WSSE Created Bug?

[tobinharris]

I'm trying to authenticate with Savon and WSSE, moving away from soap4r. My soap4r auth header code was this.

class WsseAuthHeader < SOAP::Header::SimpleHandler
  NAMESPACE = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
  USERNAME  = 'x'
  PASSWORD  = 'y'

  def initialize()
    super(XSD::QName.new(NAMESPACE, 'Security'))
  end

  def on_simple_outbound
    {"UsernameToken" => {"Username" => USERNAME, "Password" => PASSWORD}}
  end
end

In Savon, I'm setting these values

Savon::WSSE.username = "x"
Savon::WSSE.password = "y"

But I get an error InvalidSecurityToken fault.

An invalid security token was provided; WSE547: An invalid Created element was found. WSE063: The timestamp 2010-01-27T17:13:15 in the message is not valid. It must be in this UTC format: yyyy-MM-ddTHH:mm:ssZ.

Have messed about scouring the issues, but can't find a way passed this. Any suggestions welcome.

T

[rubiii]

hey man,

currently i don't have any ways to test this behaviour, so i put together a dev version for you to download and test. it's located at: http://github.com/rubiii/savon/downloads

please just remove your current savon gem, download and install the dev version and let me know if this helps.

best,
daniel

[tobinharris]

Thanks dude.

Fixed it by doing this (sorry, it's too small for a fork!

# savon.rb
# Add a new format, note the Z
SOAPWSSEDateTimeFormat = "%Y-%m-%dT%H:%M:%SZ"

# wsse.rb
 # Returns a WSSE timestamp.
    def timestamp
      @timestamp ||= Time.now.strftime Savon::SOAPWSSEDateTimeFormat
    end   

Let me know if you want me to incorporate.

[rubiii]

that should have the same effect as the patch applied to my dev version, but thanks for letting me know. it's applied to the dev branch so this will be included in the next release.

[rubiii]

released version 0.7.3 including a patch for this issue.