Forum Home » Fuse Distributions » Fuse Services Framework

Thread: Ws-Security - Possible to process Timestamp element without wsu: prefix?

 

Permlink Replies: 1 - Last Post: Nov 25, 2011 2:46 AM Last Post By: ffang
jacovantonder

Posts: 1
Registered: 11/24/11
Ws-Security - Possible to process Timestamp element without wsu: prefix?
Posted: Nov 24, 2011 2:49 PM
  Click to reply to this thread Reply
Hello guys,

I have a problem with a web service client not sending a WS Security Timestamp element as expected.

Here is a snippet of the request from the client, that fails:

----8<----
<wsu:Timestamp Id="Timestamp-583e2b79-79e7-4505-ba80-890d6a129048" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<Created>2011-11-24T11:57:19Z</Created>
<Expires>2011-11-24T16:57:19Z</Expires>
</wsu:Timestamp>
---->8----

Request Processing Debug Log:
----8<----
13:57:29,578 DEBUG TimestampProcessor:46 - Found Timestamp list element
13:57:29,578 WARN WSS4JInInterceptor:307 -
org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header (WSSecurityEngine: Invalid timestamp {0})
at org.apache.ws.security.message.token.Timestamp.<init>(Timestamp.java:128)
at org.apache.ws.security.processor.TimestampProcessor.handleToken(TimestampProcessor.java:52)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
....
---->8----

If the client changes his request to include the wsu namespace prefix, the call succeeds:

----8<----
<wsu:Timestamp Id="Timestamp-dcb89891-c619-4704-8c6c-d3dc1eedb046" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2011-11-24T11:28:00Z</wsu:Created>
<wsu:Expires>2011-11-24T16:28:00Z</wsu:Expires>
</wsu:Timestamp>
---->8----

Request Processing Debug Log:
----8<----
13:28:26,107 DEBUG TimestampProcessor:46 - Found Timestamp list element
13:28:26,108 DEBUG Timestamp:151 - Current time: 2011-11-24T11:28:26.107Z
13:28:26,108 DEBUG Timestamp:156 - Timestamp created: 2011-11-24T11:28:00.000Z
13:28:26,109 DEBUG Timestamp:162 - Timestamp expires: 2011-11-24T16:28:00.000Z
13:28:26,109 DEBUG Timestamp:342 - Validation of Timestamp: Everything is ok
---->8----

I have looked at the WSS4J Timestamp processesing code and it seems like it is indeed expecting the wsu namespace prefix.

My question is this: Should the namespace that is defined on the Timestamp element not automatically pull through to the child elements at processing time?

Thank you,
---Jaco
ffang

Posts: 1,320
Registered: 12/24/07
Re: Ws-Security - Possible to process Timestamp element without wsu: prefix?
Posted: Nov 25, 2011 2:46 AM   in response to: jacovantonder in response to: jacovantonder
  Click to reply to this thread Reply
Hi,

No, as
<wsu:Timestamp Id="Timestamp-583e2b79-79e7-4505-ba80-890d6a129048" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<Created>2011-11-24T11:57:19Z</Created>
<Expires>2011-11-24T16:57:19Z</Expires>
</wsu:Timestamp>
and
<wsu:Timestamp Id="Timestamp-dcb89891-c619-4704-8c6c-d3dc1eedb046" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Created>2011-11-24T11:28:00Z</wsu:Created>
<wsu:Expires>2011-11-24T16:28:00Z</wsu:Expires>
</wsu:Timestamp>
actually are different xml fragment, you can't miss namespace for child element otherwise it just use the default namespace(empty if not declare a default namespace)

Freeman