...
constant | default | definition |
ws-security.validate.token | true | Whether to validate the password of a received UsernameToken or not. |
ws-security.username-token.always.encrypted | true | Whether to always encrypt UsernameTokens that are defined as a SupportingToken. This should not be set to false in a production environment, as it exposes the password (or the digest of the password) on the wire. |
ws-security.is-bsp-compliant | true | Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not. |
ws-security.self-sign-saml-assertion | false | Whether to self-sign a SAML Assertion or not. If this is set to true, then an enveloped signature will be generated when the SAML Assertion is constructed. Only applies up to CXF 2.7.x. |
ws-security.enable.nonce.cache | (varies) | Whether to cache UsernameToken nonces. See here for more information. |
ws-security.enable.timestamp.cache | (varies) | Whether to cache Timestamp Created Strings. See here for more information. |
ws-security.enable.saml.cache | (varies) | Whether to cache SAML2 Token Identifiers, if the token contains a "OneTimeUse" Condition. |
ws-security.enable.streaming | false | Whether to enable streaming WS-Security. |
ws-security.return.security.error | false | Whether to return the security error message to the client, and not one of the default error QNames. |
ws-security.must-understand | true | Set this to "false" in order to remove the SOAP mustUnderstand header from security headers generated based on a WS-SecurityPolicy. |
ws-security.store.bytes.in.attachment | (varies) | CXF 3.1.3/2.0.6 Whether to store bytes (CipherData or BinarySecurityToken) in an attachment if MTOM is enabled. True by default in CXF 3.1.x, false for CXF 3.0.x. |
Non-boolean WS-Security Configuration parameters
...