wss4j doesn't see security header

Question

I try to validate security header expiration using wss4j:

List<WSSecurityEngineResult> resultList = wsSecurityEngine.processSecurityHeader(doc,
                "Actor", callbackHandler, crypto);

But wss4j doesn't see header content and result is null.

soap request:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                   xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                   soapenv:mustUnderstand="1">
        <wsu:Timestamp wsu:Id="TS-CC2DD79172C7EFA866147066307733352">
            <wsu:Created>2016-08-08T13:31:17.333Z</wsu:Created>
            <wsu:Expires>2016-08-09T13:31:17.333Z</wsu:Expires>
        </wsu:Timestamp>
    </wsse:Security>
</soapenv:Header>
<soapenv:Body>

</soapenv:Body>

It doesn't throw any exception. Just security header is ignored. In debug it can find all ChildNodes (soapenv:Header, wsse:Security etc.)

Can you post the code of "crypto" as well. Referencing this https://ws.apache.org/wss4j/config.html , i understand by default this property is true , but you try setting it explicitly > TIMESTAMP_STRICT timestampStrict Set whether to enable strict Timestamp handling, i.e. throw an exception if the current receiver time is past the Expires time of the Timestamp. Default is "true". — Ramachandran.A.G, Aug 09 '16 at 06:36

wss4j doesn't see security header

0 Answers0