content/javadoc/latest-3.4.x/org/apache/cxf/rt/security/SecurityConstants.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc -->
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>SecurityConstants (Apache CXF JavaDoc 3.4.5 API)</title>
<link rel="stylesheet" type="text/css" href="../../../../../stylesheet.css" title="Style">
<script type="text/javascript" src="../../../../../script.js"></script>
</head>
<body>
<script type="text/javascript"><!--
    try {
        if (location.href.indexOf('is-external=true') == -1) {
            parent.document.title="SecurityConstants (Apache CXF JavaDoc 3.4.5 API)";
        }
    }
    catch(err) {
    }
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar.top">
<!--   -->
</a>
<div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a name="navbar.top.firstrow">
<!--   -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../overview-summary.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/SecurityConstants.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../help-doc.html">Help</a></li>
</ul>
<div class="aboutLanguage">Apache CXF API</div>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev&nbsp;Class</li>
<li>Next&nbsp;Class</li>
</ul>
<ul class="navList">
<li><a href="../../../../../index.html?org/apache/cxf/rt/security/SecurityConstants.html" target="_top">Frames</a></li>
<li><a href="SecurityConstants.html" target="_top">No&nbsp;Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../allclasses-noframe.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_top");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li><a href="#field.summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#methods.inherited.from.class.java.lang.Object">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li><a href="#field.detail">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li>Method</li>
</ul>
</div>
<a name="skip.navbar.top">
<!--   -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<!-- ======== START OF CLASS DATA ======== -->
<div class="header">
<div class="subTitle">org.apache.cxf.rt.security</div>
<h2 title="Class SecurityConstants" class="title">Class SecurityConstants</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">java.lang.Object</a></li>
<li>
<ul class="inheritance">
<li>org.apache.cxf.rt.security.SecurityConstants</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>Direct Known Subclasses:</dt>
<dd><a href="../../../../../org/apache/cxf/ws/security/SecurityConstants.html" title="class in org.apache.cxf.ws.security">SecurityConstants</a></dd>
</dl>
<hr>
<br>
<pre>public class <span class="typeNameLabel">SecurityConstants</span>
extends <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></pre>
<div class="block">This class contains some configuration tags that can be used to configure various security properties. These
 tags are shared between the SOAP stack (WS-SecurityPolicy configuration), as well as the REST stack (JAX-RS
 XML Security).

 The configuration tags largely relate to properties for signing, encryption as well as SAML tokens. Most of
 the signing/encryption tags refer to Apache WSS4J "Crypto" objects, which are used by both stacks to control
 how certificates/keys are retrieved, etc.

 More specific configuration tags for WS-SecurityPolicy are configured in the SecurityConstants
 class in the cxf-rt-ws-security module, which extends this class.</div>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- =========== FIELD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="field.summary">
<!--   -->
</a>
<h3>Field Summary</h3>
<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Field Summary table, listing fields, and an explanation">
<caption><span>Fields</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Field and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#AUDIENCE_RESTRICTION_VALIDATION">AUDIENCE_RESTRICTION_VALIDATION</a></span></code>
<div class="block">Enable SAML AudienceRestriction validation.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#AUDIENCE_RESTRICTIONS">AUDIENCE_RESTRICTIONS</a></span></code>
<div class="block">This property contains a comma separated String corresponding to a list of audience restriction URIs.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#CACHE_ISSUED_TOKEN_IN_ENDPOINT">CACHE_ISSUED_TOKEN_IN_ENDPOINT</a></span></code>
<div class="block">Set this to "false" to not cache a SecurityToken per proxy object in the
 IssuedTokenInterceptorProvider.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#CALLBACK_HANDLER">CALLBACK_HANDLER</a></span></code>
<div class="block">The CallbackHandler implementation class used to obtain passwords, for both outbound and inbound
 requests.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#CERT_CONSTRAINTS_SEPARATOR">CERT_CONSTRAINTS_SEPARATOR</a></span></code>
<div class="block">The separator that is used to parse certificate constraints configured in the SUBJECT_CERT_CONSTRAINTS
