Package org.apache.cxf.ws.security

Class SecurityConstants

  • public final class SecurityConstants
extends org.apache.cxf.rt.security.SecurityConstants
    Configuration tags used to configure the WS-SecurityPolicy layer. Some of them are also used by the non WS-SecurityPolicy approach in the WSS4J(Out|In)Interceptors.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static String ACTOR
      The actor or role name of the wsse:Security header.
      static String ADD_INCLUSIVE_PREFIXES
      Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS.
      static Set<String> ALL_PROPERTIES  
      static String ALWAYS_ENCRYPT_UT
      Whether to always encrypt UsernameTokens that are defined as a SupportingToken.
      static String ASYMMETRIC_SIGNATURE_ALGORITHM
      This configuration tag allows the user to override the default Asymmetric Signature algorithm (RSA-SHA1) for use in WS-SecurityPolicy, as the WS-SecurityPolicy specification does not allow the use of other algorithms at present.
      static String BST_TOKEN_VALIDATOR
      The WSS4J Validator instance to use to validate BinarySecurityTokens.
      static String CACHE_CONFIG_FILE
      Set this property to point to a configuration file for the underlying caching implementation for the TokenStore.
      static String CACHE_IDENTIFIER
      The Cache Identifier to use with the TokenStore.
      static String DELEGATED_CREDENTIAL
      A delegated credential to use for WS-Security.
      static String DISABLE_REQ_CLIENT_CERT_CHECK
      Whether to disable the enforcement of the WS-SecurityPolicy 'RequireClientCertificate' policy.
      static String ENABLE_NONCE_CACHE
      Whether to cache UsernameToken nonces.
      static String ENABLE_SAML_ONE_TIME_USE_CACHE
      Whether to cache SAML2 Token Identifiers, if the token contains a "OneTimeUse" Condition.
      static String ENABLE_STREAMING_SECURITY
      Whether to enable streaming WS-Security.
      static String ENABLE_TIMESTAMP_CACHE
      Whether to cache Timestamp Created Strings (these are only cached in conjunction with a message Signature).The default value is "true" for message recipients, and "false" for message initiators.
      static String EXPAND_XOP_INCLUDE
      Whether to search for and expand xop:Include Elements for encryption and signature (on the outbound side) or for signature verification (on the inbound side).
      static String IS_BSP_COMPLIANT
      Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not.
      static String KERBEROS_CLIENT
      A reference to the KerberosClient class used to obtain a service ticket.
      static String KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM
      Whether the Kerberos username is in servicename form or not.
      static String KERBEROS_JAAS_CONTEXT_NAME
      The JAAS Context name to use for Kerberos.
      static String KERBEROS_REQUEST_CREDENTIAL_DELEGATION
      Whether to request credential delegation or not in the KerberosClient.
      static String KERBEROS_SPN
      The Kerberos Service Provider Name (spn) to use.
      static String KERBEROS_USE_CREDENTIAL_DELEGATION
      Whether to use credential delegation or not in the KerberosClient.
      static String MUST_UNDERSTAND
      Set this to "false" in order to remove the SOAP mustUnderstand header from security headers generated based on a WS-SecurityPolicy.
      static String NONCE_CACHE_INSTANCE
      This holds a reference to a ReplayCache instance used to cache UsernameToken nonces.
      static String PASSWORD_ENCRYPTOR_INSTANCE
      This holds a reference to a PasswordEncryptor instance, which is used to encrypt or decrypt passwords in the Merlin Crypto implementation (or any custom Crypto implementations).
      static String POLICY_VALIDATOR_MAP
      This refers to a Map of QName, SecurityPolicyValidator, which retrieves a SecurityPolicyValidator implementation to validate a particular security policy, based on the QName of the policy.
      static String RETURN_SECURITY_ERROR
      Whether to return the security error message to the client, and not the default error message.
      static String SAML_ONE_TIME_USE_CACHE_INSTANCE
      This holds a reference to a ReplayCache instance used to cache SAML2 Token Identifiers, when the token has a "OneTimeUse" Condition.
      static String SAML1_TOKEN_VALIDATOR
      The WSS4J Validator instance to use to validate SAML 1.1 Tokens.
      static String SAML2_TOKEN_VALIDATOR
      The WSS4J Validator instance to use to validate SAML 2.0 Tokens.
      static String SCT_TOKEN_VALIDATOR
      The WSS4J Validator instance to use to validate SecurityContextTokens.
      static String SECURITY_CONTEXT_CREATOR
      A WSS4JSecurityContextCreator implementation that is used to create a CXF SecurityContext from the set of WSS4J processing results.
      static String SECURITY_TOKEN_LIFETIME
      The security token lifetime value (in milliseconds).
      static String SIGNATURE_TOKEN_VALIDATOR
      The WSS4J Validator instance to use to validate trust in credentials used in Signature verification.
      static String SPNEGO_CLIENT_ACTION
      The SpnegoClientAction implementation to use for SPNEGO.
      static String STORE_BYTES_IN_ATTACHMENT
      Whether to store bytes (CipherData or BinarySecurityToken) in an attachment.
      static String SUBJECT_ROLE_CLASSIFIER
      The Subject Role Classifier to use.
      static String SUBJECT_ROLE_CLASSIFIER_TYPE
      The Subject Role Classifier Type to use.
      static String SYMMETRIC_SIGNATURE_ALGORITHM
      This configuration tag allows the user to override the default Symmetric Signature algorithm (HMAC-SHA1) for use in WS-SecurityPolicy, as the WS-SecurityPolicy specification does not allow the use of other algorithms at present.
      static String TIMESTAMP_CACHE_INSTANCE
      This holds a reference to a ReplayCache instance used to cache Timestamp Created Strings.
      static String TIMESTAMP_FUTURE_TTL
      The time in seconds in the future within which the Created time of an incoming Timestamp is valid.
      static String TIMESTAMP_TOKEN_VALIDATOR
      The WSS4J Validator instance to use to validate Timestamps.
      static String TIMESTAMP_TTL
      The time in seconds to append to the Creation value of an incoming Timestamp to determine whether to accept the Timestamp as valid or not.
      static String TOKEN  
      static String TOKEN_ELEMENT  
      static String TOKEN_ID  
      static String TOKEN_STORE_CACHE_INSTANCE
      The TokenStore instance to use to cache security tokens.
      static String USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM
      This configuration flag allows the user to decide whether the default Attachment-Complete transform or the Attachment-Content-Only transform should be used when an Attachment is encrypted via a WS-SecurityPolicy expression.
      static String USE_STR_TRANSFORM
      Whether to use the STR (Security Token Reference) Transform when (externally) signing a SAML Token.
      static String USERNAME_TOKEN_VALIDATOR
      The WSS4J Validator instance to use to validate UsernameTokens.
      static String USERNAMETOKEN_FUTURE_TTL
      The time in seconds in the future within which the Created time of an incoming UsernameToken is valid.
      static String USERNAMETOKEN_TTL
      The time in seconds to append to the Creation value of an incoming UsernameToken to determine whether to accept the UsernameToken as valid or not.
      static String VALIDATE_TOKEN
      Whether to validate the password of a received UsernameToken or not.

      • Fields inherited from class org.apache.cxf.rt.security.SecurityConstants

        AUDIENCE_RESTRICTION_VALIDATION, AUDIENCE_RESTRICTIONS, CACHE_ISSUED_TOKEN_IN_ENDPOINT, CALLBACK_HANDLER, CERT_CONSTRAINTS_SEPARATOR, COMMON_PROPERTIES, DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS, ENABLE_REVOCATION, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, ENABLE_UT_NOPASSWORD_PRINCIPAL, ENCRYPT_CERT, ENCRYPT_CRYPTO, ENCRYPT_PROPERTIES, ENCRYPT_USERNAME, PASSWORD, PREFER_WSMEX_OVER_STS_CLIENT_CONFIG, SAML_CALLBACK_HANDLER, SAML_ROLE_ATTRIBUTENAME, SC_FROM_JAAS_SUBJECT, SIGNATURE_CRYPTO, SIGNATURE_PASSWORD, SIGNATURE_PROPERTIES, SIGNATURE_USERNAME, STS_APPLIES_TO, STS_CHECK_FOR_RECURSIVE_CALL, STS_CLIENT, STS_CLIENT_SOAP12_BINDING, STS_ISSUE_AFTER_FAILED_RENEW, STS_TOKEN_ACT_AS, STS_TOKEN_CACHER_IMPL, STS_TOKEN_CRYPTO, STS_TOKEN_DO_CANCEL, STS_TOKEN_IMMINENT_EXPIRY_VALUE, STS_TOKEN_ON_BEHALF_OF, STS_TOKEN_PROPERTIES, STS_TOKEN_USE_CERT_FOR_KEYINFO, STS_TOKEN_USERNAME, SUBJECT_CERT_CONSTRAINTS, USERNAME, VALIDATE_SAML_SUBJECT_CONFIRMATION

    • Field Detail

      • ACTOR

        public static final String ACTOR
        The actor or role name of the wsse:Security header. If this parameter is omitted, the actor name is not set.
        See Also:
        Constant Field Values

      • VALIDATE_TOKEN

        public static final String VALIDATE_TOKEN
        Whether to validate the password of a received UsernameToken or not. The default is true.
        See Also:
        Constant Field Values

      • ALWAYS_ENCRYPT_UT

        public static final String ALWAYS_ENCRYPT_UT
        Whether to always encrypt UsernameTokens that are defined as a SupportingToken. The default is true. This should not be set to false in a production environment, as it exposes the password (or the digest of the password) on the wire.
        See Also:
        Constant Field Values

      • IS_BSP_COMPLIANT

        public static final String IS_BSP_COMPLIANT
        Whether to ensure compliance with the Basic Security Profile (BSP) 1.1 or not. The default value is "true".
        See Also:
        Constant Field Values

      • ENABLE_NONCE_CACHE

        public static final String ENABLE_NONCE_CACHE
        Whether to cache UsernameToken nonces. The default value is "true" for message recipients, and "false" for message initiators. Set it to true to cache for both cases. Set this to "false" to not cache UsernameToken nonces. Note that caching only applies when either a UsernameToken WS-SecurityPolicy is in effect, or else that a UsernameToken action has been configured for the non-security-policy case.
        See Also:
        Constant Field Values

      • ENABLE_TIMESTAMP_CACHE

        public static final String ENABLE_TIMESTAMP_CACHE
        Whether to cache Timestamp Created Strings (these are only cached in conjunction with a message Signature).The default value is "true" for message recipients, and "false" for message initiators. Set it to true to cache for both cases. Set this to "false" to not cache Timestamp Created Strings. Note that caching only applies when either a "IncludeTimestamp" policy is in effect, or else that a Timestamp action has been configured for the non-security-policy case.
        See Also:
        Constant Field Values

      • ENABLE_STREAMING_SECURITY

        public static final String ENABLE_STREAMING_SECURITY
        Whether to enable streaming WS-Security. If set to false (the default), the old DOM implementation is used. If set to true, the new streaming (StAX) implementation is used.
        See Also:
        Constant Field Values

      • RETURN_SECURITY_ERROR

        public static final String RETURN_SECURITY_ERROR
        Whether to return the security error message to the client, and not the default error message. The "real" security errors should not be returned to the client in a deployment scenario, as they may leak information about the deployment, or otherwise provide a "oracle" for attacks. The default is false.
        See Also:
        Constant Field Values

      • MUST_UNDERSTAND

        public static final String MUST_UNDERSTAND
        Set this to "false" in order to remove the SOAP mustUnderstand header from security headers generated based on a WS-SecurityPolicy. The default value is "true" which included the SOAP mustUnderstand header.
        See Also:
        Constant Field Values

      • ENABLE_SAML_ONE_TIME_USE_CACHE

        public static final String ENABLE_SAML_ONE_TIME_USE_CACHE
        Whether to cache SAML2 Token Identifiers, if the token contains a "OneTimeUse" Condition. The default value is "true" for message recipients, and "false" for message initiators. Set it to true to cache for both cases. Set this to "false" to not cache SAML2 Token Identifiers. Note that caching only applies when either a "SamlToken" policy is in effect, or else that a SAML action has been configured for the non-security-policy case.
        See Also:
        Constant Field Values

      • STORE_BYTES_IN_ATTACHMENT

        public static final String STORE_BYTES_IN_ATTACHMENT
        Whether to store bytes (CipherData or BinarySecurityToken) in an attachment. The default is true if MTOM is enabled. Set it to false to BASE-64 encode the bytes and "inlined" them in the message instead. Setting this to true is more efficient, as it means that the BASE-64 encoding step can be skipped. This only applies to the DOM WS-Security stack.
        See Also:
        Constant Field Values

      • USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM

        public static final String USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM
        This configuration flag allows the user to decide whether the default Attachment-Complete transform or the Attachment-Content-Only transform should be used when an Attachment is encrypted via a WS-SecurityPolicy expression. The default is "false", meaning that the "complete" transformation is used.
        See Also:
        Constant Field Values

      • USE_STR_TRANSFORM

        public static final String USE_STR_TRANSFORM
        Whether to use the STR (Security Token Reference) Transform when (externally) signing a SAML Token. The default is true. Some frameworks cannot handle processing the SecurityTokenReference is created, hence set this configuration option to "false" in this case.
        See Also:
        Constant Field Values

      • ADD_INCLUSIVE_PREFIXES

        public static final String ADD_INCLUSIVE_PREFIXES
        Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS. Default is "true".
        See Also:
        Constant Field Values

      • DISABLE_REQ_CLIENT_CERT_CHECK

        public static final String DISABLE_REQ_CLIENT_CERT_CHECK
        Whether to disable the enforcement of the WS-SecurityPolicy 'RequireClientCertificate' policy. Default is "false". Some servers may not do client certificate verification at the start of the SSL handshake, and therefore the client certs may not be available to the WS-Security layer for policy verification at that time.
        See Also:
        Constant Field Values

      • EXPAND_XOP_INCLUDE

        public static final String EXPAND_XOP_INCLUDE
        Whether to search for and expand xop:Include Elements for encryption and signature (on the outbound side) or for signature verification (on the inbound side). This ensures that the actual bytes are signed, and not just the reference. The default is "true" if MTOM is enabled, false otherwise.
        See Also:
        Constant Field Values

      • TIMESTAMP_TTL

        public static final String TIMESTAMP_TTL
        The time in seconds to append to the Creation value of an incoming Timestamp to determine whether to accept the Timestamp as valid or not. The default value is 300 seconds (5 minutes).
        See Also:
        Constant Field Values

      • TIMESTAMP_FUTURE_TTL

        public static final String TIMESTAMP_FUTURE_TTL
        The time in seconds in the future within which the Created time of an incoming Timestamp is valid. The default value is "60", to avoid problems where clocks are slightly askew. To reject all future-created Timestamps, set this value to "0".
        See Also:
        Constant Field Values

      • USERNAMETOKEN_TTL

        public static final String USERNAMETOKEN_TTL
        The time in seconds to append to the Creation value of an incoming UsernameToken to determine whether to accept the UsernameToken as valid or not. The default value is 300 seconds (5 minutes).
        See Also:
        Constant Field Values

      • USERNAMETOKEN_FUTURE_TTL

        public static final String USERNAMETOKEN_FUTURE_TTL
        The time in seconds in the future within which the Created time of an incoming UsernameToken is valid. The default value is "60", to avoid problems where clocks are slightly askew. To reject all future-created UsernameTokens, set this value to "0".
        See Also:
        Constant Field Values

      • SPNEGO_CLIENT_ACTION

        public static final String SPNEGO_CLIENT_ACTION
        The SpnegoClientAction implementation to use for SPNEGO. This allows the user to plug in a different implementation to obtain a service ticket.
        See Also:
        Constant Field Values

      • NONCE_CACHE_INSTANCE

        public static final String NONCE_CACHE_INSTANCE
        This holds a reference to a ReplayCache instance used to cache UsernameToken nonces. The default instance that is used is the EHCacheReplayCache.
        See Also:
        Constant Field Values

      • TIMESTAMP_CACHE_INSTANCE

        public static final String TIMESTAMP_CACHE_INSTANCE
        This holds a reference to a ReplayCache instance used to cache Timestamp Created Strings. The default instance that is used is the EHCacheReplayCache.
        See Also:
        Constant Field Values

      • SAML_ONE_TIME_USE_CACHE_INSTANCE

        public static final String SAML_ONE_TIME_USE_CACHE_INSTANCE
        This holds a reference to a ReplayCache instance used to cache SAML2 Token Identifiers, when the token has a "OneTimeUse" Condition. The default instance that is used is the EHCacheReplayCache.
        See Also:
        Constant Field Values

