I'm using Rampart as my WS-Security module over Axis2.
My policy XML file is below:
<wsp:Policy wsu:Id="UsernameToken"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>>
<sp:IncludeTimestamp />
</wsp:Policy>
</sp:TransportBinding>
<sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:passwordType>PasswordText</ramp:passwordType>
</ramp:RampartConfig>
It's working OK as shown in the below SOAP call:
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
<wsu:Created>2013-12-24T12:55:39.089Z</wsu:Created>
<wsu:Expires>2013-12-24T13:00:39.089Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-2">
<wsse:Username>username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
What I would like to do is configure the Created value so it is not necessarily bound to the server time, and also configure the duration between Created and Expires.
How can I do that?
Ok so I'm answering my own question.
It seems like there is no point in setting different timestamps as, per standards, the Timestamp should be sent in UTC format.
As for the TTL, this can be configured from the policy.xml file:
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:timestampTTL>600</ramp:timestampTTL>
<ramp:timestampMaxSkew>600</ramp:timestampMaxSkew>
<ramp:RampartConfig>
I will keep the thread open for a day or two to see if anyone else would like to present a different opinion.