 tag.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a>&lt;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&gt;</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#COMMON_PROPERTIES">COMMON_PROPERTIES</a></span></code>&nbsp;</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS">DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS</a></span></code>
<div class="block">Whether to avoid STS client trying send WS-MetadataExchange call using
 STS EPR WSA address when the endpoint contract contains no WS-MetadataExchange info.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#ENABLE_REVOCATION">ENABLE_REVOCATION</a></span></code>
<div class="block">Whether to enable Certificate Revocation List (CRL) checking or not when verifying trust
 in a certificate.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL">ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL</a></span></code>
<div class="block">Whether to allow unsigned saml assertions as SecurityContext Principals.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#ENABLE_UT_NOPASSWORD_PRINCIPAL">ENABLE_UT_NOPASSWORD_PRINCIPAL</a></span></code>
<div class="block">Whether to allow UsernameTokens with no password to be used as SecurityContext Principals.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#ENCRYPT_CERT">ENCRYPT_CERT</a></span></code>
<div class="block">A message property for prepared X509 certificate to be used for encryption.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#ENCRYPT_CRYPTO">ENCRYPT_CRYPTO</a></span></code>
<div class="block">A Crypto object to be used for encryption.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#ENCRYPT_PROPERTIES">ENCRYPT_PROPERTIES</a></span></code>
<div class="block">The Crypto property configuration to use for encryption, if <code>ENCRYPT_CRYPTO</code> is not set instead.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#ENCRYPT_USERNAME">ENCRYPT_USERNAME</a></span></code>
<div class="block">The user's name for encryption.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#PASSWORD">PASSWORD</a></span></code>
<div class="block">The user's password when a <code>CALLBACK_HANDLER</code> is not defined.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#PREFER_WSMEX_OVER_STS_CLIENT_CONFIG">PREFER_WSMEX_OVER_STS_CLIENT_CONFIG</a></span></code>
<div class="block">Whether to prefer to use WS-MEX over a STSClient's location/wsdlLocation properties
 when making an STS RequestSecurityToken call.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#SAML_CALLBACK_HANDLER">SAML_CALLBACK_HANDLER</a></span></code>
<div class="block">The SAML CallbackHandler implementation class used to construct SAML Assertions.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#SAML_ROLE_ATTRIBUTENAME">SAML_ROLE_ATTRIBUTENAME</a></span></code>
<div class="block">The attribute URI of the SAML AttributeStatement where the role information is stored.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#SC_FROM_JAAS_SUBJECT">SC_FROM_JAAS_SUBJECT</a></span></code>
<div class="block">Set this to "false" if security context must not be created from JAAS Subject.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#SIGNATURE_CRYPTO">SIGNATURE_CRYPTO</a></span></code>
<div class="block">A Crypto object to be used for signature.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#SIGNATURE_PASSWORD">SIGNATURE_PASSWORD</a></span></code>
<div class="block">The user's password for signature when a <code>CALLBACK_HANDLER</code> is not defined.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#SIGNATURE_PROPERTIES">SIGNATURE_PROPERTIES</a></span></code>
<div class="block">The Crypto property configuration to use for signature, if <code>SIGNATURE_CRYPTO</code> is not set instead.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#SIGNATURE_USERNAME">SIGNATURE_USERNAME</a></span></code>
<div class="block">The user's name for signature.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#STS_APPLIES_TO">STS_APPLIES_TO</a></span></code>
<div class="block">The "AppliesTo" address to send to the STS.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#STS_CHECK_FOR_RECURSIVE_CALL">STS_CHECK_FOR_RECURSIVE_CALL</a></span></code>
<div class="block">Check that we are not invoking on the STS using its own IssuedToken policy - in which case we
 will end up with a recursive loop.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#STS_CLIENT">STS_CLIENT</a></span></code>
<div class="block">A reference to the STSClient class used to communicate with the STS.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#STS_CLIENT_SOAP12_BINDING">STS_CLIENT_SOAP12_BINDING</a></span></code>
<div class="block">Switch STS client to send Soap 1.2 messages</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#STS_ISSUE_AFTER_FAILED_RENEW">STS_ISSUE_AFTER_FAILED_RENEW</a></span></code>
<div class="block">Whether to fall back to calling "issue" after failing to renew an expired token.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#STS_TOKEN_ACT_AS">STS_TOKEN_ACT_AS</a></span></code>
<div class="block">The token to be sent to the STS in an "ActAs" field.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#STS_TOKEN_CACHER_IMPL">STS_TOKEN_CACHER_IMPL</a></span></code>
<div class="block">An implementation of the STSTokenCacher interface, if you want to plug in custom caching behaviour for
 STS clients.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#STS_TOKEN_CRYPTO">STS_TOKEN_CRYPTO</a></span></code>
<div class="block">A Crypto object to be used for the STS.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#STS_TOKEN_DO_CANCEL">STS_TOKEN_DO_CANCEL</a></span></code>
<div class="block">Whether to cancel a token when using SecureConversation after successful invocation.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#STS_TOKEN_IMMINENT_EXPIRY_VALUE">STS_TOKEN_IMMINENT_EXPIRY_VALUE</a></span></code>
<div class="block">This is the value in seconds within which a token is considered to be expired by the
 client.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#STS_TOKEN_ON_BEHALF_OF">STS_TOKEN_ON_BEHALF_OF</a></span></code>
<div class="block">The token to be sent to the STS in an "OnBehalfOf" field.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#STS_TOKEN_PROPERTIES">STS_TOKEN_PROPERTIES</a></span></code>
<div class="block">The Crypto property configuration to use for the STS, if <code>STS_TOKEN_CRYPTO</code> is not
 set instead.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#STS_TOKEN_USE_CERT_FOR_KEYINFO">STS_TOKEN_USE_CERT_FOR_KEYINFO</a></span></code>
<div class="block">Whether to write out an X509Certificate structure in UseKey/KeyInfo, or whether to write
 out a KeyValue structure.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#STS_TOKEN_USERNAME">STS_TOKEN_USERNAME</a></span></code>
<div class="block">The alias name in the keystore to get the user's public key to send to the STS for the
 PublicKey KeyType case.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#SUBJECT_CERT_CONSTRAINTS">SUBJECT_CERT_CONSTRAINTS</a></span></code>
<div class="block">A String of regular expressions (separated by the value specified for CERT_CONSTRAINTS_SEPARATOR)
 which will be applied to the subject DN of the certificate used for signature validation, after trust
 verification of the certificate chain associated with the certificate.</div>
</td>
</tr>
<tr class="altColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#USERNAME">USERNAME</a></span></code>
<div class="block">The user's name.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#VALIDATE_SAML_SUBJECT_CONFIRMATION">VALIDATE_SAML_SUBJECT_CONFIRMATION</a></span></code>
<div class="block">Whether to validate the SubjectConfirmation requirements of a received SAML Token
 (sender-vouches or holder-of-key).</div>
</td>
</tr>
</table>
</li>
</ul>
<!-- ======== CONSTRUCTOR SUMMARY ======== -->
<ul class="blockList">
<li class="blockList"><a name="constructor.summary">
<!--   -->
</a>
<h3>Constructor Summary</h3>
<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier</th>
<th class="colLast" scope="col">Constructor and Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>protected </code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../org/apache/cxf/rt/security/SecurityConstants.html#SecurityConstants--">SecurityConstants</a></span>()</code>&nbsp;</td>
</tr>
</table>
</li>
</ul>
<!-- ========== METHOD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="method.summary">
<!--   -->
</a>
<h3>Method Summary</h3>
<ul class="blockList">
<li class="blockList"><a name="methods.inherited.from.class.java.lang.Object">
<!--   -->
</a>
<h3>Methods inherited from class&nbsp;java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></h3>
<code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone--" title="class or interface in java.lang">clone</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals-java.lang.Object-" title="class or interface in java.lang">equals</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize--" title="class or interface in java.lang">finalize</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass--" title="class or interface in java.lang">getClass</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#hashCode--" title="class or interface in java.lang">hashCode</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notify--" title="class or interface in java.lang">notify</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notifyAll--" title="class or interface in java.lang">notifyAll</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#toString--" title="class or interface in java.lang">toString</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait--" title="class or interface in java.lang">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait-long-" title="class or interface in java.lang">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait-long-int-" title="class or interface in java.lang">wait</a></code></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ============ FIELD DETAIL =========== -->
<ul class="blockList">
<li class="blockList"><a name="field.detail">
<!--   -->
</a>
<h3>Field Detail</h3>
<a name="USERNAME">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>USERNAME</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> USERNAME</pre>
<div class="block">The user's name. It is used as follows:
 a) As the name in the UsernameToken for WS-Security.
 b) As the alias name in the keystore to get the user's cert and private key for signature
    if <code>SIGNATURE_USERNAME</code> is not set.
 c) As the alias name in the keystore to get the user's public key for encryption if
    <code>ENCRYPT_USERNAME</code> is not set.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.USERNAME">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="PASSWORD">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>PASSWORD</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> PASSWORD</pre>
<div class="block">The user's password when a <code>CALLBACK_HANDLER</code> is not defined. This is only used for the password
 in a WS-Security UsernameToken.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.PASSWORD">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="SIGNATURE_USERNAME">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>SIGNATURE_USERNAME</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> SIGNATURE_USERNAME</pre>
<div class="block">The user's name for signature. It is used as the alias name in the keystore to get the user's cert
 and private key for signature. If this is not defined, then <code>USERNAME</code> is used instead. If
 that is also not specified, it uses the the default alias set in the properties file referenced by
 <code>SIGNATURE_PROPERTIES</code>. If that's also not set, and the keystore only contains a single key,
 that key will be used.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_USERNAME">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="SIGNATURE_PASSWORD">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>SIGNATURE_PASSWORD</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> SIGNATURE_PASSWORD</pre>
<div class="block">The user's password for signature when a <code>CALLBACK_HANDLER</code> is not defined.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_PASSWORD">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="ENCRYPT_USERNAME">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>ENCRYPT_USERNAME</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> ENCRYPT_USERNAME</pre>
<div class="block">The user's name for encryption. It is used as the alias name in the keystore to get the user's public
 key for encryption. If this is not defined, then <code>USERNAME</code> is used instead. If
 that is also not specified, it uses the the default alias set in the properties file referenced by
 <code>ENCRYPT_PROPERTIES</code>. If that's also not set, and the keystore only contains a single key,
 that key will be used.

 For the WS-Security web service provider, the "useReqSigCert" keyword can be used to accept (encrypt to)
 any client whose public key is in the service's truststore (defined in <code>ENCRYPT_PROPERTIES</code>).</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_USERNAME">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="CALLBACK_HANDLER">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>CALLBACK_HANDLER</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> CALLBACK_HANDLER</pre>
<div class="block">The CallbackHandler implementation class used to obtain passwords, for both outbound and inbound
 requests. The value of this tag must be either:
 a) The class name of a <a href="https://docs.oracle.com/javase/8/docs/api/javax/security/auth/callback/CallbackHandler.html?is-external=true" title="class or interface in javax.security.auth.callback"><code>CallbackHandler</code></a> instance, which must
 be accessible via the classpath.
 b) A <a href="https://docs.oracle.com/javase/8/docs/api/javax/security/auth/callback/CallbackHandler.html?is-external=true" title="class or interface in javax.security.auth.callback"><code>CallbackHandler</code></a> instance.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.CALLBACK_HANDLER">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="SAML_CALLBACK_HANDLER">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>SAML_CALLBACK_HANDLER</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> SAML_CALLBACK_HANDLER</pre>
<div class="block">The SAML CallbackHandler implementation class used to construct SAML Assertions. The value of this
 tag must be either:
 a) The class name of a <a href="https://docs.oracle.com/javase/8/docs/api/javax/security/auth/callback/CallbackHandler.html?is-external=true" title="class or interface in javax.security.auth.callback"><code>CallbackHandler</code></a> instance, which must
 be accessible via the classpath.
 b) A <a href="https://docs.oracle.com/javase/8/docs/api/javax/security/auth/callback/CallbackHandler.html?is-external=true" title="class or interface in javax.security.auth.callback"><code>CallbackHandler</code></a> instance.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.SAML_CALLBACK_HANDLER">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="SIGNATURE_PROPERTIES">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>SIGNATURE_PROPERTIES</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> SIGNATURE_PROPERTIES</pre>
<div class="block">The Crypto property configuration to use for signature, if <code>SIGNATURE_CRYPTO</code> is not set instead.
 The value of this tag must be either:
 a) A Java Properties object that contains the Crypto configuration.
 b) The path of the Crypto property file that contains the Crypto configuration.
 c) A URL that points to the Crypto property file that contains the Crypto configuration.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_PROPERTIES">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="ENCRYPT_PROPERTIES">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>ENCRYPT_PROPERTIES</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> ENCRYPT_PROPERTIES</pre>
<div class="block">The Crypto property configuration to use for encryption, if <code>ENCRYPT_CRYPTO</code> is not set instead.
 The value of this tag must be either:
 a) A Java Properties object that contains the Crypto configuration.
 b) The path of the Crypto property file that contains the Crypto configuration.
 c) A URL that points to the Crypto property file that contains the Crypto configuration.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_PROPERTIES">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="SIGNATURE_CRYPTO">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>SIGNATURE_CRYPTO</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> SIGNATURE_CRYPTO</pre>
<div class="block">A Crypto object to be used for signature. If this is not defined then the
 <code>SIGNATURE_PROPERTIES</code> is used instead.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_CRYPTO">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="ENCRYPT_CRYPTO">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>ENCRYPT_CRYPTO</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> ENCRYPT_CRYPTO</pre>
<div class="block">A Crypto object to be used for encryption. If this is not defined then the
 <code>ENCRYPT_PROPERTIES</code> is used instead.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_CRYPTO">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="ENCRYPT_CERT">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>ENCRYPT_CERT</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> ENCRYPT_CERT</pre>
<div class="block">A message property for prepared X509 certificate to be used for encryption.
 If this is not defined, then the certificate will be either loaded from the
 keystore <code>ENCRYPT_PROPERTIES</code> or extracted from request (when WS-Security is used and
 if <code>ENCRYPT_USERNAME</code> has value "useReqSigCert").</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_CERT">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="ENABLE_REVOCATION">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>ENABLE_REVOCATION</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> ENABLE_REVOCATION</pre>
<div class="block">Whether to enable Certificate Revocation List (CRL) checking or not when verifying trust
 in a certificate. The default value is "false".</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.ENABLE_REVOCATION">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL</pre>
<div class="block">Whether to allow unsigned saml assertions as SecurityContext Principals. The default is false.
 Note that "unsigned" refers to an internal signature. Even if the token is signed by an
 external signature (as per the "sender-vouches" requirement), this boolean must still be
 configured if you want to use the token to set up the security context.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="ENABLE_UT_NOPASSWORD_PRINCIPAL">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>ENABLE_UT_NOPASSWORD_PRINCIPAL</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> ENABLE_UT_NOPASSWORD_PRINCIPAL</pre>
<div class="block">Whether to allow UsernameTokens with no password to be used as SecurityContext Principals.
 The default is false.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.ENABLE_UT_NOPASSWORD_PRINCIPAL">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="VALIDATE_SAML_SUBJECT_CONFIRMATION">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>VALIDATE_SAML_SUBJECT_CONFIRMATION</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> VALIDATE_SAML_SUBJECT_CONFIRMATION</pre>
<div class="block">Whether to validate the SubjectConfirmation requirements of a received SAML Token
 (sender-vouches or holder-of-key). The default is true.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="SC_FROM_JAAS_SUBJECT">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>SC_FROM_JAAS_SUBJECT</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> SC_FROM_JAAS_SUBJECT</pre>
<div class="block">Set this to "false" if security context must not be created from JAAS Subject.

 The default value is "true".</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.SC_FROM_JAAS_SUBJECT">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="AUDIENCE_RESTRICTION_VALIDATION">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>AUDIENCE_RESTRICTION_VALIDATION</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> AUDIENCE_RESTRICTION_VALIDATION</pre>
<div class="block">Enable SAML AudienceRestriction validation. If this is set to "true", then IF the
 SAML Token contains Audience Restriction URIs, one of them must match one of the values of the
 AUDIENCE_RESTRICTIONS property. The default is "true" for SOAP services, "false" for REST services.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="SAML_ROLE_ATTRIBUTENAME">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>SAML_ROLE_ATTRIBUTENAME</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> SAML_ROLE_ATTRIBUTENAME</pre>
<div class="block">The attribute URI of the SAML AttributeStatement where the role information is stored.
 The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.SAML_ROLE_ATTRIBUTENAME">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="SUBJECT_CERT_CONSTRAINTS">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>SUBJECT_CERT_CONSTRAINTS</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> SUBJECT_CERT_CONSTRAINTS</pre>
<div class="block">A String of regular expressions (separated by the value specified for CERT_CONSTRAINTS_SEPARATOR)
 which will be applied to the subject DN of the certificate used for signature validation, after trust
 verification of the certificate chain associated with the certificate.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.SUBJECT_CERT_CONSTRAINTS">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="CERT_CONSTRAINTS_SEPARATOR">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>CERT_CONSTRAINTS_SEPARATOR</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> CERT_CONSTRAINTS_SEPARATOR</pre>
<div class="block">The separator that is used to parse certificate constraints configured in the SUBJECT_CERT_CONSTRAINTS
 tag. By default it is a comma - ",".</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.CERT_CONSTRAINTS_SEPARATOR">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="STS_CLIENT">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>STS_CLIENT</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> STS_CLIENT</pre>
<div class="block">A reference to the STSClient class used to communicate with the STS.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.STS_CLIENT">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="STS_APPLIES_TO">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>STS_APPLIES_TO</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> STS_APPLIES_TO</pre>
<div class="block">The "AppliesTo" address to send to the STS. The default is the endpoint address of the
 service provider.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.STS_APPLIES_TO">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="STS_TOKEN_USE_CERT_FOR_KEYINFO">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>STS_TOKEN_USE_CERT_FOR_KEYINFO</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> STS_TOKEN_USE_CERT_FOR_KEYINFO</pre>
<div class="block">Whether to write out an X509Certificate structure in UseKey/KeyInfo, or whether to write
 out a KeyValue structure. The default value is "false".</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="STS_TOKEN_DO_CANCEL">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>STS_TOKEN_DO_CANCEL</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> STS_TOKEN_DO_CANCEL</pre>
<div class="block">Whether to cancel a token when using SecureConversation after successful invocation. The
 default is "false".</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.STS_TOKEN_DO_CANCEL">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="STS_ISSUE_AFTER_FAILED_RENEW">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>STS_ISSUE_AFTER_FAILED_RENEW</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> STS_ISSUE_AFTER_FAILED_RENEW</pre>
<div class="block">Whether to fall back to calling "issue" after failing to renew an expired token. Some
 STSs do not support the renew binding, and so we should just issue a new token after expiry.
 The default is true.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.STS_ISSUE_AFTER_FAILED_RENEW">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="CACHE_ISSUED_TOKEN_IN_ENDPOINT">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>CACHE_ISSUED_TOKEN_IN_ENDPOINT</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> CACHE_ISSUED_TOKEN_IN_ENDPOINT</pre>
<div class="block">Set this to "false" to not cache a SecurityToken per proxy object in the
 IssuedTokenInterceptorProvider. This should be done if a token is being retrieved
 from an STS in an intermediary. The default value is "true".</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.CACHE_ISSUED_TOKEN_IN_ENDPOINT">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS</pre>
<div class="block">Whether to avoid STS client trying send WS-MetadataExchange call using
 STS EPR WSA address when the endpoint contract contains no WS-MetadataExchange info.
