Versions Compared

Old Version 53

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version 54

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

constant

default

definition

ws-security.validate.token

true

Whether to validate the password of a received UsernameToken or not.

ws-security.username-token.always.encrypted

true

Whether to always encrypt UsernameTokens that are defined as a SupportingToken. This should not be set to false in a production environment, as it exposes the password (or the digest of the password) on the wire.

ws-security.is-bsp-compliant

true

Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not.

ws-security.self-sign-saml-assertion

false

Whether to self-sign a SAML Assertion or not. If this is set to true, then an enveloped signature will be generated when the SAML Assertion is constructed. Only applies up to CXF 2.7.x.

ws-security.enable.nonce.cache

(varies)

Whether to cache UsernameToken nonces. See here for more information.

ws-security.enable.timestamp.cache

(varies)

Whether to cache Timestamp Created Strings. See here for more information.

ws-security.enable.saml.cache(varies)Whether to cache SAML2 Token Identifiers, if the token contains a "OneTimeUse" Condition.
ws-security.enable.streamingfalseWhether to enable streaming WS-Security.
ws-security.return.security.errorfalse

Whether to return the security error message to the client, and not one of the default error QNames.

ws-security.must-understandtrue

Set this to "false" in order to remove the SOAP mustUnderstand header from security headers generated based on a WS-SecurityPolicy.

ws-security.store.bytes.in.attachment(varies)CXF 3.1.3/3.0.6 Whether to store bytes (CipherData or BinarySecurityToken) in an attachment if MTOM is enabled. True by default in CXF 3.1.x, false for CXF 3.0.x.
ws-security.use.str.transformtrue

CXF 3.1.5/3.0.8 Whether to use the STR (Security Token Reference) Transform when (externally) signing a SAML Token. The default is true.

ws-security.add.inclusive.prefixestrueCXF 3.1.7 Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS.
ws-security.expand.xop.include(varies)

CXF 3.3.3/3.2.10 Whether to search for and expand xop:Include Elements for encryption and signature (on the outbound side) or for signature verification (on the inbound side). This ensures that the actual bytes are signed, and not just the reference. The default is "true" if MTOM is enabled, false otherwise.

...