb = (TimestampValidationCallback)callbacks[i]; // handle timestamp validation here // by calling cb.setValidator(<validator instance>); }

        The TimestampValidator should implement:

        com.sun.xml.wss.impl.TimestampValidationCallback.TimestampValidator interface

        Show
        kumarjayanti added a comment - Hi, Can you try with the latest jars available at : https://xwss.dev.java.net/files/documents/4864/36186/xwss-2.0.zip I guess this should fix your problem, because we had some other user report this issue earlier and to the best of my knowledge we fixed it. unzip the jar and copy this updated xws-security.jar to both your client and server environments. <jwspd.home>/xws-security/lib and <container.home>/xws-security/lib I shall wait for your confirmation before trying to investigate any further fix. Please note that TimeStampValidation can now be handled by the users if they so desire. This can be done by handling the TimestampValidationCallback in the CallbackHandler. } else if (callbacks [i] instanceof TimestampValidationCallback) { TimestampValidationCallback cb = (TimestampValidationCallback)callbacks[i]; // handle timestamp validation here // by calling cb.setValidator(<validator instance>); } The TimestampValidator should implement: com.sun.xml.wss.impl.TimestampValidationCallback.TimestampValidator interface
        Hide
        res1st added a comment -

        Hi,

        sorry i forgot to tell that i already tried the latest build and i'm still
        using it. But it doesn't solve the problem.
        I've a few sample values here.

        This Axis timestamps does NOT work:
        2006-10-10T12:59:15.911Z
        2006-10-10T12:59:18.364Z
        2006-10-10T12:59:20.520Z
        2006-10-10T12:59:22.645Z

        This Axis timestamps are working:

        2006-10-10T12:59:34.050Z
        2006-10-10T13:04:18.022Z
        2006-10-10T13:06:13.064Z

        Thanks for looking for the bug.

        Ingo

        Show
        res1st added a comment - Hi, sorry i forgot to tell that i already tried the latest build and i'm still using it. But it doesn't solve the problem. I've a few sample values here. This Axis timestamps does NOT work: 2006-10-10T12:59:15.911Z 2006-10-10T12:59:18.364Z 2006-10-10T12:59:20.520Z 2006-10-10T12:59:22.645Z This Axis timestamps are working: 2006-10-10T12:59:34.050Z 2006-10-10T13:04:18.022Z 2006-10-10T13:06:13.064Z Thanks for looking for the bug. Ingo
        Hide
        shyam_rao added a comment -

        Are you using jwsdp2 security sample for server? If yes, then look into the file
        <jwsdp2_home>/xws-security/samples/jaxws2.0/simple/src/simple/server/SecurityEnvironmentHandler.java

        and search for DefaultTimestampValidator class. In this class, there is a
        statement :
        SimpleDateFormat calendarFormatter2 = new
        SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.'sss'Z'");

        Just replace this statement with,
        SimpleDateFormat calendarFormatter2 = new
        SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'");

        Here millisecond format is not proper, thats the reason while validating the
        timestamp, its treating milliseconds as seconds. Due to which, created time is
        changing before validating it.

        Let me know, if you face any problem.

        Show
        shyam_rao added a comment - Are you using jwsdp2 security sample for server? If yes, then look into the file <jwsdp2_home>/xws-security/samples/jaxws2.0/simple/src/simple/server/SecurityEnvironmentHandler.java and search for DefaultTimestampValidator class. In this class, there is a statement : SimpleDateFormat calendarFormatter2 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.'sss'Z'"); Just replace this statement with, SimpleDateFormat calendarFormatter2 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'"); Here millisecond format is not proper, thats the reason while validating the timestamp, its treating milliseconds as seconds. Due to which, created time is changing before validating it. Let me know, if you face any problem.
        Hide
        shyam_rao added a comment -

        It is fixed.

        Show
        shyam_rao added a comment - It is fixed.
        Hide
        kumarjayanti added a comment -

        Please get the Latest XWSS jars with the fix at :
        https://xwss.dev.java.net/files/documents/4864/36186/xwss-2.0.zip

        For obtaining fixes in samples please checkout xwss2.0 workspace.
        cvs -d :pserver:yourid@cvs.dev.java.net:/cvs co -r XWSS_2_0 xwss/xwss-ri

        and cd wspack-samples and look for the fixed SecurityEnvironmentHandler classes.

        Show
        kumarjayanti added a comment - Please get the Latest XWSS jars with the fix at : https://xwss.dev.java.net/files/documents/4864/36186/xwss-2.0.zip For obtaining fixes in samples please checkout xwss2.0 workspace. cvs -d :pserver:yourid@cvs.dev.java.net:/cvs co -r XWSS_2_0 xwss/xwss-ri and cd wspack-samples and look for the fixed SecurityEnvironmentHandler classes.

          People

          • Assignee:
            xwss-issues
            Reporter:
            res1st
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: