com.ibm.wsspi.wssecurity.core

Interface Constants



  • public interface Constants

    Generic Constants used by the WS-Security runtime.

    Version:
    5.02
    • Field Summary

      Fields 
      Modifier and Type Field and Description
      static java.lang.String ATTACH_HASHKEY_SUPPORT_KRB_TOKEN_REQUIRED
      This is the key used to require the client to send secure hash key of Kerberos APREQ for support (authentication) token in each request
      static java.lang.String ATTACH_KERBEROS_AP_REQUIRED
      This is the key used to require the client to send Kerberos APREQ for protection token in each request
      static java.lang.String AVOID_70_BINDINGS_NS_CHECK 
      static java.lang.String AXIOM_PROCESSING_ELEMENT
      The key is used to get AXIOM based SOAP processing element object in custom login module for custom security token.
      static java.lang.String BASE_TOKEN_CLIENT_SECRET
      This property is used to share the information between referenced token and derived key token login modules
      static java.lang.String BASE_TOKEN_IDENTIFIER_ENCODED_TYPE
      This property is used to specify base token identifier is encoded
      static java.lang.String BASE_TOKEN_IDENTIFIER_TYPE
      This property is used to specify derived key token should reference its base token
      static java.lang.String BASE_TOKEN_INSTANCE
      This property is used to share the information between referenced token and derived key token login modules
      static java.lang.String BASE_TOKEN_KEY_BYTES
      This property is used to share the information between referenced token and derived key token login modules
      static java.lang.String BASE_TOKEN_REFERENCE
      This property is used to share the information between referenced token and derived key token login modules
      static java.lang.String BASE_TOKEN_SERVER_SECRET
      This property is used to share the information between referenced token and derived key token login modules
      static java.lang.String BASE_TOKEN_VALUE_TYPE
      This property is used to share the information between referenced token and derived key token login modules
      static java.lang.String BYPASS_HEADER
      This key is used to specify that WSS constraints should be ignored when application security is disabled.
      static java.lang.String CREATE_SECURITY_TOKEN_REFERENCE
      This is the key used to specify the option to create a SecurityTokenReference after SecurityToken is created, and insert it into SOAP security head after the inserted SecurityToken.
      static java.lang.String CUSTOMER_TOKEN_HOLDER
      This key is used to place a token or an list of tokens on the message context for use by token generators and/or token consumers.
      static java.lang.String DEFAULT_DERIVEDKEY_LABEL
      This is the default value of the label used for derived key token
      static java.lang.String DERIVED_KEY_LENGTH 
      static java.lang.String DOM_ELEMENT_ENABLED
      The key is used in token generator and consumer bindings custom properties to construct a DOM based SOAP processing element object and make the object available to custom login module for custom security token.
      static java.lang.String DOM_PROCESSING_ELEMENT
      The key is used to get DOM(Document Object Model) based SOAP processing element object in custom login module for custom security token.
      static java.lang.String ENABLE_CAPTURE_TOKEN_CONTEXT
      This is the key used to specify that a token consumer and/or token generator that is enabled to do so should attempt to obtain its token from the tokenHolder on the message context.
      static java.lang.String ENABLE_CAPTURE_TOKEN_INBOUND
      This is the key used to specify that a token consumer and/or token generator that is enabled to do so should attempt to obtain its token from the set of SecurityTokens in the inbound message.
      static java.lang.String ENCRYPTED_HEADER_GENERATE_WSS10 
      static java.lang.String ENCRYPTED_HEADER_GENERATE_WSS11_PRE_FP13 
      static java.lang.String ENCRYPTED_HEADER_PRE_V7_COMPATIBILITY
      This property is specified "true" when backward-compatibility is needed instead of compliance with Basic Security Profile rule R5624.
      static java.lang.String EXTERNAL_TOKEN_REFERENCE
      This property is used to share the information between referenced token and derived key token login modules
      static java.lang.String INCLUDE_SCT_IN_REQUEST 
      static java.lang.String INCLUDE_SCT_IN_RESPONSE 
      static java.lang.String INTERNAL_TOKEN_REFERENCE
      This property is used to share the information between referenced token and derived key token login modules
      static java.lang.String LTPAV1_TOKEN_GENERATE_PRE_V7 
      static java.lang.String PRE_V7_FORMAT_OF_INCLUDING_SCT_IN_MESSAGE
      To support the Web Services Feature Pack (WebSphere AppServer 6.1)behavior of including SCT in the messages.
      static java.lang.String REFRESH_LTPA_CREDENTIAL
      This is the key used to specify the option to refresh WebSphere security WSCredential to ensure that wsCredential will remain valid for the duration of the request timeout This property is true unless it is set to false.
      static java.lang.String REMOVE_AUXILIARY_SECURITY_TOKEN
      This is the key used to specify the option if auxiliary SecurityToken, like DerivedKeyToken, should be included in RunAs Subject.
      static java.lang.String REMOVE_SENSITIVE_USER_DATA
      This is the key used to specify the option if sensitive user data should be preserved in SecurityToken before it is added to RunAs subject.
      static java.lang.String RETRY_TRUST_AFTER_FAILURE
      This is the key used to specify the option to, after a trust failure, have a signature token consumer reload the trust keystore and attempt the trust validation one additional time.
      static java.lang.String STR_WSSECURITY_MAPPED_DN
      This is the key used to specify the mapped principal done by the custom Identity Mapping login module for Kerberos token.
      static java.lang.String SUPPRESS_POLICYSET_OVERRIDE_WARNING 
      static java.lang.String TOKEN_FORWARDABLE
      This is the key used to specify the option to make token propagable This property is true unless it is set to false.
      static java.lang.String TOLERATE_WSFP_TRUST_REQUEST 
      static java.lang.String WEBSPHERE_SECURITY_CONTEXT 
      static java.lang.String WSSECURITY_ADD_NONCE
      This is the key used when the nonce is inserted into a username token.
      static java.lang.String WSSECURITY_ADD_TIMESTAMP
      This is the key used when the timestamp is inserted into a username token.
      static java.lang.String WSSECURITY_BASIC_AUTH_TOKEN
      This is the key used to cache username token for basic authentication.
      static java.lang.String WSSECURITY_CALLER_IDENTITY
      This is the key used to specify the token for caller identity.
      static java.lang.String WSSECURITY_CALLER_IDENTITY_CANDIDATES
      This is the key used to specify the candidates for caller identity.
      static java.lang.String WSSECURITY_CALLER_PROCESS_DONE
      This is the key used when the caller identification is finished while the LoginProcessor processes.
      static java.lang.String WSSECURITY_CALLER_TOKEN_LN
      This is the key used to specify the local part of token consumer.
      static java.lang.String WSSECURITY_CALLER_TOKEN_NS
      This is the key used to specify the namespace URI of token consumer.
      static java.lang.String WSSECURITY_CBIND
      This is the key used when a CallbackHandler invokes other Web Services with Web Services Security.
      static java.lang.String WSSECURITY_CDD
      This is the key used when a CallbackHandler invokes other Web Services with Web Services Security.
      static java.lang.String WSSECURITY_CHECK_HMAC_OUTPUT_LENGTH
      When consuming the inbound request, if the HMACOutputLength mentioned in the request is less than the pre-defined value (80 bits), we throw exception.
      static java.lang.String WSSECURITY_CHECK_OPERATION_LEVEL_POLICIES
      When consuming the inbound request, if there is no soapAction in the request message, we check to see if there are any policies defined at the operation level.
      static java.lang.String WSSECURITY_CRED
      This is the key used by pluggable token JAAS Login Module to look up the WSCredential created by the WSSecurityMappingModule JAAS Login Module in the shared state.
      static java.lang.String WSSECURITY_DATA_ENCRYPTION_ALGORITHM
      This is the key used when an algorithmURI is for data encryption processing.
      static java.lang.String WSSECURITY_DAYS_BEFORE_EXPIRE_WARNING_KEYS
      This is the key used to specify the days before key expiration to log warning.
      static java.lang.String WSSECURITY_DIGEST_ALGORITHM
      This is the key used when an algorithmURI is for digest processing.
      static java.lang.String WSSECURITY_DN
      This is the key used by pluggable token JAAS Login Module to put the DN in the shared state.
      static java.lang.String WSSECURITY_ENCRYPT_EMPTY_CONTENT
      This property is used to control whether to encrypt the content of elements that have no children.
      static java.lang.String WSSECURITY_GET_MUSTUNDERSTAND
      This key is used specify that the provider should always respond with a mustUnderstand="1" attribute in the ws-security header.
      static java.lang.String WSSECURITY_INCLUSIVE_NAMESPACES
      This is the key used when the <ds:CanonicalizationMethod> element has the <ec:InclusiveNamespaces> element.
      static java.lang.String WSSECURITY_INITIAL_SENDER_CERT
      This is the key used to store the certificate of initial sender.
      static java.lang.String WSSECURITY_INITIAL_SENDER_ID
      This is the key used to store the identifier of initial sender.
      static java.lang.String WSSECURITY_ISSUER_NAME
      This is the key used to specify the issure name of the runtime's own X509 certificate in the configuration.
      static java.lang.String WSSECURITY_ISSUER_SERIAL
      This is the key used to specify the issure serial number of the runtime's own X509 certificate in the configuration.
      static java.lang.String WSSECURITY_KEY_EMBID
      This is the key used when the identifier to be embedded is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoCotent{Generator/Consumer} object to a KeyLocator object.
      static java.lang.String WSSECURITY_KEY_ENCODING
      This is the key used when the encoding of key identifier is passed to a KeyLocator object.
      static java.lang.String WSSECURITY_KEY_ENCODING_LN
      This is the key used to specify the local part of the encoding of key identifier.
      static java.lang.String WSSECURITY_KEY_ENCODING_NS
      This is the key used to specify the namespace URI of the encoding of key identifier.
      static java.lang.String WSSECURITY_KEY_ENCRYPTION_ALGORITHM
      This is the key used when an algorithmURI is for key encryption processing.
      static java.lang.String WSSECURITY_KEY_ID
      This is the key used when key identifier is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoCotent{Generator/Consumer} object to a KeyLocator object.
      static java.lang.String WSSECURITY_KEY_IDTYPE
      This is the key used when the calculation method of key identifier is passed to a KeyLocator object.
      static java.lang.String WSSECURITY_KEY_IDTYPE_LN
      This is the key used to specify the local part of the calculation method of key identifier, if necessary.
      static java.lang.String WSSECURITY_KEY_IDTYPE_NS
      This is the key used to specify the namespace URI of the calculation method of key identifier, if necessary.
      static java.lang.String WSSECURITY_KEY_ISSUERNAME
      This is the key used when the issuer name of X509 certificate is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoCotent{Generator/Consumer} object to a KeyLocator object.
      static java.lang.String WSSECURITY_KEY_ISSUERSERIAL
      This is the key used when the issuer serial of X509 certificate is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoCotent{Generator/Consumer} object to a KeyLocator object.
      static java.lang.String WSSECURITY_KEY_NAME
      This is the key used when the key name or the subject name of X509 certificate is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoCotent{Generator/Consumer} object to a KeyLocator object.
      static java.lang.String WSSECURITY_KEY_NAMEREF
      This is the key used when key name is passed to a KeyLocator object.
      static java.lang.String WSSECURITY_KEY_REFERENCE
      This is the key used when reference URI is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoCotent{Generator/Consumer} object to a KeyLocator object.
      static java.lang.String WSSECURITY_KEY_THUMBPRINT_REFERENCE
      This is the key used when thumbprint reference is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoContent{Generator/Consumer} object to a KeyLocator object.
      static java.lang.String WSSECURITY_KEY_TYPE
      This is the key used when key type is passed to a KeyLocator object.
      static java.lang.String WSSECURITY_KEY_VALUETYPE
      This is the key used when the value type of the referenced token is passed to a KeyLocator object.
      static java.lang.String WSSECURITY_KEY_VALUETYPE_LN
      This is the key used to specify the local part of the value type of key identifier.
      static java.lang.String WSSECURITY_KEY_VALUETYPE_NS
      This is the key used to specify the namespace URI of the value type of key identifier.
      static java.lang.String WSSECURITY_KEYINFO_TOKEN_REFERENCE
      This is the key used to specify the days before key expiration to log warning.
      static java.lang.String WSSECURITY_KEYINFO_TYPE
      This is the key used when the type of key information is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoCotent{Generator/Consumer} object to a KeyLocator object.
      static java.lang.String WSSECURITY_KEYINFO_UNIQUE_NAME
      This is the key used to identify the keyInfo
      static java.lang.String WSSECURITY_KRB5TOKEN_CLIENTREALM
      This is the key used to specify the Kerberos realm name associated with the Kerberos client principal.
      static java.lang.String WSSECURITY_KRB5TOKEN_LOGINPROMPT
      This is the key used to prompt for the Web Services' Kerberos Initiator Principal Name.
      static java.lang.String WSSECURITY_KRB5TOKEN_SERVICEHOST
      This is the key used to specify the host name associated with Kerberos service name of the target Web Services.
      static java.lang.String WSSECURITY_KRB5TOKEN_SERVICENAME
      This is the key used to specify the Kerberos service name associated with the target Web Services.
      static java.lang.String WSSECURITY_KRB5TOKEN_SERVICEREALM
      This is the key used to specify the Kerberos realm name associated with the Kerberos service name of the target Web Services.
      static java.lang.String WSSECURITY_KRB5TOKEN_VALUETYPE
      This is the key used to specify the value type associated with the Kerberos token.
      static java.lang.String WSSECURITY_MESSAGE_CONTEXT
      This is the key used to get the message context from the context in the WS-Security handler.
      static java.lang.String WSSECURITY_MTOM_OPTIMIZE_ENCRYPTED_DATA
      This is the key used to specify the encrypted data should be MTOM optimized.
      static java.lang.String WSSECURITY_NONCE_CACHE_TIMEOUT
      This is the key used to specify the timeout of nonce cache.
      static java.lang.String WSSECURITY_NONCE_CLOCK_SKEW
      This is the key used to specify the clock skew of nonce.
      static java.lang.String WSSECURITY_NONCE_MAX_AGE
      This is the key used to specify the max age of nonce.
      static java.lang.String WSSECURITY_PERSIST_CLIENT_SECURITY_CONTEXT 
      static java.lang.String WSSECURITY_RSAOAEP_DIGEST_METHOD
      This is the key used to specify the digest method algorithm URI to be used with RSA-OAEP encryption on the generator side.
      static java.lang.String WSSECURITY_RSAOAEP_PARAMS
      This is the key used to specify the bytes of the optional OAEPparams element to be used with RSA-OAEP encryption on the generator side.
      static java.lang.String WSSECURITY_SECURECONVERSATION_CACHE_CUSHION
      This is the key used to specify the time in minutes to renew a SecurityContextToken to be used with WS-SecureConversation on the client side, so SCT has enough time to complete down stream call.
      static java.lang.String WSSECURITY_SECURECONVERSATION_CLOCK_SKEW_TOLERANCE
      This is the key used to specify the tolerant clock skew time between two machines for a token.
      static java.lang.String WSSECURITY_SECURECONVERSATION_IDENTIFIER
      This is the key used to specify the name of the optional MessageContext property to be used with WS-SecureConversation on the generator side.
      static java.lang.String WSSECURITY_SECURITY_TOKEN_MANAGER
      This is the key used to get the security token manager from the context in the WS-Security handler.
      static java.lang.String WSSECURITY_SEND_REALM
      This is the key used when the realm is sent.
      static java.lang.String WSSECURITY_SET_MUSTUNDERSTAND
      This key is used specify the mustUnderstand setting in the ws-security header.
      static java.lang.String WSSECURITY_SIGNATURE_ALGORITHM
      This is the key used when an algorithmURI is for signature processing.
      static java.lang.String WSSECURITY_SUBJECT
      This is the key used to get the subject from the context in the WS-Security handler.
      static java.lang.String WSSECURITY_TIMESTAMP_CLOCK_SKEW
      This is the key used to specify the clock skew of timestamp.
      static java.lang.String WSSECURITY_TIMESTAMP_DIALECT
      This is the key used when the timestamp header is inserted at the specified position in the message.
      static java.lang.String WSSECURITY_TIMESTAMP_KEYWORD
      This is the key used when the timestamp header is inserted at the specified position in the message.
      static java.lang.String WSSECURITY_TIMESTAMP_MAX_AGE
      This is the key used to specify the max age of timestamp.
      static java.lang.String WSSECURITY_TIMESTAMP_SOAPHEADER
      This is the key used when the timestamp header requires a soapenv:mustUnderstand attribute.
      static java.lang.String WSSECURITY_TIMESTAMP_TIMEOUT
      This is the key used to specify the timeout of timestamp.
      static java.lang.String WSSECURITY_TOKEN_FOR_ERROR_HANDLING
      This is the key used to specify the security token used for error handling.
      static java.lang.String WSSECURITY_TOKEN_LOGININFO
      This is the key used to specify the security token identified in the TokenGenerator/TokenConsumer object.
      static java.lang.String WSSECURITY_TOKEN_PROCESSED
      This is the key used to specify a list of security tokens created or acquired from the Subject in the LoginModule object.
      static java.lang.String WSSECURITY_TOKEN_PROPERGATION
      Deprecated. 

      static java.lang.String WSSECURITY_TOKEN_TO_BE_INSERTED
      This is the key used to specify a list of security tokens to be inserted into the message in the the TokenGenerator object.
      static java.lang.String WSSECURITY_TOKEN_WSSSUBJECT
      This is the key used to retrieve tokens from the message context.
      static java.lang.String WSSECURITY_TOKENELEMENT_REFERENCED
      This is the key used to specify the OMNode in the message that is referenced tokens specified with the WSSECURITY_TOKENS_TO_BE_INSERTED property.
      static java.lang.String WSSECURITY_TRUSTED_IDENTITY
      This is the key used to specify the token for trusted identity.
      static java.lang.String WSSECURITY_TRUSTED_IDENTITY_CANDIDATES
      This is the key used to specify the candidates for trusted identity.
      static java.lang.String WSSECURITY_TRUSTED_IDENTITY_LIST
      This is the key used to specify the collection of the trusted identities.
      static java.lang.String WSSECURITY_TRUSTED_REALM
      This is the key used to leverage the trusted realm feature.
      static java.lang.String WSSECURITY_USE_IDASSERTION
      This is the key used to indicate identity assertion.
      static java.lang.String WSSECURITY_USE_REQUESTOR_CERT
      This is the key used to store the certificate of requestor.
      static java.lang.String WSSECURITY_USE_RUNASIDENTITY
      This is the key used when the identity in the WAS invocation subject instead of the original caller in the WAS caller subject.
      static java.lang.String WSSECURITY_VERIFY_NONCE
      This is the key used when the nonce in a username token need to be verified.
      static java.lang.String WSSECURITY_VERIFY_TIMESTAMP
      This is the key used when the timestamp in a username token need to be verified.
      static java.lang.String WSSECURITY_WSSCONSUMER_CONFIG_KEY
      This is the key used to specify the WSSConsumerConfig object.
      static java.lang.String WSSECURITY_WSSGENERATOR_CONFIG_KEY
      This is the key used to specify the WSSGeneratorConfig object.
      static java.lang.String WSSECURITY_XPATH_EXPRESSION
      This is the key used to specify the XPath expression for XPath transform.
      static java.lang.String WSSECURITY_XPATH2_EXPRESSION
      This is the key used to specify the XPath expression for XPath filter 2 transform.
      static java.lang.String WSSECURITY_XPATH2_FILTER
      This is the key used to specify the filter attribute for XPath filter 2.
      static java.lang.String WSSECURITY_XPATH2_ORDER
      This is the key used to specify the order for XPath filter 2.
    • Field Detail

      • WSSECURITY_DN

        static final java.lang.String WSSECURITY_DN

        This is the key used by pluggable token JAAS Login Module to put the DN in the shared state. The WSSecurityMappingModule JAAS Login Module looks up the DN by using the key.

        See Also:
        WSSecurityMappingModule, Constant Field Values
      • WSSECURITY_CRED

        static final java.lang.String WSSECURITY_CRED

        This is the key used by pluggable token JAAS Login Module to look up the WSCredential created by the WSSecurityMappingModule JAAS Login Module in the shared state. The WSCredential only available after the login phase.

        See Also:
        WSCredential, WSSecurityMappingModule, Constant Field Values
      • WSSECURITY_CDD

        static final java.lang.String WSSECURITY_CDD

        This is the key used when a CallbackHandler invokes other Web Services with Web Services Security. This key specifies the client's deployment descriptor.

      • WSSECURITY_CBIND

        static final java.lang.String WSSECURITY_CBIND

        This is the key used when a CallbackHandler invokes other Web Services with Web Services Security. This key specifies the client's binding.

      • WSSECURITY_TOKEN_PROPERGATION

        static final java.lang.String WSSECURITY_TOKEN_PROPERGATION
        Deprecated. 

        This is the key used when a application sets a set of TokenID objects and gets a map of Token objects. This key is deprecated. See the WSSECURITY_TOKEN_WSSSUBJECT key instead.

      • WSSECURITY_TOKEN_WSSSUBJECT

        static final java.lang.String WSSECURITY_TOKEN_WSSSUBJECT

        This is the key used to retrieve tokens from the message context. To retrieve the tokens, use this key to retrieve a javax.security.auth.Subject instance from the message context. Then retrieve the tokens by using the getPrivateCredentials() (and possibly getPublicCredentials()) methods on the Subject instance.

      • WSSECURITY_USE_IDASSERTION

        static final java.lang.String WSSECURITY_USE_IDASSERTION

        This is the key used to indicate identity assertion.

      • WSSECURITY_USE_RUNASIDENTITY

        static final java.lang.String WSSECURITY_USE_RUNASIDENTITY

        This is the key used when the identity in the WAS invocation subject instead of the original caller in the WAS caller subject.

      • WSSECURITY_SEND_REALM

        static final java.lang.String WSSECURITY_SEND_REALM

        This is the key used when the realm is sent.

      • WSSECURITY_TRUSTED_REALM

        static final java.lang.String WSSECURITY_TRUSTED_REALM

        This is the key used to leverage the trusted realm feature.

      • WSSECURITY_USE_REQUESTOR_CERT

        static final java.lang.String WSSECURITY_USE_REQUESTOR_CERT

        This is the key used to store the certificate of requestor.

        See Also:
        Constant Field Values
      • WSSECURITY_ADD_TIMESTAMP

        static final java.lang.String WSSECURITY_ADD_TIMESTAMP

        This is the key used when the timestamp is inserted into a username token.

      • WSSECURITY_ADD_NONCE

        static final java.lang.String WSSECURITY_ADD_NONCE

        This is the key used when the nonce is inserted into a username token.

      • WSSECURITY_VERIFY_TIMESTAMP

        static final java.lang.String WSSECURITY_VERIFY_TIMESTAMP

        This is the key used when the timestamp in a username token need to be verified.

      • WSSECURITY_VERIFY_NONCE

        static final java.lang.String WSSECURITY_VERIFY_NONCE

        This is the key used when the nonce in a username token need to be verified.

      • WSSECURITY_BASIC_AUTH_TOKEN

        static final java.lang.String WSSECURITY_BASIC_AUTH_TOKEN

        This is the key used to cache username token for basic authentication.

        See Also:
        Constant Field Values
      • WSSECURITY_INITIAL_SENDER_ID

        static final java.lang.String WSSECURITY_INITIAL_SENDER_ID

        This is the key used to store the identifier of initial sender.

        See Also:
        Constant Field Values
      • WSSECURITY_INITIAL_SENDER_CERT

        static final java.lang.String WSSECURITY_INITIAL_SENDER_CERT

        This is the key used to store the certificate of initial sender.

        See Also:
        Constant Field Values
      • WSSECURITY_TIMESTAMP_SOAPHEADER

        static final java.lang.String WSSECURITY_TIMESTAMP_SOAPHEADER

        This is the key used when the timestamp header requires a soapenv:mustUnderstand attribute.

      • WSSECURITY_TIMESTAMP_DIALECT

        static final java.lang.String WSSECURITY_TIMESTAMP_DIALECT

        This is the key used when the timestamp header is inserted at the specified position in the message. The value of this key MUST be one of the following.

        1. WAS special keywords (http://www.ibm.com/websphere/webservices/wssecurity/dialect-was)
        2. XPath (http://www.w3.org/TR/1999/REC-xpath-19991116)
        3. WS-Policy function (http://schemas.xmlsoap.org/2002/12/wsse#part)

      • WSSECURITY_TIMESTAMP_KEYWORD

        static final java.lang.String WSSECURITY_TIMESTAMP_KEYWORD

        This is the key used when the timestamp header is inserted at the specified position in the message. The value of this key MUST be one of the following.

        1. SOAPHeaderFirst, SOAPHeaderLast, SecurityFrist, or SecurityLast (default) in case com.ibm.wsspi.wssecurity.timestamp.dialect is WAS special keywrods
        2. XPath expression in case com.ibm.wsspi.wssecurity.timestamp.dialect is XPath
        3. wsp:Body() or wsp:Header(***) in case com.ibm.wsspi.wssecurity.timestamp.dialect is WS-Policy function

      • WSSECURITY_ISSUER_NAME

        static final java.lang.String WSSECURITY_ISSUER_NAME

        This is the key used to specify the issure name of the runtime's own X509 certificate in the configuration.

      • WSSECURITY_ISSUER_SERIAL

        static final java.lang.String WSSECURITY_ISSUER_SERIAL

        This is the key used to specify the issure serial number of the runtime's own X509 certificate in the configuration.

      • WSSECURITY_SUBJECT

        static final java.lang.String WSSECURITY_SUBJECT

        This is the key used to get the subject from the context in the WS-Security handler.

        See Also:
        Constant Field Values
      • WSSECURITY_MESSAGE_CONTEXT

        static final java.lang.String WSSECURITY_MESSAGE_CONTEXT

        This is the key used to get the message context from the context in the WS-Security handler.

        See Also:
        Constant Field Values
      • WEBSPHERE_SECURITY_CONTEXT

        static final java.lang.String WEBSPHERE_SECURITY_CONTEXT
        See Also:
        Constant Field Values
      • WSSECURITY_PERSIST_CLIENT_SECURITY_CONTEXT

        static final java.lang.String WSSECURITY_PERSIST_CLIENT_SECURITY_CONTEXT
        See Also:
        Constant Field Values
      • WSSECURITY_SECURITY_TOKEN_MANAGER

        static final java.lang.String WSSECURITY_SECURITY_TOKEN_MANAGER

        This is the key used to get the security token manager from the context in the WS-Security handler.

        See Also:
        Constant Field Values
      • WSSECURITY_SIGNATURE_ALGORITHM

        static final java.lang.String WSSECURITY_SIGNATURE_ALGORITHM

        This is the key used when an algorithmURI is for signature processing.

      • WSSECURITY_DIGEST_ALGORITHM

        static final java.lang.String WSSECURITY_DIGEST_ALGORITHM

        This is the key used when an algorithmURI is for digest processing.

      • WSSECURITY_DATA_ENCRYPTION_ALGORITHM

        static final java.lang.String WSSECURITY_DATA_ENCRYPTION_ALGORITHM

        This is the key used when an algorithmURI is for data encryption processing.

      • WSSECURITY_KEY_ENCRYPTION_ALGORITHM

        static final java.lang.String WSSECURITY_KEY_ENCRYPTION_ALGORITHM

        This is the key used when an algorithmURI is for key encryption processing.

      • WSSECURITY_XPATH_EXPRESSION

        static final java.lang.String WSSECURITY_XPATH_EXPRESSION

        This is the key used to specify the XPath expression for XPath transform.

      • WSSECURITY_XPATH2_EXPRESSION

        static final java.lang.String WSSECURITY_XPATH2_EXPRESSION

        This is the key used to specify the XPath expression for XPath filter 2 transform.

      • WSSECURITY_XPATH2_FILTER

        static final java.lang.String WSSECURITY_XPATH2_FILTER

        This is the key used to specify the filter attribute for XPath filter 2.

      • WSSECURITY_XPATH2_ORDER

        static final java.lang.String WSSECURITY_XPATH2_ORDER

        This is the key used to specify the order for XPath filter 2.

      • WSSECURITY_INCLUSIVE_NAMESPACES

        static final java.lang.String WSSECURITY_INCLUSIVE_NAMESPACES

        This is the key used when the <ds:CanonicalizationMethod> element has the <ec:InclusiveNamespaces> element.

      • WSSECURITY_CALLER_TOKEN_NS

        static final java.lang.String WSSECURITY_CALLER_TOKEN_NS

        This is the key used to specify the namespace URI of token consumer.

      • WSSECURITY_CALLER_TOKEN_LN

        static final java.lang.String WSSECURITY_CALLER_TOKEN_LN

        This is the key used to specify the local part of token consumer.

      • WSSECURITY_KEY_REFERENCE

        static final java.lang.String WSSECURITY_KEY_REFERENCE

        This is the key used when reference URI is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoCotent{Generator/Consumer} object to a KeyLocator object. The value of this key MUST be reference URI included in the secure SOAP message.

      • WSSECURITY_KEY_ID

        static final java.lang.String WSSECURITY_KEY_ID

        This is the key used when key identifier is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoCotent{Generator/Consumer} object to a KeyLocator object.

      • WSSECURITY_KEY_THUMBPRINT_REFERENCE

        static final java.lang.String WSSECURITY_KEY_THUMBPRINT_REFERENCE

        This is the key used when thumbprint reference is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoContent{Generator/Consumer} object to a KeyLocator object.

      • WSSECURITY_KEY_NAME

        static final java.lang.String WSSECURITY_KEY_NAME

        This is the key used when the key name or the subject name of X509 certificate is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoCotent{Generator/Consumer} object to a KeyLocator object.

      • WSSECURITY_KEY_EMBID

        static final java.lang.String WSSECURITY_KEY_EMBID

        This is the key used when the identifier to be embedded is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoCotent{Generator/Consumer} object to a KeyLocator object.

      • WSSECURITY_KEY_ISSUERNAME

        static final java.lang.String WSSECURITY_KEY_ISSUERNAME

        This is the key used when the issuer name of X509 certificate is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoCotent{Generator/Consumer} object to a KeyLocator object.

      • WSSECURITY_KEY_ISSUERSERIAL

        static final java.lang.String WSSECURITY_KEY_ISSUERSERIAL

        This is the key used when the issuer serial of X509 certificate is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoCotent{Generator/Consumer} object to a KeyLocator object.

      • WSSECURITY_KEY_NAMEREF

        static final java.lang.String WSSECURITY_KEY_NAMEREF

        This is the key used when key name is passed to a KeyLocator object. The value of this key MUST be specified as the name attribute of <Key> in the WS-Security configuration.

      • WSSECURITY_KEY_TYPE

        static final java.lang.String WSSECURITY_KEY_TYPE

        This is the key used when key type is passed to a KeyLocator object. The value of this key MUST be one of the following.

        1. SigningKey: when getting a key for signature
        2. VerifyingKey: when getting a key for verification
        3. EncryptingKey: when getting a key for encryption
        4. DecryptingKey: when getting a key for decryption

      • WSSECURITY_KEYINFO_TYPE

        static final java.lang.String WSSECURITY_KEYINFO_TYPE

        This is the key used when the type of key information is passed from a TokenGenerator object to a KeyInfoContentGenerator object or from a KeyInfoCotent{Generator/Consumer} object to a KeyLocator object. The value of this key MUST be one of the following.

        1. STRREF: when ds:KeyInfo/wsse:STRReference/wsse:Reference is used
        2. KEYID: when ds:KeyInfo/wsse:STRReference/wsse:KeyIdentifier is used
        3. EMB: when ds:KeyInfo/wsse:STRReference/wsse:Embedded is used
        4. KEYNAME: when ds:KeyInfo/ds:KeyName is used
        5. X509ISSUER: when ds:KeyInfo/wsse:STRReference/ds:X509Data is used

      • WSSECURITY_KEYINFO_UNIQUE_NAME

        static final java.lang.String WSSECURITY_KEYINFO_UNIQUE_NAME

        This is the key used to identify the keyInfo

      • WSSECURITY_KEY_VALUETYPE

        static final java.lang.String WSSECURITY_KEY_VALUETYPE

        This is the key used when the value type of the referenced token is passed to a KeyLocator object.

      • WSSECURITY_KEY_ENCODING

        static final java.lang.String WSSECURITY_KEY_ENCODING

        This is the key used when the encoding of key identifier is passed to a KeyLocator object.

      • WSSECURITY_KEY_IDTYPE

        static final java.lang.String WSSECURITY_KEY_IDTYPE

        This is the key used when the calculation method of key identifier is passed to a KeyLocator object.

      • WSSECURITY_KEY_VALUETYPE_NS

        static final java.lang.String WSSECURITY_KEY_VALUETYPE_NS

        This is the key used to specify the namespace URI of the value type of key identifier.

      • WSSECURITY_KEY_VALUETYPE_LN

        static final java.lang.String WSSECURITY_KEY_VALUETYPE_LN

        This is the key used to specify the local part of the value type of key identifier.

      • WSSECURITY_KEY_ENCODING_NS

        static final java.lang.String WSSECURITY_KEY_ENCODING_NS

        This is the key used to specify the namespace URI of the encoding of key identifier.

      • WSSECURITY_KEY_ENCODING_LN

        static final java.lang.String WSSECURITY_KEY_ENCODING_LN

        This is the key used to specify the local part of the encoding of key identifier.

      • WSSECURITY_KEY_IDTYPE_NS

        static final java.lang.String WSSECURITY_KEY_IDTYPE_NS

        This is the key used to specify the namespace URI of the calculation method of key identifier, if necessary.

      • WSSECURITY_KEY_IDTYPE_LN

        static final java.lang.String WSSECURITY_KEY_IDTYPE_LN

        This is the key used to specify the local part of the calculation method of key identifier, if necessary.

      • WSSECURITY_DAYS_BEFORE_EXPIRE_WARNING_KEYS

        static final java.lang.String WSSECURITY_DAYS_BEFORE_EXPIRE_WARNING_KEYS

        This is the key used to specify the days before key expiration to log warning.

      • WSSECURITY_KEYINFO_TOKEN_REFERENCE

        static final java.lang.String WSSECURITY_KEYINFO_TOKEN_REFERENCE

        This is the key used to specify the days before key expiration to log warning.

      • WSSECURITY_TOKEN_PROCESSED

        static final java.lang.String WSSECURITY_TOKEN_PROCESSED

        This is the key used to specify a list of security tokens created or acquired from the Subject in the LoginModule object. This token list is set on the context map. This list is also set on the shared state for use by downstream consumers.

        Login modules that place the list on the shared state are:

        1. GenericIssuedTokenConsumeLoginModule (7.0.0.25, 8.0.0.5, 8.5.0.1)
        2. KRBConsumeLoginModule (7.0.0.27, 8.0.0.6, 8.5.0.2)
        3. LTPAConsumeLoginModule (7.0.0.27, 8.0.0.6, 8.5.0.2)
        4. SAMLConsumeLoginModule (7.0.0.27, 8.0.0.6, 8.5.0.2)
        5. UNTConsumeLoginModule (7.0.0.27, 8.0.0.6, 8.5.0.2)
        6. X509ConsumeLoginModule (7.0.0.27, 8.0.0.6, 8.5.0.2)

      • WSSECURITY_TOKEN_TO_BE_INSERTED

        static final java.lang.String WSSECURITY_TOKEN_TO_BE_INSERTED

        This is the key used to specify a list of security tokens to be inserted into the message in the the TokenGenerator object. This token list is set on the context map. However, if this list is intended for use by a downstream generator, the list should be put on the shared state.

        Login modules that support obtaining tokens from the shared state are:

        1. SAMLGenerateLoginModule (7.0.0.17, 8.0.0.0, 8.5.0.0)
        2. GenericIssuedTokenGenerateLoginModule (7.0.0.25, 8.0.0.5, 8.5.0.1)
        3. KRBGenerateLoginModule (7.0.0.27, 8.0.0.6, 8.5.0.2)
        4. LTPAGenerateLoginModule (7.0.0.27, 8.0.0.6, 8.5.0.2)
        5. UNTGenerateLoginModule (7.0.0.27, 8.0.0.6, 8.5.0.2)
        6. X509GenerateLoginModule (7.0.0.27, 8.0.0.6, 8.5.0.2)

      • WSSECURITY_TOKENELEMENT_REFERENCED

        static final java.lang.String WSSECURITY_TOKENELEMENT_REFERENCED

        This is the key used to specify the OMNode in the message that is referenced tokens specified with the WSSECURITY_TOKENS_TO_BE_INSERTED property.

      • WSSECURITY_TOKEN_LOGININFO

        static final java.lang.String WSSECURITY_TOKEN_LOGININFO

        This is the key used to specify the security token identified in the TokenGenerator/TokenConsumer object.

      • WSSECURITY_TOKEN_FOR_ERROR_HANDLING

        static final java.lang.String WSSECURITY_TOKEN_FOR_ERROR_HANDLING

        This is the key used to specify the security token used for error handling.

      • WSSECURITY_CALLER_PROCESS_DONE

        static final java.lang.String WSSECURITY_CALLER_PROCESS_DONE

        This is the key used when the caller identification is finished while the LoginProcessor processes.

      • WSSECURITY_CALLER_IDENTITY_CANDIDATES

        static final java.lang.String WSSECURITY_CALLER_IDENTITY_CANDIDATES

        This is the key used to specify the candidates for caller identity.

      • WSSECURITY_TRUSTED_IDENTITY_CANDIDATES

        static final java.lang.String WSSECURITY_TRUSTED_IDENTITY_CANDIDATES

        This is the key used to specify the candidates for trusted identity.

      • WSSECURITY_TRUSTED_IDENTITY_LIST

        static final java.lang.String WSSECURITY_TRUSTED_IDENTITY_LIST

        This is the key used to specify the collection of the trusted identities.

      • WSSECURITY_CALLER_IDENTITY

        static final java.lang.String WSSECURITY_CALLER_IDENTITY

        This is the key used to specify the token for caller identity. If this is null, caller identity is not identified in the stackable caller login modules.

      • WSSECURITY_TRUSTED_IDENTITY

        static final java.lang.String WSSECURITY_TRUSTED_IDENTITY

        This is the key used to specify the token for trusted identity. If this is null, trusted identity is not identified in the stackable caller login modules.

      • WSSECURITY_NONCE_CACHE_TIMEOUT

        static final java.lang.String WSSECURITY_NONCE_CACHE_TIMEOUT

        This is the key used to specify the timeout of nonce cache.

      • WSSECURITY_NONCE_MAX_AGE

        static final java.lang.String WSSECURITY_NONCE_MAX_AGE

        This is the key used to specify the max age of nonce.

      • WSSECURITY_NONCE_CLOCK_SKEW

        static final java.lang.String WSSECURITY_NONCE_CLOCK_SKEW

        This is the key used to specify the clock skew of nonce.

      • WSSECURITY_TIMESTAMP_TIMEOUT

        static final java.lang.String WSSECURITY_TIMESTAMP_TIMEOUT

        This is the key used to specify the timeout of timestamp.

      • WSSECURITY_TIMESTAMP_MAX_AGE

        static final java.lang.String WSSECURITY_TIMESTAMP_MAX_AGE

        This is the key used to specify the max age of timestamp.

      • WSSECURITY_TIMESTAMP_CLOCK_SKEW

        static final java.lang.String WSSECURITY_TIMESTAMP_CLOCK_SKEW

        This is the key used to specify the clock skew of timestamp.

      • WSSECURITY_WSSCONSUMER_CONFIG_KEY

        static final java.lang.String WSSECURITY_WSSCONSUMER_CONFIG_KEY

        This is the key used to specify the WSSConsumerConfig object.

        See Also:
        Constant Field Values
      • WSSECURITY_WSSGENERATOR_CONFIG_KEY

        static final java.lang.String WSSECURITY_WSSGENERATOR_CONFIG_KEY

        This is the key used to specify the WSSGeneratorConfig object.

        See Also:
        Constant Field Values
      • WSSECURITY_RSAOAEP_DIGEST_METHOD

        static final java.lang.String WSSECURITY_RSAOAEP_DIGEST_METHOD

        This is the key used to specify the digest method algorithm URI to be used with RSA-OAEP encryption on the generator side. If not specified, the default is "http://www.w3.org/2000/09/xmldsig#sha1"

      • WSSECURITY_RSAOAEP_PARAMS

        static final java.lang.String WSSECURITY_RSAOAEP_PARAMS

        This is the key used to specify the bytes of the optional OAEPparams element to be used with RSA-OAEP encryption on the generator side. The value is the base64 encoding of the octets to be used. If not specified, the default is a null string.

      • WSSECURITY_SECURECONVERSATION_IDENTIFIER

        static final java.lang.String WSSECURITY_SECURECONVERSATION_IDENTIFIER

        This is the key used to specify the name of the optional MessageContext property to be used with WS-SecureConversation on the generator side. The value is the String.

      • WSSECURITY_SECURECONVERSATION_CACHE_CUSHION

        static final java.lang.String WSSECURITY_SECURECONVERSATION_CACHE_CUSHION

        This is the key used to specify the time in minutes to renew a SecurityContextToken to be used with WS-SecureConversation on the client side, so SCT has enough time to complete down stream call. The value is the String.

      • WSSECURITY_SECURECONVERSATION_CLOCK_SKEW_TOLERANCE

        static final java.lang.String WSSECURITY_SECURECONVERSATION_CLOCK_SKEW_TOLERANCE

        This is the key used to specify the tolerant clock skew time between two machines for a token. Tha value is String.

      • WSSECURITY_MTOM_OPTIMIZE_ENCRYPTED_DATA

        static final java.lang.String WSSECURITY_MTOM_OPTIMIZE_ENCRYPTED_DATA

        This is the key used to specify the encrypted data should be MTOM optimized.

