Chapter 5. Quarkus CXF extensions reference

quarkus.cxf.codegen.wsdl2java.enabled

boolean

true

If true wsdl2java code generation is run whenever there are WSDL resources found on default or custom defined locations; otherwise wsdl2java is not executed.

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_ENABLED
Since Quarkus CXF: 2.0.0

quarkus.cxf.codegen.wsdl2java.includes

List of string

A comma separated list of glob patterns for selecting WSDL files which should be processed with wsdl2java tool. The paths are relative to src/main/resources or src/test/resources directories of the current Maven or Gradle module. The glob syntax is specified in io.quarkus.util.GlobUtil.

Examples:

Parameters for foo.wsdl
Parameters for bar.wsdl

# Parameters for foo.wsdl
quarkus.cxf.codegen.wsdl2java.foo-params.includes = wsdl/foo.wsdl
quarkus.cxf.codegen.wsdl2java.foo-params.wsdl-location = wsdl/foo.wsdl
# Parameters for bar.wsdl
quarkus.cxf.codegen.wsdl2java.bar-params.includes = wsdl/bar.wsdl
quarkus.cxf.codegen.wsdl2java.bar-params.wsdl-location = wsdl/bar.wsdl
quarkus.cxf.codegen.wsdl2java.bar-params.xjc = ts

There is no default value for this option, so wsdl2java code generation is disabled by default.

Specifying quarkus.cxf.codegen.wsdl2java.my-name.excludes without setting any includes will cause a build time error.

Make sure that the file sets selected by quarkus.cxf.codegen.wsdl2java.includes and quarkus.cxf.codegen.wsdl2java.[whatever-name].includes do not overlap. Otherwise a build time exception will be thrown.

The files from src/main/resources selected by includes and excludes are automatically included in native image and therefore you do not need to include them via quarkus.cxf.wsdl-path (deprecated) or quarkus.native.resources.includes/excludes.

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_INCLUDES
Since Quarkus CXF: 2.0.0

quarkus.cxf.codegen.wsdl2java.excludes

List of string

A comma separated list of path patterns for selecting WSDL files which should not be processed with wsdl2java tool. The paths are relative to src/main/resources or src/test/resources directories of the current Maven or Gradle module. Same syntax as includes.

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_EXCLUDES
Since Quarkus CXF: 2.0.0

quarkus.cxf.codegen.wsdl2java.output-directory

string

A directory into which the generated files will be written, either absolute or relative to the current Maven or Gradle module directory.

The default value is build tool dependent: for Maven, it is typically target/generated-sources/wsdl2java, while for Gradle it is build/classes/java/quarkus-generated-sources/wsdl2java.

Quarkus tooling is only able to set up the default value as a source folder for the given build tool. If you set this to a custom path it is up to you to make sure that your build tool recognizes the path a as source folder.

Also, if you choose a path outside target directory for Maven or outside build directory for Gradle, you need to take care for cleaning stale resources generated by previous builds. E.g. if you change the value of package-names option from org.foo to org.bar you need to take care for the removal of the removal of the old package org.foo.

This will be passed as option -d to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_OUTPUT_DIRECTORY
Since Quarkus CXF: 2.6.0

quarkus.cxf.codegen.wsdl2java.package-names

List of string

A comma separated list of tokens; each token can be one of the following:

This will be passed as option -p to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_PACKAGE_NAMES
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java.exclude-namespace-uris

List of string

A comma separated list of WSDL schema namespace URIs to ignore when generating Java code.

This will be passed as option -nexclude to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_EXCLUDE_NAMESPACE_URIS
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java.service-name

string

The WSDL service name to use for the generated code.

This will be passed as option -sn to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_SERVICE_NAME
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java.bindings

List of string

A list of paths pointing at JAXWS or JAXB binding files or XMLBeans context files. The path to be either absolute or relative to the current Maven or Gradle module.

This will be passed as option -b to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_BINDINGS
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java.validate

boolean

false

If true, WSDLs are validated before processing; otherwise the WSDLs are not validated.

This will be passed as option -validate to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_VALIDATE
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java.wsdl-location

string

Specifies the value of the @WebServiceClient annotation’s wsdlLocation property.

This will be passed as option -wsdlLocation to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_WSDL_LOCATION
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java.xjc

List of string

A comma separated list of XJC extensions to enable. The following extensions are available through io.quarkiverse.cxf:quarkus-cxf-xjc-plugins dependency:

These values correspond to -wsdl2java options -xjc-Xbg, -xjc-Xbgi, -xjc-Xdv, -xjc-Xjavadoc, -xjc-Xproperty-listener, -xjc-Xts and -xjc-Xwsdlextension respectively.

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_XJC
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java.exception-super

string

java.lang.Exception

A fully qualified class name to use as a superclass for fault beans generated from wsdl:fault elements

This will be passed as option -exceptionSuper to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_EXCEPTION_SUPER
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java.async-methods

List of string

A comma separated list of SEI methods for which asynchronous sibling methods should be generated; similar to enableAsyncMapping in a JAX-WS binding file

This will be passed as option -asyncMethods to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_ASYNC_METHODS
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java.bare-methods

List of string

A comma separated list of SEI methods for which wrapper style sibling methods should be generated; similar to enableWrapperStyle in JAX-WS binding file

This will be passed as option -bareMethods to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_BARE_METHODS
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java.mime-methods

List of string

A comma separated list of SEI methods for which mime:content mapping should be enabled; similar to enableMIMEContent in JAX-WS binding file

This will be passed as option -mimeMethods to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_MIME_METHODS
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java.additional-params

List of string

A comma separated list of additional command line parameters that should be passed to CXF wsdl2java tool along with the files selected by includes and excludes. Example: -keep,-dex,false. Check wsdl2java documentation for all supported options.

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA_ADDITIONAL_PARAMS
Since Quarkus CXF: 2.0.0

quarkus.cxf.java2ws.enabled

boolean

true

If true java2ws WSDL generation is run whenever there are Java classes selected via includes and excludes options; otherwise java2ws is not executed.

Environment variable: QUARKUS_CXF_JAVA2WS_ENABLED
Since Quarkus CXF: 2.0.0

quarkus.cxf.java2ws.includes

List of string

A comma separated list of glob patterns for selecting class names which should be processed with java2ws tool. The glob syntax is specified in io.quarkus.util.GlobUtil. The patterns are matched against fully qualified class names, such as org.acme.MyClass.

The universe of class names to which includes and excludes are applied is defined as follows: 1. Only classes visible in Jandex are considered. 2. From those, only the ones annotated with @WebService are selected.

Examples:

Let’s say that the application contains two classes annotated with @WebService and that both are visible in Jandex. Their names are org.foo.FruitWebService and org.bar.HelloWebService.

Then

Parameters for the foo package
Parameters for the bar package

# Parameters for the foo package
quarkus.cxf.java2ws.foo-params.includes = org.foo.*
quarkus.cxf.java2ws.foo-params.additional-params = -servicename,FruitService
# Parameters for the bar package
quarkus.cxf.java2ws.bar-params.includes = org.bar.*
quarkus.cxf.java2ws.bar-params.additional-params = -servicename,HelloService

There is no default value for this option, so java2ws WSDL generation is effectively disabled by default.

Specifying quarkus.cxf.java2ws.excludes without setting any includes will cause a build time error.

Make sure that the class names selected by quarkus.cxf.java2ws.includes and quarkus.cxf.java2ws.[whatever-name].includes do not overlap. Otherwise a build time exception will be thrown.

If you would like to include the generated WSDL files in native image, you need to add them yourself using quarkus.native.resources.includes/excludes.

Environment variable: QUARKUS_CXF_JAVA2WS_INCLUDES
Since Quarkus CXF: 2.0.0

quarkus.cxf.java2ws.excludes

List of string

A comma separated list of glob patterns for selecting java class names which should not be processed with java2ws tool. Same syntax as includes.

Environment variable: QUARKUS_CXF_JAVA2WS_EXCLUDES
Since Quarkus CXF: 2.0.0

quarkus.cxf.java2ws.additional-params

List of string

A comma separated list of additional command line parameters that should be passed to CXF java2ws tool along with the files selected by includes and excludes. Example: -portname,12345. Check java2ws documentation for all supported options.

Environment variable: QUARKUS_CXF_JAVA2WS_ADDITIONAL_PARAMS
Since Quarkus CXF: 2.0.0

quarkus.cxf.java2ws.wsdl-name-template

string

%CLASSES_DIR%/wsdl/%SIMPLE_CLASS_NAME%.wsdl

A template for the names of generated WSDL files.

There are 4 place holders, which can be used in the template:

Environment variable: QUARKUS_CXF_JAVA2WS_WSDL_NAME_TEMPLATE
Since Quarkus CXF: 2.0.0

quarkus.cxf.path

string

/services

The default path for CXF resources.

Environment variable: QUARKUS_CXF_PATH
Since Quarkus CXF: 1.0.0

quarkus.cxf.min-chunk-size

int

128

The size in bytes of the chunks of memory allocated when writing data.

