Page History

ws-security.username

The username used for UsernameToken policy assertions user's name. It is used differently by each of the WS-Security functions, see here for more information.

ws-security.password

The password used for UsernameToken policy assertions. If not specified, the callback handler will be called. user's password when "ws-security.callback-handler The WSS4J security CallbackHandler that will be used to retrieve passwords for keystores and UsernameTokens" is not defined. It is currently only used for the case of adding a password to a UsernameToken.

ws-security.signature.properties username

The user's name for signature. It is used as the alias name in the keystore to get the user's cert and private key for signature. See here for more information. The properties file/object that contains the WSS4J properties for configuring the signature keystore and crypto objects

ws-security.encryption.properties The properties file/object that contains the WSS4J properties for configuring the encryption keystore and crypto objects username

The user's name for encryption. It is used as the alias name in the keystore to get the user's public key for encryption. See here for more information.

ws-security.callback-handler

The CallbackHandler implementation class used to obtain passwords.

ws-security.saml-callback-handler

The SAML CallbackHandler implementation class used to construct SAML Assertions.

ws-security.signature.username properties

The username or alias for the key in the signature keystore that will be used. If not specified, it uses the the default alias set in the properties file. If that's also not set, and the keystore only contains a single key, that key will be usedCrypto property configuration to use for signature, if "ws-security.signature.crypto" is not set instead.

ws-security.encryption.username properties

The username or alias for the key in the encryption keystore that will be used. If not specified, it uses the the default alias set in the properties file. If that's also not set, and the keystore only contains a single key, that key will be used. For the web service provider, the useReqSigCert keyword can be used to accept (encrypt to) any client whose public key is in the service's truststore (defined in Crypto property configuration to use for encryption, if "ws-security.encryption.properties.) crypto" is not set instead.

ws-security.signature.crypto Instead

of specifying the signature properties, this can point to the full WSS4J Crypto object. This can allow easier "programmatic" configuration of the Crypto information." A Crypto object to be used for signature. If this is not defined then "ws-security.signature.properties" is used instead.

ws-security.encryption.crypto Instead of specifying the encryption properties, this can point to the full WSS4J Crypto object. This can allow easier "programmatic" configuration of the Crypto information."

A Crypto object to be used for encryption. If this is not defined then "ws-security.encryption.properties" is used instead.

ws-security.subject.cert.constraints

This configuration tag is a comma separated String of regular expressions which will be applied to the subject DN of the certificate used for signature validation, after trust verification of the certificate chain associated with the certificate. These constraints are not used when the certificate is contained in the keystore (direct trust).

ws-security.is-bsp-compliant

Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not. The default value is "true".

ws-security.timestamp.futureTimeToLive

This configuration tag specifies the time in seconds in the future within which the Created time of an incoming Timestamp is valid. WSS4J rejects by default any timestamp which is "Created" in the future, and so there could potentially be
problems in a scenario where a client's clock is slightly askew. The default value for this parameter is "0", meaning that no future-created Timestamps are allowed.