      • ENCRYPTED_HEADER_GENERATE_WSS10

        static final java.lang.String ENCRYPTED_HEADER_GENERATE_WSS10
      • ENCRYPTED_HEADER_GENERATE_WSS11_PRE_FP13

        static final java.lang.String ENCRYPTED_HEADER_GENERATE_WSS11_PRE_FP13
      • WSSECURITY_ENCRYPT_EMPTY_CONTENT

        static final java.lang.String WSSECURITY_ENCRYPT_EMPTY_CONTENT
        This property is used to control whether to encrypt the content of elements that have no children. In V7 and later, we do encrypt such content by default. To avoid encrypting empty content, add a property with this name to the EncryptionInfo of the WS-Security outbound bindings with a value of "false".
      • SUPPRESS_POLICYSET_OVERRIDE_WARNING

        static final java.lang.String SUPPRESS_POLICYSET_OVERRIDE_WARNING
      • DERIVED_KEY_LENGTH

        static final java.lang.String DERIVED_KEY_LENGTH
      • INCLUDE_SCT_IN_RESPONSE

        static final java.lang.String INCLUDE_SCT_IN_RESPONSE
      • INCLUDE_SCT_IN_REQUEST

        static final java.lang.String INCLUDE_SCT_IN_REQUEST
      • WSSECURITY_KRB5TOKEN_LOGINPROMPT

        static final java.lang.String WSSECURITY_KRB5TOKEN_LOGINPROMPT

        This is the key used to prompt for the Web Services' Kerberos Initiator Principal Name. The value can be set to "true. The default is false.

      • WSSECURITY_KRB5TOKEN_CLIENTREALM

        static final java.lang.String WSSECURITY_KRB5TOKEN_CLIENTREALM

        This is the key used to specify the Kerberos realm name associated with the Kerberos client principal. The value is a String

      • WSSECURITY_KRB5TOKEN_SERVICENAME

        static final java.lang.String WSSECURITY_KRB5TOKEN_SERVICENAME

        This is the key used to specify the Kerberos service name associated with the target Web Services. The service name is part of a service principal name(SPN) in the form of service_name/host_name@Kerberos_realm_name The value is a String.

      • WSSECURITY_KRB5TOKEN_SERVICEHOST

        static final java.lang.String WSSECURITY_KRB5TOKEN_SERVICEHOST

        This is the key used to specify the host name associated with Kerberos service name of the target Web Services. The host name is part of a service principal name(SPN) in the form of service_name/host_name@Kerberos_realm_name The value is a String.

      • WSSECURITY_KRB5TOKEN_SERVICEREALM

        static final java.lang.String WSSECURITY_KRB5TOKEN_SERVICEREALM

        This is the key used to specify the Kerberos realm name associated with the Kerberos service name of the target Web Services. The realm name is part of a service principal name(SPN) in the form of service_name/host_name@Kerberos_realm_name The value is a String

      • WSSECURITY_KRB5TOKEN_VALUETYPE

        static final java.lang.String WSSECURITY_KRB5TOKEN_VALUETYPE

        This is the key used to specify the value type associated with the Kerberos token. The value types are defined in the Oasis Kerberos token profile v1.1. The value is a String

      • ENCRYPTED_HEADER_PRE_V7_COMPATIBILITY

        static final java.lang.String ENCRYPTED_HEADER_PRE_V7_COMPATIBILITY

        This property is specified "true" when backward-compatibility is needed instead of compliance with Basic Security Profile rule R5624. Specify this property only when receiver of generated encryption is like some versions prior to V7 that cannot tolerate EncryptedHeader elements that lack an XML Id attribute. When this property is specified "true", EncryptedHeader elements are generated with an XML Id attribute and the contained EncryptedData element omits the Id attribute. V7 tolerates EncrytedHeader elements that lack the Id attribute when the contained EncryptedData element has an Id attribute. Basic Security Profile rule R5624 requires all EncryptedData elements to have an Id attribute. This property only changes the generation of EncryptedHeader elements and the EncryptedData element contained in an EncryptedHeader. Because the EncryptedHeader element is a feature added by version 1.1 of Web Services Security, this property does not affect the generated elements when Web Service Security version 1.0 formats are specified.

      • LTPAV1_TOKEN_GENERATE_PRE_V7

        static final java.lang.String LTPAV1_TOKEN_GENERATE_PRE_V7
      • TOLERATE_WSFP_TRUST_REQUEST

        static final java.lang.String TOLERATE_WSFP_TRUST_REQUEST
      • BASE_TOKEN_REFERENCE

        static final java.lang.String BASE_TOKEN_REFERENCE

        This property is used to share the information between referenced token and derived key token login modules

        See Also:
        Constant Field Values
      • BASE_TOKEN_VALUE_TYPE

        static final java.lang.String BASE_TOKEN_VALUE_TYPE

        This property is used to share the information between referenced token and derived key token login modules

        See Also:
        Constant Field Values
      • INTERNAL_TOKEN_REFERENCE

        static final java.lang.String INTERNAL_TOKEN_REFERENCE

        This property is used to share the information between referenced token and derived key token login modules

        See Also:
        Constant Field Values
      • EXTERNAL_TOKEN_REFERENCE

        static final java.lang.String EXTERNAL_TOKEN_REFERENCE

        This property is used to share the information between referenced token and derived key token login modules

        See Also:
        Constant Field Values
      • BASE_TOKEN_KEY_BYTES

        static final java.lang.String BASE_TOKEN_KEY_BYTES

        This property is used to share the information between referenced token and derived key token login modules

        See Also:
        Constant Field Values
      • BASE_TOKEN_CLIENT_SECRET

        static final java.lang.String BASE_TOKEN_CLIENT_SECRET

        This property is used to share the information between referenced token and derived key token login modules

        See Also:
        Constant Field Values
      • BASE_TOKEN_SERVER_SECRET

        static final java.lang.String BASE_TOKEN_SERVER_SECRET

        This property is used to share the information between referenced token and derived key token login modules

        See Also:
        Constant Field Values
      • BASE_TOKEN_INSTANCE

        static final java.lang.String BASE_TOKEN_INSTANCE

        This property is used to share the information between referenced token and derived key token login modules

        See Also:
        Constant Field Values
      • BASE_TOKEN_IDENTIFIER_TYPE

        static final java.lang.String BASE_TOKEN_IDENTIFIER_TYPE

        This property is used to specify derived key token should reference its base token

        See Also:
        Constant Field Values
      • BASE_TOKEN_IDENTIFIER_ENCODED_TYPE

        static final java.lang.String BASE_TOKEN_IDENTIFIER_ENCODED_TYPE

        This property is used to specify base token identifier is encoded

        See Also:
        Constant Field Values
      • STR_WSSECURITY_MAPPED_DN

        static final java.lang.String STR_WSSECURITY_MAPPED_DN

        This is the key used to specify the mapped principal done by the custom Identity Mapping login module for Kerberos token. The value is a String.

      • ATTACH_KERBEROS_AP_REQUIRED

        static final java.lang.String ATTACH_KERBEROS_AP_REQUIRED

        This is the key used to require the client to send Kerberos APREQ for protection token in each request

      • ATTACH_HASHKEY_SUPPORT_KRB_TOKEN_REQUIRED

        static final java.lang.String ATTACH_HASHKEY_SUPPORT_KRB_TOKEN_REQUIRED

        This is the key used to require the client to send secure hash key of Kerberos APREQ for support (authentication) token in each request

      • WSSECURITY_SET_MUSTUNDERSTAND

        static final java.lang.String WSSECURITY_SET_MUSTUNDERSTAND

        This key is used specify the mustUnderstand setting in the ws-security header. If the value is set to "0", "no", or "false", no mustUnderstand attribute will be set in the ws-security header in outbound consumer requests. The default value is true. In SOAP messages, the default value for the mustUnderstand attribute is "0". According to the SOAP specification, if the intended value for this attribute is "0", it must not be present in the message.

