SecurityConstants (Apache CXF JavaDoc 3.1.0 API)

java.lang.Object
- org.apache.cxf.rt.security.SecurityConstants

Direct Known Subclasses:

SecurityConstants
```
public class SecurityConstants
extends Object
```
This class contains some configuration tags that can be used to configure various security properties. These tags are shared between the SOAP stack (WS-SecurityPolicy configuration), as well as the REST stack (JAX-RS XML Security). The configuration tags largely relate to properties for signing, encryption as well as SAML tokens. Most of the signing/encryption tags refer to Apache WSS4J "Crypto" objects, which are used by both stacks to control how certificates/keys are retrieved, etc. More specific configuration tags for WS-SecurityPolicy are configured in the SecurityConstants class in the cxf-rt-ws-security module, which extends this class.

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`AUDIENCE_RESTRICTION_VALIDATION` Enable SAML AudienceRestriction validation.
`static String`	`CALLBACK_HANDLER` The CallbackHandler implementation class used to obtain passwords, for both outbound and inbound requests.
`static Set<String>`	`COMMON_PROPERTIES`
`static String`	`ENABLE_REVOCATION` Whether to enable Certificate Revocation List (CRL) checking or not when verifying trust in a certificate.
`static String`	`ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL` Whether to allow unsigned saml assertions as SecurityContext Principals.
`static String`	`ENCRYPT_CERT` A message property for prepared X509 certificate to be used for encryption.
`static String`	`ENCRYPT_CRYPTO` A Crypto object to be used for encryption.
`static String`	`ENCRYPT_PROPERTIES` The Crypto property configuration to use for encryption, if `ENCRYPT_CRYPTO` is not set instead.
`static String`	`ENCRYPT_USERNAME` The user's name for encryption.
`static String`	`PASSWORD` The user's password when a `CALLBACK_HANDLER` is not defined.
`static String`	`SAML_CALLBACK_HANDLER` The SAML CallbackHandler implementation class used to construct SAML Assertions.
`static String`	`SAML_ROLE_ATTRIBUTENAME` The attribute URI of the SAML AttributeStatement where the role information is stored.
`static String`	`SC_FROM_JAAS_SUBJECT` Set this to "false" if security context must not be created from JAAS Subject.
`static String`	`SIGNATURE_CRYPTO` A Crypto object to be used for signature.
`static String`	`SIGNATURE_PROPERTIES` The Crypto property configuration to use for signature, if `SIGNATURE_CRYPTO` is not set instead.
`static String`	`SIGNATURE_USERNAME` The user's name for signature.
`static String`	`SUBJECT_CERT_CONSTRAINTS` A comma separated String of regular expressions which will be applied to the subject DN of the certificate used for signature validation, after trust verification of the certificate chain associated with the certificate.
`static String`	`USERNAME` The user's name.
`static String`	`VALIDATE_SAML_SUBJECT_CONFIRMATION` Whether to validate the SubjectConfirmation requirements of a received SAML Token (sender-vouches or holder-of-key).

Constructor Summary

Constructors
Modifier Constructor and Description

protected SecurityConstants()

Constructors
Modifier	Constructor and Description
`protected`	`SecurityConstants()`

Method Summary
- Methods inherited from class java.lang.Object
  clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - USERNAME
```
public static final String USERNAME
```
    The user's name. It is used as follows: a) As the name in the UsernameToken for WS-Security. b) As the alias name in the keystore to get the user's cert and private key for signature if SIGNATURE_USERNAME is not set. c) As the alias name in the keystore to get the user's public key for encryption if ENCRYPT_USERNAME is not set.
    
    See Also:
    Constant Field Values
  - PASSWORD
```
public static final String PASSWORD
```
    The user's password when a CALLBACK_HANDLER is not defined.
    
    See Also:
    Constant Field Values
  - SIGNATURE_USERNAME
```
public static final String SIGNATURE_USERNAME
```
    The user's name for signature. It is used as the alias name in the keystore to get the user's cert and private key for signature. If this is not defined, then USERNAME is used instead. If that is also not specified, it uses the the default alias set in the properties file referenced by SIGNATURE_PROPERTIES. If that's also not set, and the keystore only contains a single key, that key will be used.
    
    See Also:
    Constant Field Values
  - ENCRYPT_USERNAME
```
public static final String ENCRYPT_USERNAME
```
    The user's name for encryption. It is used as the alias name in the keystore to get the user's public key for encryption. If this is not defined, then USERNAME is used instead. If that is also not specified, it uses the the default alias set in the properties file referenced by ENCRYPT_PROPERTIES. If that's also not set, and the keystore only contains a single key, that key will be used. For the WS-Security web service provider, the "useReqSigCert" keyword can be used to accept (encrypt to) any client whose public key is in the service's truststore (defined in ENCRYPT_PROPERTIES).
    
    See Also:
    Constant Field Values
  - CALLBACK_HANDLER
```
public static final String CALLBACK_HANDLER
```
    The CallbackHandler implementation class used to obtain passwords, for both outbound and inbound requests. The value of this tag must be either: a) The class name of a CallbackHandler instance, which must be accessible via the classpath. b) A CallbackHandler instance.
    