 The default value is "false".</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="PREFER_WSMEX_OVER_STS_CLIENT_CONFIG">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>PREFER_WSMEX_OVER_STS_CLIENT_CONFIG</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> PREFER_WSMEX_OVER_STS_CLIENT_CONFIG</pre>
<div class="block">Whether to prefer to use WS-MEX over a STSClient's location/wsdlLocation properties
 when making an STS RequestSecurityToken call. This can be set to true for the scenario
 of making a WS-MEX call to an initial STS, and using the returned token to make another
 call to an STS (which is configured using the STSClient configuration). Default is
 "false".</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.PREFER_WSMEX_OVER_STS_CLIENT_CONFIG">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="STS_CLIENT_SOAP12_BINDING">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>STS_CLIENT_SOAP12_BINDING</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> STS_CLIENT_SOAP12_BINDING</pre>
<div class="block">Switch STS client to send Soap 1.2 messages</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.STS_CLIENT_SOAP12_BINDING">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="STS_TOKEN_CRYPTO">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>STS_TOKEN_CRYPTO</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> STS_TOKEN_CRYPTO</pre>
<div class="block">A Crypto object to be used for the STS. If this is not defined then the
 <code>STS_TOKEN_PROPERTIES</code> is used instead.

 WCF's trust server sometimes will encrypt the token in the response IN ADDITION TO
 the full security on the message. These properties control the way the STS client
 will decrypt the EncryptedData elements in the response.

 These are also used by the STSClient to send/process any RSA/DSAKeyValue tokens
 used if the KeyType is "PublicKey"</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.STS_TOKEN_CRYPTO">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="STS_TOKEN_PROPERTIES">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>STS_TOKEN_PROPERTIES</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> STS_TOKEN_PROPERTIES</pre>
<div class="block">The Crypto property configuration to use for the STS, if <code>STS_TOKEN_CRYPTO</code> is not
 set instead.
 The value of this tag must be either:
 a) A Java Properties object that contains the Crypto configuration.
 b) The path of the Crypto property file that contains the Crypto configuration.
 c) A URL that points to the Crypto property file that contains the Crypto configuration.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.STS_TOKEN_PROPERTIES">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="STS_TOKEN_USERNAME">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>STS_TOKEN_USERNAME</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> STS_TOKEN_USERNAME</pre>
<div class="block">The alias name in the keystore to get the user's public key to send to the STS for the
 PublicKey KeyType case.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.STS_TOKEN_USERNAME">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="STS_TOKEN_ACT_AS">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>STS_TOKEN_ACT_AS</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> STS_TOKEN_ACT_AS</pre>
<div class="block">The token to be sent to the STS in an "ActAs" field. It can be either:
 a) A String (which must be an XML statement like "<wst:OnBehalfOf xmlns:wst=...>...</wst:OnBehalfOf>")
 b) A DOM Element
 c) A CallbackHandler object to use to obtain the token

 In the case of a CallbackHandler, it must be able to handle a
 org.apache.cxf.ws.security.trust.delegation.DelegationCallback Object, which contains a
 reference to the current Message. The CallbackHandler implementation is required to set
 the token Element to be sent in the request on the Callback.

 Some examples that can be reused are:
 org.apache.cxf.ws.security.trust.delegation.ReceivedTokenCallbackHandler
 org.apache.cxf.ws.security.trust.delegation.WSSUsernameCallbackHandler</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.STS_TOKEN_ACT_AS">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="STS_TOKEN_ON_BEHALF_OF">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>STS_TOKEN_ON_BEHALF_OF</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> STS_TOKEN_ON_BEHALF_OF</pre>
<div class="block">The token to be sent to the STS in an "OnBehalfOf" field. It can be either:
 a) A String (which must be an XML statement like "<wst:OnBehalfOf xmlns:wst=...>...</wst:OnBehalfOf>")
 b) A DOM Element
 c) A CallbackHandler object to use to obtain the token

 In the case of a CallbackHandler, it must be able to handle a
 org.apache.cxf.ws.security.trust.delegation.DelegationCallback Object, which contains a
 reference to the current Message. The CallbackHandler implementation is required to set
 the token Element to be sent in the request on the Callback.