      • WSSECURITY_GET_MUSTUNDERSTAND

        static final java.lang.String WSSECURITY_GET_MUSTUNDERSTAND

        This key is used specify that the provider should always respond with a mustUnderstand="1" attribute in the ws-security header. By default, the response will contain the same mustUnderstand attribute as the request. For instance, if the inbound request has mustUnderstand="1", the response would have mustUnderstand="1". If the request did not have a mustUnderstand attribute, the response would also not have a mustUnderstand attribute. If the value is set to "1", "yes", or "true", the provider will always respond with with mustUnderstand="1" in the ws-security header. The default value is false.

      • DEFAULT_DERIVEDKEY_LABEL

        static final java.lang.String DEFAULT_DERIVEDKEY_LABEL

        This is the default value of the label used for derived key token

      • AVOID_70_BINDINGS_NS_CHECK

        static final java.lang.String AVOID_70_BINDINGS_NS_CHECK
        See Also:
        Constant Field Values
      • PRE_V7_FORMAT_OF_INCLUDING_SCT_IN_MESSAGE

        static final java.lang.String PRE_V7_FORMAT_OF_INCLUDING_SCT_IN_MESSAGE

        To support the Web Services Feature Pack (WebSphere AppServer 6.1)behavior of including SCT in the messages. In Feature Pack, by default, we include SCT in the request but not in the response unless the following properties are set in the token generator configuration. If Constants.INCLUDE_SCT_IN_REQUEST is false, then we do not include in the request. If Constants.INCLUDE_SCT_IN_RESPONSE is true, then we include sct in the response.

      • WSSECURITY_CHECK_OPERATION_LEVEL_POLICIES

        static final java.lang.String WSSECURITY_CHECK_OPERATION_LEVEL_POLICIES

        When consuming the inbound request, if there is no soapAction in the request message, we check to see if there are any policies defined at the operation level. If there are, we don't know which policy to apply since there was no soap action, so we throw an exception. This property will default ON to prevent security exposures. If the value is set to "0", "no", or "false", WSSecurityConsumerHandler will not check for soapAction/operation policies.

      • WSSECURITY_CHECK_HMAC_OUTPUT_LENGTH

        static final java.lang.String WSSECURITY_CHECK_HMAC_OUTPUT_LENGTH

        When consuming the inbound request, if the HMACOutputLength mentioned in the request is less than the pre-defined value (80 bits), we throw exception. This functionality was added in 7003, so this property is being added so that the functionality can be turned off if necessary. This property will default ON to prevent security exposures. If the value is set to "0", "no", or "false", wssecurity consumer processing will not check HMACOutputLength value.

      • BYPASS_HEADER

        static final java.lang.String BYPASS_HEADER

        This key is used to specify that WSS constraints should be ignored when application security is disabled. The value can be set to "1", "yes", or "true". The default value is false.

      • DOM_ELEMENT_ENABLED

        static final java.lang.String DOM_ELEMENT_ENABLED

        The key is used in token generator and consumer bindings custom properties to construct a DOM based SOAP processing element object and make the object available to custom login module for custom security token. The value can be set to "true" or "false". The default value is false. Only if the value is set to true, the Constants.DOM_PROCESSING_ELEMENT key is available.

        See Also:
        Constant Field Values
      • DOM_PROCESSING_ELEMENT

        static final java.lang.String DOM_PROCESSING_ELEMENT

        The key is used to get DOM(Document Object Model) based SOAP processing element object in custom login module for custom security token. Constants.DOM_ELEMENT_ENABLED key must be set to true when the key is used. The processing element object is org.w3c.dom.Element.

        See Also:
        Constant Field Values
      • AXIOM_PROCESSING_ELEMENT

        static final java.lang.String AXIOM_PROCESSING_ELEMENT

        The key is used to get AXIOM based SOAP processing element object in custom login module for custom security token. The processing element object is org.apache.axiom.om.OMElement.

        See Also:
        Constant Field Values
      • CREATE_SECURITY_TOKEN_REFERENCE

        static final java.lang.String CREATE_SECURITY_TOKEN_REFERENCE

        This is the key used to specify the option to create a SecurityTokenReference after SecurityToken is created, and insert it into SOAP security head after the inserted SecurityToken.

        See Also:
        Constant Field Values
      • RETRY_TRUST_AFTER_FAILURE

        static final java.lang.String RETRY_TRUST_AFTER_FAILURE

        This is the key used to specify the option to, after a trust failure, have a signature token consumer reload the trust keystore and attempt the trust validation one additional time. This property is enabled on the PKIPath, PKCS#7, and X.509 token consumer callback handlers

        See Also:
        Constant Field Values
      • REFRESH_LTPA_CREDENTIAL

        static final java.lang.String REFRESH_LTPA_CREDENTIAL

        This is the key used to specify the option to refresh WebSphere security WSCredential to ensure that wsCredential will remain valid for the duration of the request timeout This property is true unless it is set to false.

        See Also:
        Constant Field Values
      • TOKEN_FORWARDABLE

        static final java.lang.String TOKEN_FORWARDABLE

        This is the key used to specify the option to make token propagable This property is true unless it is set to false.

        See Also:
        Constant Field Values
      • REMOVE_SENSITIVE_USER_DATA

        static final java.lang.String REMOVE_SENSITIVE_USER_DATA

        This is the key used to specify the option if sensitive user data should be preserved in SecurityToken before it is added to RunAs subject. This property is true unless it is set to false.

        See Also:
        Constant Field Values
      • REMOVE_AUXILIARY_SECURITY_TOKEN

        static final java.lang.String REMOVE_AUXILIARY_SECURITY_TOKEN

        This is the key used to specify the option if auxiliary SecurityToken, like DerivedKeyToken, should be included in RunAs Subject. This property is true unless it is set to false.

        See Also:
        Constant Field Values
      • CUSTOMER_TOKEN_HOLDER

        static final java.lang.String CUSTOMER_TOKEN_HOLDER

        This key is used to place a token or an list of tokens on the message context for use by token generators and/or token consumers. It is important that, if using a list, that each token in the list have a different value type. If there is more than one token with the same value type, the token retrieved will be indeterminate. There is no default for this property. The value can be a SecurityToken object or an instance of a Map or List of SecurityToken objects.

        See Also:
        Constant Field Values
      • ENABLE_CAPTURE_TOKEN_CONTEXT

        static final java.lang.String ENABLE_CAPTURE_TOKEN_CONTEXT

        This is the key used to specify that a token consumer and/or token generator that is enabled to do so should attempt to obtain its token from the tokenHolder on the message context. This property is false unless it is set to true and is set in the token generator/consumer callback handler custom properties

        See Also:
        Constant Field Values
      • ENABLE_CAPTURE_TOKEN_INBOUND

        static final java.lang.String ENABLE_CAPTURE_TOKEN_INBOUND

        This is the key used to specify that a token consumer and/or token generator that is enabled to do so should attempt to obtain its token from the set of SecurityTokens in the inbound message. If there is more than one token in the inbound message that matches the value type of the token generator, then the token selected will be indeterminate. This property is false unless it is set to true and is set in the token generator/consumer callback handler custom properties.

        See Also:
        Constant Field Values
IBM WebSphere Application ServerTM
Release 8.5