    See Also:
    Constant Field Values
  - SAML_CALLBACK_HANDLER
```
public static final String SAML_CALLBACK_HANDLER
```
    The SAML CallbackHandler implementation class used to construct SAML Assertions. The value of this tag must be either: a) The class name of a CallbackHandler instance, which must be accessible via the classpath. b) A CallbackHandler instance.
    
    See Also:
    Constant Field Values
  - SIGNATURE_PROPERTIES
```
public static final String SIGNATURE_PROPERTIES
```
    The Crypto property configuration to use for signature, if SIGNATURE_CRYPTO is not set instead. The value of this tag must be either: a) A Java Properties object that contains the Crypto configuration. b) The path of the Crypto property file that contains the Crypto configuration. c) A URL that points to the Crypto property file that contains the Crypto configuration.
    
    See Also:
    Constant Field Values
  - ENCRYPT_PROPERTIES
```
public static final String ENCRYPT_PROPERTIES
```
    The Crypto property configuration to use for encryption, if ENCRYPT_CRYPTO is not set instead. The value of this tag must be either: a) A Java Properties object that contains the Crypto configuration. b) The path of the Crypto property file that contains the Crypto configuration. c) A URL that points to the Crypto property file that contains the Crypto configuration.
    
    See Also:
    Constant Field Values
  - SIGNATURE_CRYPTO
```
public static final String SIGNATURE_CRYPTO
```
    A Crypto object to be used for signature. If this is not defined then the SIGNATURE_PROPERTIES is used instead.
    
    See Also:
    Constant Field Values
  - ENCRYPT_CRYPTO
```
public static final String ENCRYPT_CRYPTO
```
    A Crypto object to be used for encryption. If this is not defined then the ENCRYPT_PROPERTIES is used instead.
    
    See Also:
    Constant Field Values
  - ENCRYPT_CERT
```
public static final String ENCRYPT_CERT
```
    A message property for prepared X509 certificate to be used for encryption. If this is not defined, then the certificate will be either loaded from the keystore ENCRYPT_PROPERTIES or extracted from request (when WS-Security is used and if ENCRYPT_USERNAME has value "useReqSigCert").
    
    See Also:
    Constant Field Values
  - ENABLE_REVOCATION
```
public static final String ENABLE_REVOCATION
```
    Whether to enable Certificate Revocation List (CRL) checking or not when verifying trust in a certificate. The default value is "false".
    
    See Also:
    Constant Field Values
  - ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL
```
public static final String ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL
```
    Whether to allow unsigned saml assertions as SecurityContext Principals. The default is false.
    
    See Also:
    Constant Field Values
  - VALIDATE_SAML_SUBJECT_CONFIRMATION
```
public static final String VALIDATE_SAML_SUBJECT_CONFIRMATION
```
    Whether to validate the SubjectConfirmation requirements of a received SAML Token (sender-vouches or holder-of-key). The default is true.
    
    See Also:
    Constant Field Values
  - SC_FROM_JAAS_SUBJECT
```
public static final String SC_FROM_JAAS_SUBJECT
```
    Set this to "false" if security context must not be created from JAAS Subject. The default value is "true".
    
    See Also:
    Constant Field Values
  - AUDIENCE_RESTRICTION_VALIDATION
```
public static final String AUDIENCE_RESTRICTION_VALIDATION
```
    Enable SAML AudienceRestriction validation. If this is set to "true", then IF the SAML Token contains Audience Restriction URIs, one of them must match either the request URL or the Service QName. The default is "true".
    
    See Also:
    Constant Field Values
  - SAML_ROLE_ATTRIBUTENAME
```
public static final String SAML_ROLE_ATTRIBUTENAME
```
    The attribute URI of the SAML AttributeStatement where the role information is stored. The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".
    
    See Also:
    Constant Field Values
  - SUBJECT_CERT_CONSTRAINTS
```
public static final String SUBJECT_CERT_CONSTRAINTS
```
    A comma separated String of regular expressions which will be applied to the subject DN of the certificate used for signature validation, after trust verification of the certificate chain associated with the certificate.
    
    See Also:
    Constant Field Values
  - COMMON_PROPERTIES
```
public static final Set<String> COMMON_PROPERTIES
```
- Constructor Detail
  - SecurityConstants
```
protected SecurityConstants()
```

Class SecurityConstants

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

USERNAME

PASSWORD

SIGNATURE_USERNAME

ENCRYPT_USERNAME

CALLBACK_HANDLER

SAML_CALLBACK_HANDLER

SIGNATURE_PROPERTIES

ENCRYPT_PROPERTIES

SIGNATURE_CRYPTO

ENCRYPT_CRYPTO

ENCRYPT_CERT

ENABLE_REVOCATION

ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL

VALIDATE_SAML_SUBJECT_CONFIRMATION

SC_FROM_JAAS_SUBJECT

AUDIENCE_RESTRICTION_VALIDATION

SAML_ROLE_ATTRIBUTENAME

SUBJECT_CERT_CONSTRAINTS

COMMON_PROPERTIES

Constructor Detail

SecurityConstants