 Some examples that can be reused are:
 org.apache.cxf.ws.security.trust.delegation.ReceivedTokenCallbackHandler
 org.apache.cxf.ws.security.trust.delegation.WSSUsernameCallbackHandler</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.STS_TOKEN_ON_BEHALF_OF">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="STS_TOKEN_IMMINENT_EXPIRY_VALUE">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>STS_TOKEN_IMMINENT_EXPIRY_VALUE</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> STS_TOKEN_IMMINENT_EXPIRY_VALUE</pre>
<div class="block">This is the value in seconds within which a token is considered to be expired by the
 client. When a cached token (from a STS) is retrieved by the client, it is considered
 to be expired if it will expire in a time less than the value specified by this tag.
 This prevents token expiry when the message is en route / being processed by the
 service. When the token is found to be expired then it will be renewed via the STS.

 The default value is 10 (seconds). Specify 0 to avoid this check.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.STS_TOKEN_IMMINENT_EXPIRY_VALUE">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="STS_TOKEN_CACHER_IMPL">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>STS_TOKEN_CACHER_IMPL</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> STS_TOKEN_CACHER_IMPL</pre>
<div class="block">An implementation of the STSTokenCacher interface, if you want to plug in custom caching behaviour for
 STS clients. The default value is the DefaultSTSTokenCacher.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.STS_TOKEN_CACHER_IMPL">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="STS_CHECK_FOR_RECURSIVE_CALL">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>STS_CHECK_FOR_RECURSIVE_CALL</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> STS_CHECK_FOR_RECURSIVE_CALL</pre>
<div class="block">Check that we are not invoking on the STS using its own IssuedToken policy - in which case we
 will end up with a recursive loop. This check might be a problem in the unlikely scenario that the
 remote endpoint has the same service / port QName as the STS, so this configuration flag allows to
 disable this check for that scenario. The default is "true".</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.STS_CHECK_FOR_RECURSIVE_CALL">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="AUDIENCE_RESTRICTIONS">
<!--   -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>AUDIENCE_RESTRICTIONS</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> AUDIENCE_RESTRICTIONS</pre>
<div class="block">This property contains a comma separated String corresponding to a list of audience restriction URIs.
 The default value for this property contains the request URL and the Service QName. If the
 AUDIENCE_RESTRICTION_VALIDATION property is "true", and if a received SAML Token contains audience
 restriction URIs, then one of them must match one of the values specified in this property.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../constant-values.html#org.apache.cxf.rt.security.SecurityConstants.AUDIENCE_RESTRICTIONS">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a name="COMMON_PROPERTIES">
<!--   -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>COMMON_PROPERTIES</h4>
<pre>public static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a>&lt;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>&gt; COMMON_PROPERTIES</pre>
</li>
</ul>
</li>
</ul>
<!-- ========= CONSTRUCTOR DETAIL ======== -->
<ul class="blockList">
<li class="blockList"><a name="constructor.detail">
<!--   -->
</a>
<h3>Constructor Detail</h3>
<a name="SecurityConstants--">
<!--   -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>SecurityConstants</h4>
<pre>protected&nbsp;SecurityConstants()</pre>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<!-- ========= END OF CLASS DATA ========= -->
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar.bottom">
<!--   -->
</a>
<div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a name="navbar.bottom.firstrow">
<!--   -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../overview-summary.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/SecurityConstants.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../help-doc.html">Help</a></li>
</ul>
<div class="aboutLanguage">Apache CXF API</div>
</div>
<div class="subNav">
<ul class="navList">
<li>Prev&nbsp;Class</li>
<li>Next&nbsp;Class</li>
</ul>
<ul class="navList">
<li><a href="../../../../../index.html?org/apache/cxf/rt/security/SecurityConstants.html" target="_top">Frames</a></li>
<li><a href="SecurityConstants.html" target="_top">No&nbsp;Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../allclasses-noframe.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_bottom");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li><a href="#field.summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#methods.inherited.from.class.java.lang.Object">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li><a href="#field.detail">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li>Method</li>
</ul>
</div>
<a name="skip.navbar.bottom">
<!--   -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
<p class="legalCopy"><small>Apache CXF</small></p>
</body>
</html>