...
constant | default | definition |
ws-security.validate.token | true | Whether to validate the password of a received UsernameToken or not. |
ws-security.username-token.always.encrypted | true | Whether to always encrypt UsernameTokens that are defined as a SupportingToken. This should not be set to false in a production environment, as it exposes the password (or the digest of the password) on the wire. |
ws-security.is-bsp-compliant | true | Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not. |
ws-security.self-sign-saml-assertion | false | Whether to self-sign a SAML Assertion or not. If this is set to true, then an enveloped signature will be generated when the SAML Assertion is constructed. Only applies up to CXF 2.7.x. |
ws-security.enable.nonce.cache | (varies) | Whether to cache UsernameToken nonces. See here for more information. |
ws-security.enable.timestamp.cache | (varies) | Whether to cache Timestamp Created Strings. See here for more information. |
ws-security.enable.saml.cache | (varies) | Whether to cache SAML2 Token Identifiers, if the token contains a "OneTimeUse" Condition. |
ws-security.enable.streaming | false | Whether to enable streaming WS-Security. |
ws-security.return.security.error | false | Whether to return the security error message to the client, and not one of the default error QNames. |
ws-security.must-understand | true | Set this to "false" in order to remove the SOAP mustUnderstand header from security headers generated based on a WS-SecurityPolicy. |
ws-security.store.bytes.in.attachment | (varies) | CXF 3.1.3/3.0.6 Whether to store bytes (CipherData or BinarySecurityToken) in an attachment if MTOM is enabled. True by default in CXF 3.1.x, false for CXF 3.0.x. |
ws-security.use.str.transform | true | CXF 3.1.5/3.0.8 Whether to use the STR (Security Token Reference) Transform when (externally) signing a SAML Token. The default is true. |
ws-security.add.inclusive.prefixes | true | CXF 3.1.7/3.0.10 Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS. |
Non-boolean WS-Security Configuration parameters
...