Skip to Main Content
Forums

Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

XWS-Security 2.0EA2 - The creation time is ahead of the current time

843833Jun 27 2006 — edited Jun 28 2006
I'm hitting a problem with XWS-Security 2.0 whereby authentication by the web service is failing when a UsernameToken is passed in the SOAP header and the <wsu:Created> value of the token is formatted to millisecond detail and the millisecond value is greater than 90 millis.

The following UsernameToken (with a Created value of 2006-06-27T23:22:26.899Z) fails authentication reporting a SOAPFaultException 'The creation time is ahead of the current time.'

<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-huYxlmSPKFiI1iQhDKPOsmsc">
<wsse:Username>serviceUser2</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">****</wsse:Password>
<wsse:Nonce>aMcfylsmZJ0/Oh3fZ3qicA==</wsse:Nonce>
<wsu:Created>2006-06-27T23:22:26.899Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</env:Header>

however the following UsernameToken (with a Created value of 2006-06-28T00:43:52.042Z) passes authentication:-

<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-7ozZdhq1seImy_vP_65rRLDs">
<wsse:Username>serviceUser2</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">****</wsse:Password>
<wsse:Nonce>mU58cyORYp1Da0jmO+PDhg==</wsse:Nonce>
<wsu:Created>2006-06-28T00:43:52.042Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</env:Header>

If milliseconds are not provided authentication is successful however Weblogics implementation of Web Services formats the Created value to millisecond detail.

Has anyone hit this problem and found a solution?

Thanks
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jul 26 2006
Added on Jun 27 2006
#java-technologies-for-web-services
1 comment
512 views