...
constant | default | definition |
ws-security.validate.token | true | Whether to validate the password of a received UsernameToken or not. |
ws-security.username-token.always.encrypted | true | Whether to always encrypt UsernameTokens that are defined as a SupportingToken. This should not be set to false in a production environment, as it exposes the password (or the digest of the password) on the wire. |
ws-security.is-bsp-compliant | true | Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not. |
ws-security.self-sign-saml-assertion | false | Whether to self-sign a SAML Assertion or not. If this is set to true, then an enveloped signature will be generated when the SAML Assertion is constructed. Only applies up to CXF 2.7.x. |
ws-security.enable.nonce.cache | (varies) | Whether to cache UsernameToken nonces. See here for more information. |
ws-security.enable.timestamp.cache | (varies) | Whether to cache Timestamp Created Strings. See here for more information. |
ws-security.enable.saml.cache | (varies) | Whether to cache SAML2 Token Identifiers, if the token contains a "OneTimeUse" Condition. |
ws-security.enable.streaming | false | Whether to enable streaming WS-Security. |
ws-security.return.security.error | false | Whether to return the security error message to the client, and not one of the default error QNames. |
ws-security.must-understand | true | Set this to "false" in order to remove the SOAP mustUnderstand header from security headers generated based on a WS-SecurityPolicy. |
ws-security.store.bytes.in.attachment | (varies) | CXF 3.1.3/3.0.6 Whether to store bytes (CipherData or BinarySecurityToken) in an attachment if MTOM is enabled. True by default in CXF 3.1.x, false for CXF 3.0.x. |
ws-security.use.str.transform | true | CXF 3.1.5/3.0.8 Whether to use the STR (Security Token Reference) Transform when (externally) signing a SAML Token. The default is true. |
ws-security.add.inclusive.prefixes | true | CXF 3.1.7 Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS. |
ws-security.expand.xop.include | (varies) | CXF 3.3.3/3.2.10 Whether to search for and expand xop:Include Elements for encryption and signature (on the outbound side) or for signature verification (on the inbound side). This ensures that the actual bytes are signed, and not just the reference. The default is "true" if MTOM is enabled, false otherwise. |
...