Versions Compared

Old Version 12

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version 13

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

security.sts.client

A reference to the STSClient class used to communicate with the STS.

security.sts.applies-to

The "AppliesTo" address to send to the STS. The default is the endpoint address of the service provider.

security.sts.token.usecert

If true, writes out an X509Certificate structure in UseKey/KeyInfo. If false (the default), writes out a KeyValue structure instead.

security.sts.token.do.cancel

Whether to cancel a token when using SecureConversation after successful invocation. The default is "false".

security.issue.after.failed.renew

Whether to fall back to calling "issue" after failing to renew an expired token. The default is "true".

security.cache.issued.token.in.endpoint

Set this to "false" to not cache a SecurityToken per proxy object in the IssuedTokenInterceptorProvider. This should be done if a token is being retrieved from an STS in an intermediary. The default value is "true".

security.sts.disable-wsmex-call-using-epr-address

Whether to avoid STS client trying send WS-MetadataExchange call using STS EPR WSA address when the endpoint contract contains no WS-MetadataExchange info. The default value is "false".

security.sts.token.crypto

A Crypto object to be used for the STS. See here for more information.

security.sts.token.properties

The Crypto property configuration to use for the STS. See here for more information.

security.sts.token.username

The alias name in the keystore to get the user's public key to send to the STS for the PublicKey KeyType case.

security.sts.token.act-as

The token to be sent to the STS in an "ActAs" field. See here for more information.

security.sts.token.on-behalf-of

The token to be sent to the STS in an "OnBehalfOf" field. See here for more information.

security.issue.after.failed.renewWhether to call "Issue" if a token "Renew" fails. Some STSs do not support the renew binding. Defaults to "true".
security.sts.token.imminent-expiry-valueThe value in seconds within which a token is considered to be expired by the client, i.e. it is considered to be expired if it will expire in a time less than the value specified by this tag. The default value is "10" for CXF 3.0.2+, and "0" for CXF 2.7.13+.
security.sts.token.cacher.impl CXF 3.1.11

An implementation of the STSTokenCacher interface, if you want to plug in custom caching behaviour for STS clients. The default value is the DefaultSTSTokenCacher.

security.sts.check.for.recursive.call CXF 3.3.3/3.2.10

Check that we are not invoking on the STS using its own IssuedToken policy - in which case wewill end up with a recursive loop. This check might be a problem in the unlikely scenario that the remote endpoint has the same service / port QName as the STS, so this configuration flag allows to disable this check for that scenario. The default is "true".

Backwards compatibility

Users of Apache CXF prior to 3.1.0 do not need to make any adjustment to their code or spring files. The older "ws-" prefix associated with the configuration tags above will continue to be accepted.