|
Apache CXF API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.cxf.ws.security.SecurityConstants
public final class SecurityConstants
Configuration tags used to configure the WS-SecurityPolicy layer. Some of them are also used by the non WS-SecurityPolicy approach in the WSS4J(Out|In)Interceptors.
Field Summary | |
---|---|
static String |
ACTOR
The actor or role name of the wsse:Security header. |
static Set<String> |
ALL_PROPERTIES
|
static String |
ALWAYS_ENCRYPT_UT
Whether to always encrypt UsernameTokens that are defined as a SupportingToken. |
static String |
ASYMMETRIC_SIGNATURE_ALGORITHM
This configuration tag allows the user to override the default Asymmetric Signature algorithm (RSA-SHA1) for use in WS-SecurityPolicy, as the WS-SecurityPolicy specification does not allow the use of other algorithms at present. |
static String |
BST_TOKEN_VALIDATOR
The WSS4J Validator instance to use to validate BinarySecurityTokens. |
static String |
CACHE_CONFIG_FILE
Set this property to point to a configuration file for the underlying caching implementation. |
static String |
CACHE_IDENTIFIER
The Cache Identifier to use with the TokenStore. |
static String |
CACHE_ISSUED_TOKEN_IN_ENDPOINT
Set this to "false" to not cache a SecurityToken per proxy object in the IssuedTokenInterceptorProvider. |
static String |
CALLBACK_HANDLER
The CallbackHandler implementation class used to obtain passwords, for both outbound and inbound requests. |
static String |
DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS
Whether to avoid STS client trying send WS-MetadataExchange call using STS EPR WSA address when the endpoint contract contains no WS-MetadataExchange info. |
static String |
ENABLE_NONCE_CACHE
Whether to cache UsernameToken nonces. |
static String |
ENABLE_REVOCATION
Whether to enable Certificate Revocation List (CRL) checking or not when verifying trust in a certificate. |
static String |
ENABLE_SAML_ONE_TIME_USE_CACHE
Whether to cache SAML2 Token Identifiers, if the token contains a "OneTimeUse" Condition. |
static String |
ENABLE_STREAMING_SECURITY
Whether to enable streaming WS-Security. |
static String |
ENABLE_TIMESTAMP_CACHE
Whether to cache Timestamp Created Strings (these are only cached in conjunction with a message Signature).The default value is "true" for message recipients, and "false" for message initiators. |
static String |
ENCRYPT_CRYPTO
A Crypto object to be used for encryption. |
static String |
ENCRYPT_PROPERTIES
The Crypto property configuration to use for encryption, if ENCRYPT_CRYPTO is not set instead. |
static String |
ENCRYPT_USERNAME
The user's name for encryption. |
static String |
IS_BSP_COMPLIANT
Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not. |
static String |
KERBEROS_CLIENT
A reference to the KerberosClient class used to obtain a service ticket. |
static String |
KERBEROS_JAAS_CONTEXT_NAME
The JAAS Context name to use for Kerberos. |
static String |
KERBEROS_SPN
The Kerberos Service Provider Name (spn) to use. |
static String |
MUST_UNDERSTAND
Set this to "false" in order to remove the SOAP mustUnderstand header from security headers generated based on a WS-SecurityPolicy. |
static String |
NONCE_CACHE_INSTANCE
This holds a reference to a ReplayCache instance used to cache UsernameToken nonces. |
static String |
PASSWORD
The user's password when a CALLBACK_HANDLER is not defined. |
static String |
PASSWORD_ENCRYPTOR_INSTANCE
This holds a reference to a PasswordEncryptor instance, which is used to encrypt or decrypt passwords in the Merlin Crypto implementation (or any custom Crypto implementations). |
static String |
RETURN_SECURITY_ERROR
Whether to return the security error message to the client, and not one of the default error QNames. |
static String |
SAML_CALLBACK_HANDLER
The SAML CallbackHandler implementation class used to construct SAML Assertions. |
static String |
SAML_ONE_TIME_USE_CACHE_INSTANCE
This holds a reference to a ReplayCache instance used to cache SAML2 Token Identifiers, when the token has a "OneTimeUse" Condition. |
static String |
SAML_ROLE_ATTRIBUTENAME
The attribute URI of the SAML AttributeStatement where the role information is stored. |
static String |
SAML1_TOKEN_VALIDATOR
The WSS4J Validator instance to use to validate SAML 1.1 Tokens. |
static String |
SAML2_TOKEN_VALIDATOR
The WSS4J Validator instance to use to validate SAML 2.0 Tokens. |
static String |
SC_FROM_JAAS_SUBJECT
Set this to "false" if security context must not be created from JAAS Subject. |
static String |
SCT_TOKEN_VALIDATOR
