Hello,

I've got problems with Timestamp verification using XwsSecurityInterceptor.

Signature for both Body and Timestamp is verified without any problems, but I can provide any Created/Expires date - no matter if they are in past or future, all dates are accepted.

Am I doing something wrong or is it bug?

I remember using older version of Spring-WS (1.0.x) in other application and we've got a lot of troubles with different dates on our servers - so timestamp verification worked well Now only difference is application server - Weblogic instead of JBoss but I don't know if that matters (using the same stack of frameworks).

Code:
    <bean id="xwsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
        <property name="policyConfiguration" value="classpath:securityPolicy.xml"/>
        <property name="callbackHandlers">
            <list>
                <ref bean="keyStoreHandler"/>
            </list>
        </property>
</bean>
Code:
<?xml version="1.0" encoding="UTF-8"?>
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
	<xwss:RequireSignature>
		<xwss:X509Token certificateAlias="${service.trustStore.alias}" />
	</xwss:RequireSignature>
</xwss:SecurityConfiguration>
Tried with and without requireTimestamp="true" - documentation says true is default value, so this shouldn't matter.
Also tried setting different times:
Code:
<xwss:RequireTimestamp maxClockSkew="60" timestampFreshnessLimit="300" />
No difference.

Any suggestions?