This is a very advanced setting that should only be set if you understand exactly how it affects the output IO operations of the application.

Environment variable: QUARKUS_CXF_MIN_CHUNK_SIZE
Since Quarkus CXF: 2.6.0

quarkus.cxf.output-buffer-size

int

8191

The size of the output stream response buffer in bytes. If a response is larger than this and no content-length is provided then the response will be chunked.

Larger values may give slight performance increases for large responses, at the expense of more memory usage.

Environment variable: QUARKUS_CXF_OUTPUT_BUFFER_SIZE
Since Quarkus CXF: 2.6.0

quarkus.cxf.http-conduit-factory

QuarkusCXFDefault, CXFDefault, HttpClientHTTPConduitFactory, URLConnectionHTTPConduitFactory

Select the HTTPConduitFactory implementation for all clients except the ones that override this setting via quarkus.cxf.client."client-name".http-conduit-factory.

Environment variable: QUARKUS_CXF_HTTP_CONDUIT_FACTORY
Since Quarkus CXF: 2.3.0

quarkus.cxf.decoupled-endpoint-base

string

An URI base to use as a prefix of quarkus.cxf.client."client-name".decoupled-endpoint. You will typically want to set this to something like the following:

quarkus.cxf.decoupled-endpoint-base = https://api.example.com:${quarkus.http.ssl-port}${quarkus.cxf.path}
# or for plain HTTP
quarkus.cxf.decoupled-endpoint-base = http://api.example.com:${quarkus.http.port}${quarkus.cxf.path}

quarkus.cxf.decoupled-endpoint-base = https://api.example.com:${quarkus.http.ssl-port}${quarkus.cxf.path}
# or for plain HTTP
quarkus.cxf.decoupled-endpoint-base = http://api.example.com:${quarkus.http.port}${quarkus.cxf.path}

If you invoke your WS client from within a HTTP handler, you can leave this option unspecified and rather set it dynamically on the request context of your WS client using the org.apache.cxf.ws.addressing.decoupled.endpoint.base key. Here is an example how to do that from a RESTeasy handler method:

import java.util.Map;
import jakarta.inject.Inject;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.UriInfo;
import jakarta.xml.ws.BindingProvider;
import io.quarkiverse.cxf.annotation.CXFClient;
import org.eclipse.microprofile.config.inject.ConfigProperty;

@Path("/my-rest")
public class MyRestEasyResource {

    @Inject
    @CXFClient("hello")
    HelloService helloService;

    @ConfigProperty(name = "quarkus.cxf.path")
                     String quarkusCxfPath;

    @POST
    @Path("/hello")
    @Produces(MediaType.TEXT_PLAIN)
        public String hello(String body, @Context UriInfo uriInfo) throws IOException {

        // You may consider doing this only once if you are sure that your service is accessed
        // through a single hostname
        String decoupledEndpointBase = uriInfo.getBaseUriBuilder().path(quarkusCxfPath);
        Map>String, Object< requestContext = ((BindingProvider)
        helloService).getRequestContext();
        requestContext.put("org.apache.cxf.ws.addressing.decoupled.endpoint.base",
        decoupledEndpointBase);

        return wsrmHelloService.hello(body);
    }
}

import java.util.Map;
import jakarta.inject.Inject;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.UriInfo;
import jakarta.xml.ws.BindingProvider;
import io.quarkiverse.cxf.annotation.CXFClient;
import org.eclipse.microprofile.config.inject.ConfigProperty;

@Path("/my-rest")
public class MyRestEasyResource {

    @Inject
    @CXFClient("hello")
    HelloService helloService;

    @ConfigProperty(name = "quarkus.cxf.path")
                     String quarkusCxfPath;

    @POST
    @Path("/hello")
    @Produces(MediaType.TEXT_PLAIN)
        public String hello(String body, @Context UriInfo uriInfo) throws IOException {

        // You may consider doing this only once if you are sure that your service is accessed
        // through a single hostname
        String decoupledEndpointBase = uriInfo.getBaseUriBuilder().path(quarkusCxfPath);
        Map>String, Object< requestContext = ((BindingProvider)
        helloService).getRequestContext();
        requestContext.put("org.apache.cxf.ws.addressing.decoupled.endpoint.base",
        decoupledEndpointBase);

        return wsrmHelloService.hello(body);
    }
}

Environment variable: QUARKUS_CXF_DECOUPLED_ENDPOINT_BASE
Since Quarkus CXF: 2.7.0

quarkus.cxf.logging.enabled-for

clients, services, both, none

none

Specifies whether the message logging will be enabled for clients, services, both or none. This setting can be overridden per client or service endpoint using quarkus.cxf.endpoint."/endpoint-path".logging.enabled or quarkus.cxf.client."client-name".logging.enabled respectively.