The WSS4J Validator instance to use to validate SecurityContextTokens. |
static String |
SIGNATURE_CRYPTO
A Crypto object to be used for signature. |
static String |
SIGNATURE_PROPERTIES
The Crypto property configuration to use for signature, if SIGNATURE_CRYPTO is not set instead. |
static String |
SIGNATURE_TOKEN_VALIDATOR
The WSS4J Validator instance to use to validate trust in credentials used in Signature verification. |
static String |
SIGNATURE_USERNAME
The user's name for signature. |
static String |
SPNEGO_CLIENT_ACTION
The SpnegoClientAction implementation to use for SPNEGO. |
static String |
STS_APPLIES_TO
The "AppliesTo" address to send to the STS. |
static String |
STS_CLIENT
A reference to the STSClient class used to communicate with the STS. |
static String |
STS_CLIENT_SOAP12_BINDING
Switch STS client to send Soap 1.2 messages |
static String |
STS_TOKEN_ACT_AS
The token to be sent to the STS in an "ActAs" field. |
static String |
STS_TOKEN_CRYPTO
A Crypto object to be used for the STS. |
static String |
STS_TOKEN_DO_CANCEL
Whether to cancel a token when using SecureConversation after successful invocation. |
static String |
STS_TOKEN_ON_BEHALF_OF
The token to be sent to the STS in an "OnBehalfOf" field. |
static String |
STS_TOKEN_PROPERTIES
The Crypto property configuration to use for the STS, if STS_TOKEN_CRYPTO is not
set instead. |
static String |
STS_TOKEN_USE_CERT_FOR_KEYINFO
Whether to write out an X509Certificate structure in UseKey/KeyInfo, or whether to write out a KeyValue structure. |
static String |
STS_TOKEN_USERNAME
The alias name in the keystore to get the user's public key to send to the STS for the PublicKey KeyType case. |
static String |
SUBJECT_CERT_CONSTRAINTS
A comma separated String of regular expressions which will be applied to the subject DN of the certificate used for signature validation, after trust verification of the certificate chain associated with the certificate. |
static String |
SUBJECT_ROLE_CLASSIFIER
The Subject Role Classifier to use. |
static String |
SUBJECT_ROLE_CLASSIFIER_TYPE
The Subject Role Classifier Type to use. |
static String |
TIMESTAMP_CACHE_INSTANCE
This holds a reference to a ReplayCache instance used to cache Timestamp Created Strings. |
static String |
TIMESTAMP_FUTURE_TTL
The time in seconds in the future within which the Created time of an incoming Timestamp is valid. |
static String |
TIMESTAMP_TOKEN_VALIDATOR
The WSS4J Validator instance to use to validate Timestamps. |
static String |
TIMESTAMP_TTL
The time in seconds to append to the Creation value of an incoming Timestamp to determine whether to accept the Timestamp as valid or not. |
static String |
TOKEN
|
static String |
TOKEN_ID
|
static String |
TOKEN_STORE_CACHE_INSTANCE
The TokenStore instance to use to cache security tokens. |
static String |
USERNAME
The user's name. |
static String |
USERNAME_TOKEN_VALIDATOR
The WSS4J Validator instance to use to validate UsernameTokens. |
static String |
USERNAMETOKEN_FUTURE_TTL
The time in seconds in the future within which the Created time of an incoming UsernameToken is valid. |
static String |
USERNAMETOKEN_TTL
The time in seconds to append to the Creation value of an incoming UsernameToken to determine whether to accept the UsernameToken as valid or not. |
static String |
VALIDATE_SAML_SUBJECT_CONFIRMATION
Whether to validate the SubjectConfirmation requirements of a received SAML Token (sender-vouches or holder-of-key). |
static String |
VALIDATE_TOKEN
Whether to validate the password of a received UsernameToken or not. |
Method Summary |
---|
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String USERNAME
SIGNATURE_USERNAME
is not set.
c) It is used as the alias name in the keystore to get the user's public key for encryption if
ENCRYPT_USERNAME
is not set.
public static final String PASSWORD
CALLBACK_HANDLER
is not defined. It is currently only used for
the case of adding a password to a UsernameToken.
public static final String SIGNATURE_USERNAME
USERNAME
is used instead. If
that is also not specified, it uses the the default alias set in the properties file referenced by
SIGNATURE_PROPERTIES
. If that's also not set, and the keystore only contains a single key,
that key will be used.
public static final String ENCRYPT_USERNAME
USERNAME
is used instead. If
that is also not specified, it uses the the default alias set in the properties file referenced by
ENCRYPT_PROPERTIES
. If that's also not set, and the keystore only contains a single key,
that key will be used.