      • CACHE_CONFIG_FILE

        public static final String CACHE_CONFIG_FILE
        Set this property to point to a configuration file for the underlying caching implementation for the TokenStore. The default configuration file that is used is cxf-ehcache.xml in this module.
        See Also:
        Constant Field Values

      • TOKEN_STORE_CACHE_INSTANCE

        public static final String TOKEN_STORE_CACHE_INSTANCE
        The TokenStore instance to use to cache security tokens. By default this uses the EHCacheTokenStore if EhCache is available. Otherwise it uses the MemoryTokenStore.
        See Also:
        Constant Field Values

      • CACHE_IDENTIFIER

        public static final String CACHE_IDENTIFIER
        The Cache Identifier to use with the TokenStore. CXF uses the following key to retrieve a token store: "org.apache.cxf.ws.security.tokenstore.TokenStore-". This key can be used to configure service-specific cache configuration. If the identifier does not match, then it falls back to a cache configuration with key "org.apache.cxf.ws.security.tokenstore.TokenStore". The default "" is the QName of the service in question. However to pick up a custom cache configuration (for example, if you want to specify a TokenStore per-client proxy), it can be configured with this identifier instead.
        See Also:
        Constant Field Values

      • SUBJECT_ROLE_CLASSIFIER

        public static final String SUBJECT_ROLE_CLASSIFIER
        The Subject Role Classifier to use. If one of the WSS4J Validators returns a JAAS Subject from Validation, then the WSS4JInInterceptor will attempt to create a SecurityContext based on this Subject. If this value is not specified, then it tries to get roles using the DefaultSecurityContext in cxf-rt-core. Otherwise it uses this value in combination with the SUBJECT_ROLE_CLASSIFIER_TYPE to get the roles from the Subject.
        See Also:
        Constant Field Values

      • SUBJECT_ROLE_CLASSIFIER_TYPE

        public static final String SUBJECT_ROLE_CLASSIFIER_TYPE
        The Subject Role Classifier Type to use. If one of the WSS4J Validators returns a JAAS Subject from Validation, then the WSS4JInInterceptor will attempt to create a SecurityContext based on this Subject. Currently accepted values are "prefix" or "classname". Must be used in conjunction with the SUBJECT_ROLE_CLASSIFIER. The default value is "prefix".
        See Also:
        Constant Field Values

      • ASYMMETRIC_SIGNATURE_ALGORITHM

        public static final String ASYMMETRIC_SIGNATURE_ALGORITHM
        This configuration tag allows the user to override the default Asymmetric Signature algorithm (RSA-SHA1) for use in WS-SecurityPolicy, as the WS-SecurityPolicy specification does not allow the use of other algorithms at present.
        See Also:
        Constant Field Values

      • SYMMETRIC_SIGNATURE_ALGORITHM

        public static final String SYMMETRIC_SIGNATURE_ALGORITHM
        This configuration tag allows the user to override the default Symmetric Signature algorithm (HMAC-SHA1) for use in WS-SecurityPolicy, as the WS-SecurityPolicy specification does not allow the use of other algorithms at present.
        See Also:
        Constant Field Values

      • PASSWORD_ENCRYPTOR_INSTANCE

        public static final String PASSWORD_ENCRYPTOR_INSTANCE
        This holds a reference to a PasswordEncryptor instance, which is used to encrypt or decrypt passwords in the Merlin Crypto implementation (or any custom Crypto implementations). By default, WSS4J uses the JasyptPasswordEncryptor, which must be instantiated with a password to use to decrypt keystore passwords in the Merlin Crypto properties file. This password is obtained via the CallbackHandler defined via PW_CALLBACK_CLASS or PW_CALLBACK_REF. The encrypted passwords must be stored in the format "ENC(encoded encrypted password)".
        See Also:
        Constant Field Values

      • DELEGATED_CREDENTIAL

        public static final String DELEGATED_CREDENTIAL
        A delegated credential to use for WS-Security. Currently only a Kerberos GSSCredential Object is supported. This is used to retrieve a service ticket instead of using the client credentials.
        See Also:
        Constant Field Values

