Wrong validation of Timestamp/Created value: always default TimeToLive is used
(300 sec.)
-----------------------------------------------------------------------------------------
Key: CXF-2746
URL: https://issues.apache.org/jira/browse/CXF-2746
Project: CXF
Issue Type: Bug
Components: WS-* Components
Affects Versions: 2.2.7
Reporter: Nikolay Khasanov
I can see two validations of Timestamp during executing
WSS4JInInterceptor.handleMessage() method.
First checks Timestamp/Expires value and looks good, but next one contains
errors:
When WSS4JInInterceptor.handleMessage() method calls verifyTimestamp(timestamp,
decodeTimeToLive(reqData))) second parameter is always 300. I didn't found any
places where ttl value is set for RequestData - so default value eq 300 is
always retured.
It is expected that ttl value will equal (Timestamp/Expires -
Timestamp/Created)/1000
At the same time if Timestamp/Expires value is absent then message will never
expire.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