For the web service provider, the "useReqSigCert" keyword can be used to accept (encrypt to) any
client whose public key is in the service's truststore (defined in ENCRYPT_PROPERTIES
).
public static final String ACTOR
public static final String CALLBACK_HANDLER
CallbackHandler
instance, which must
be accessible via the classpath.
b) A CallbackHandler
instance.
public static final String SAML_CALLBACK_HANDLER
CallbackHandler
instance, which must
be accessible via the classpath.
b) A CallbackHandler
instance.
public static final String SIGNATURE_PROPERTIES
SIGNATURE_CRYPTO
is not set instead.
The value of this tag must be either:
a) A Java Properties object that contains the Crypto configuration.
b) The path of the Crypto property file that contains the Crypto configuration.
c) A URL that points to the Crypto property file that contains the Crypto configuration.
public static final String ENCRYPT_PROPERTIES
ENCRYPT_CRYPTO
is not set instead.
The value of this tag must be either:
a) A Java Properties object that contains the Crypto configuration.
b) The path of the Crypto property file that contains the Crypto configuration.
c) A URL that points to the Crypto property file that contains the Crypto configuration.
public static final String SIGNATURE_CRYPTO
SIGNATURE_PROPERTIES
is used instead.
public static final String ENCRYPT_CRYPTO
ENCRYPT_PROPERTIES
is used instead.
public static final String VALIDATE_TOKEN
public static final String ENABLE_REVOCATION
public static final String ALWAYS_ENCRYPT_UT
public static final String IS_BSP_COMPLIANT
public static final String ENABLE_NONCE_CACHE
public static final String ENABLE_TIMESTAMP_CACHE
public static final String ENABLE_SAML_ONE_TIME_USE_CACHE
public static final String VALIDATE_SAML_SUBJECT_CONFIRMATION
public static final String ENABLE_STREAMING_SECURITY
public static final String RETURN_SECURITY_ERROR
public static final String TIMESTAMP_TTL
public static final String TIMESTAMP_FUTURE_TTL
public static final String USERNAMETOKEN_TTL
public static final String USERNAMETOKEN_FUTURE_TTL
public static final String SAML_ROLE_ATTRIBUTENAME
public static final String KERBEROS_CLIENT
public static final String SPNEGO_CLIENT_ACTION
public static final String KERBEROS_JAAS_CONTEXT_NAME
public static final String KERBEROS_SPN
public static final String NONCE_CACHE_INSTANCE
public static final String TIMESTAMP_CACHE_INSTANCE
public static final String SAML_ONE_TIME_USE_CACHE_INSTANCE
public static final String CACHE_CONFIG_FILE
public static final String TOKEN_STORE_CACHE_INSTANCE
public static final String CACHE_IDENTIFIER
public static final String SUBJECT_CERT_CONSTRAINTS
public static final String SUBJECT_ROLE_CLASSIFIER
public static final String SUBJECT_ROLE_CLASSIFIER_TYPE
public static final String ASYMMETRIC_SIGNATURE_ALGORITHM
public static final String PASSWORD_ENCRYPTOR_INSTANCE
public static final String USERNAME_TOKEN_VALIDATOR
public static final String SAML1_TOKEN_VALIDATOR
public static final String SAML2_TOKEN_VALIDATOR
public static final String TIMESTAMP_TOKEN_VALIDATOR
public static final String SIGNATURE_TOKEN_VALIDATOR
public static final String BST_TOKEN_VALIDATOR
public static final String SCT_TOKEN_VALIDATOR
public static final String STS_CLIENT
public static final String STS_APPLIES_TO
public static final String STS_TOKEN_USE_CERT_FOR_KEYINFO
public static final String STS_TOKEN_DO_CANCEL
public static final String CACHE_ISSUED_TOKEN_IN_ENDPOINT
public static final String DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS
public static final String STS_CLIENT_SOAP12_BINDING
public static final String STS_TOKEN_CRYPTO
STS_TOKEN_PROPERTIES
is used instead.
WCF's trust server sometimes will encrypt the token in the response IN ADDITION TO
the full security on the message. These properties control the way the STS client
will decrypt the EncryptedData elements in the response.
These are also used by the STSClient to send/process any RSA/DSAKeyValue tokens
used if the KeyType is "PublicKey"
public static final String STS_TOKEN_PROPERTIES
STS_TOKEN_CRYPTO
is not
set instead.
The value of this tag must be either:
a) A Java Properties object that contains the Crypto configuration.
b) The path of the Crypto property file that contains the Crypto configuration.
c) A URL that points to the Crypto property file that contains the Crypto configuration.
public static final String STS_TOKEN_USERNAME
public static final String STS_TOKEN_ACT_AS
public static final String STS_TOKEN_ON_BEHALF_OF
public static final String MUST_UNDERSTAND
public static final String SC_FROM_JAAS_SUBJECT
public static final String TOKEN
public static final String TOKEN_ID
public static final Set<String> ALL_PROPERTIES
|
Apache CXF API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |