[SOLVED] How to configure Timestamp created/expires in Rampart

How to configure Timestamp created/expires in Rampart

I'm using Rampart as my WS-Security module over Axis2.

My policy XML file is below:

<wsp:Policy wsu:Id="UsernameToken"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<wsp:ExactlyOne>
    <wsp:All>
        <sp:TransportBinding
            xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>>
                <sp:IncludeTimestamp />
            </wsp:Policy>
        </sp:TransportBinding>
        <sp:SupportingTokens
            xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
            <wsp:Policy>
                <sp:UsernameToken
                    sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" />
            </wsp:Policy>
        </sp:SupportingTokens>
    </wsp:All>
</wsp:ExactlyOne>

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
    <ramp:passwordType>PasswordText</ramp:passwordType>
</ramp:RampartConfig>

It's working OK as shown in the below SOAP call:

  <soapenv:Header>
     <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
        <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
           <wsu:Created>2013-12-24T12:55:39.089Z</wsu:Created>
           <wsu:Expires>2013-12-24T13:00:39.089Z</wsu:Expires>
        </wsu:Timestamp>
        <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
           <wsse:Username>username</wsse:Username>
           <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
        </wsse:UsernameToken>
     </wsse:Security>
  </soapenv:Header>

What I would like to do is configure the Created value so it is not necessarily bound to the server time, and also configure the duration between Created and Expires.

How can I do that?

Solution

Ok so I'm answering my own question.

It seems like there is no point in setting different timestamps as, per standards, the Timestamp should be sent in UTC format.

As for the TTL, this can be configured from the policy.xml file:

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
  <ramp:timestampTTL>600</ramp:timestampTTL>
  <ramp:timestampMaxSkew>600</ramp:timestampMaxSkew>
<ramp:RampartConfig>

I will keep the thread open for a day or two to see if anyone else would like to present a different opinion.