      • SECURITY_CONTEXT_CREATOR

        public static final String SECURITY_CONTEXT_CREATOR
        A WSS4JSecurityContextCreator implementation that is used to create a CXF SecurityContext from the set of WSS4J processing results. The default implementation is the DefaultWSS4JSecurityContextCreator. This configuration tag allows the user to plug in a custom way of setting up the CXF SecurityContext.
        See Also:
        Constant Field Values

      • SECURITY_TOKEN_LIFETIME

        public static final String SECURITY_TOKEN_LIFETIME
        The security token lifetime value (in milliseconds). The default is "300000" (5 minutes).
        See Also:
        Constant Field Values

      • USERNAME_TOKEN_VALIDATOR

        public static final String USERNAME_TOKEN_VALIDATOR
        The WSS4J Validator instance to use to validate UsernameTokens. The default value is the UsernameTokenValidator.
        See Also:
        Constant Field Values

      • SAML1_TOKEN_VALIDATOR

        public static final String SAML1_TOKEN_VALIDATOR
        The WSS4J Validator instance to use to validate SAML 1.1 Tokens. The default value is the SamlAssertionValidator.
        See Also:
        Constant Field Values

      • SAML2_TOKEN_VALIDATOR

        public static final String SAML2_TOKEN_VALIDATOR
        The WSS4J Validator instance to use to validate SAML 2.0 Tokens. The default value is the SamlAssertionValidator.
        See Also:
        Constant Field Values

      • TIMESTAMP_TOKEN_VALIDATOR

        public static final String TIMESTAMP_TOKEN_VALIDATOR
        The WSS4J Validator instance to use to validate Timestamps. The default value is the TimestampValidator.
        See Also:
        Constant Field Values

      • SIGNATURE_TOKEN_VALIDATOR

        public static final String SIGNATURE_TOKEN_VALIDATOR
        The WSS4J Validator instance to use to validate trust in credentials used in Signature verification. The default value is the SignatureTrustValidator.
        See Also:
        Constant Field Values

      • BST_TOKEN_VALIDATOR

        public static final String BST_TOKEN_VALIDATOR
        The WSS4J Validator instance to use to validate BinarySecurityTokens. The default value is the NoOpValidator.
        See Also:
        Constant Field Values

      • SCT_TOKEN_VALIDATOR

        public static final String SCT_TOKEN_VALIDATOR
        The WSS4J Validator instance to use to validate SecurityContextTokens. The default value is the NoOpValidator.
        See Also:
        Constant Field Values

      • POLICY_VALIDATOR_MAP

        public static final String POLICY_VALIDATOR_MAP
        This refers to a Map of QName, SecurityPolicyValidator, which retrieves a SecurityPolicyValidator implementation to validate a particular security policy, based on the QName of the policy. Any SecurityPolicyValidator implementation defined in this map will override the default value used internally for the corresponding QName.
        See Also:
        Constant Field Values

      • KERBEROS_REQUEST_CREDENTIAL_DELEGATION

        public static final String KERBEROS_REQUEST_CREDENTIAL_DELEGATION
        Whether to request credential delegation or not in the KerberosClient. If this is set to "true", then it tries to get a kerberos service ticket that can be used for delegation. The default is "false".
        See Also:
        Constant Field Values

      • KERBEROS_USE_CREDENTIAL_DELEGATION

        public static final String KERBEROS_USE_CREDENTIAL_DELEGATION
        Whether to use credential delegation or not in the KerberosClient. If this is set to "true", then it tries to get a GSSCredential Object from the Message Context using the DELEGATED_CREDENTIAL configuration tag below, and then use this to obtain a service ticket. The default is "false".
        See Also:
        Constant Field Values

      • KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM

        public static final String KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM
        Whether the Kerberos username is in servicename form or not. The default is "false".
        See Also:
        Constant Field Values

      • KERBEROS_JAAS_CONTEXT_NAME

        public static final String KERBEROS_JAAS_CONTEXT_NAME
        The JAAS Context name to use for Kerberos.
        See Also:
        Constant Field Values

      • KERBEROS_SPN

        public static final String KERBEROS_SPN
        The Kerberos Service Provider Name (spn) to use.
        See Also:
        Constant Field Values

      • KERBEROS_CLIENT

        public static final String KERBEROS_CLIENT
        A reference to the KerberosClient class used to obtain a service ticket.
        See Also:
        Constant Field Values

      • ALL_PROPERTIES

        public static final Set<String> ALL_PROPERTIES