Page History

constant

default

definition

ws-security.validate.token

true

Whether to validate the password of a received UsernameToken or not.

ws-security.enableRevocation

false

Whether to enable Certificate Revocation List (CRL) checking or not when verifying trust in a certificate.

ws-security.username-token.always.encrypted

true

Whether to always encrypt UsernameTokens that are defined as a SupportingToken. This should not be set to false in a production environment, as it exposes the password (or the digest of the password) on the wire.

ws-security.is-bsp-compliant

true

Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not.

ws-security.self-sign-saml-assertion

false

Whether to self-sign a SAML Assertion or not. If this is set to true, then an enveloped signature will be generated when the SAML Assertion is constructed. Only applies up to CXF 2.7.x.

ws-security.enable.nonce.cache

(varies)

Whether to cache UsernameToken nonces. See here for more information.

ws-security.enable.timestamp.cache

(varies)

Whether to cache Timestamp Created Strings. See here for more information.

Whether to return the security error message to the client, and not one of the default error QNames.

Set this to "false" in order to remove the SOAP mustUnderstand header from security headers generated based on a WS-SecurityPolicy.

If this is set to "true", then IF the SAML Token contains Audience Restriction URIs, one of them must match either the request URL or the Service QName. The default is "true" for CXF 3.0.x, and "false" for 2.7.x.