Environment variable: QUARKUS_CXF_LOGGING_ENABLED_FOR
Since Quarkus CXF: 2.6.0

quarkus.cxf.logging.pretty

boolean

false

If true, the XML elements will be indented in the log; otherwise they will appear unindented. This setting can be overridden per client or service endpoint using quarkus.cxf.endpoint."/endpoint-path".logging.pretty or quarkus.cxf.client."client-name".logging.pretty respectively.

Environment variable: QUARKUS_CXF_LOGGING_PRETTY
Since Quarkus CXF: 2.6.0

quarkus.cxf.logging.limit

int

49152

A message length in bytes at which it is truncated in the log. This setting can be overridden per client or service endpoint using quarkus.cxf.endpoint."/endpoint-path".logging.limit or quarkus.cxf.client."client-name".logging.limit respectively.

Environment variable: QUARKUS_CXF_LOGGING_LIMIT
Since Quarkus CXF: 2.6.0

quarkus.cxf.logging.in-mem-threshold

long

-1

A message length in bytes at which it will be written to disk. -1 is unlimited. This setting can be overridden per client or service endpoint using quarkus.cxf.endpoint."/endpoint-path".logging.in-mem-threshold or quarkus.cxf.client."client-name".logging.in-mem-threshold respectively.

Environment variable: QUARKUS_CXF_LOGGING_IN_MEM_THRESHOLD
Since Quarkus CXF: 2.6.0

quarkus.cxf.logging.log-binary

boolean

false

If true, binary payloads will be logged; otherwise they won’t be logged. This setting can be overridden per client or service endpoint using quarkus.cxf.endpoint."/endpoint-path".logging.log-binary or quarkus.cxf.client."client-name".logging.log-binary respectively.

Environment variable: QUARKUS_CXF_LOGGING_LOG_BINARY
Since Quarkus CXF: 2.6.0

quarkus.cxf.logging.log-multipart

boolean

true

If true, multipart payloads will be logged; otherwise they won’t be logged. This setting can be overridden per client or service endpoint using quarkus.cxf.endpoint."/endpoint-path".logging.log-multipart or quarkus.cxf.client."client-name".logging.log-multipart respectively.

Environment variable: QUARKUS_CXF_LOGGING_LOG_MULTIPART
Since Quarkus CXF: 2.6.0

quarkus.cxf.logging.verbose

boolean

true

If true, verbose logging will be enabled; otherwise it won’t be enabled. This setting can be overridden per client or service endpoint using quarkus.cxf.endpoint."/endpoint-path".logging.verbose or quarkus.cxf.client."client-name".logging.verbose respectively.

Environment variable: QUARKUS_CXF_LOGGING_VERBOSE
Since Quarkus CXF: 2.6.0

quarkus.cxf.logging.in-binary-content-media-types

List of string

A comma separated list of additional binary media types to add to the default values in the LoggingInInterceptor whose content will not be logged unless log-binary is true. This setting can be overridden per client or service endpoint using quarkus.cxf.endpoint."/endpoint-path".logging.in-binary-content-media-types or quarkus.cxf.client."client-name".logging.in-binary-content-media-types respectively.

Environment variable: QUARKUS_CXF_LOGGING_IN_BINARY_CONTENT_MEDIA_TYPES
Since Quarkus CXF: 2.6.0

quarkus.cxf.logging.out-binary-content-media-types

List of string

A comma separated list of additional binary media types to add to the default values in the LoggingOutInterceptor whose content will not be logged unless log-binary is true. This setting can be overridden per client or service endpoint using quarkus.cxf.endpoint."/endpoint-path".logging.out-binary-content-media-types or quarkus.cxf.client."client-name".logging.out-binary-content-media-types respectively.

Environment variable: QUARKUS_CXF_LOGGING_OUT_BINARY_CONTENT_MEDIA_TYPES
Since Quarkus CXF: 2.6.0

quarkus.cxf.logging.binary-content-media-types

List of string

A comma separated list of additional binary media types to add to the default values in the LoggingOutInterceptor and LoggingInInterceptor whose content will not be logged unless log-binary is true. This setting can be overridden per client or service endpoint using quarkus.cxf.endpoint."/endpoint-path".logging.binary-content-media-types or quarkus.cxf.client."client-name".logging.binary-content-media-types respectively.

Environment variable: QUARKUS_CXF_LOGGING_BINARY_CONTENT_MEDIA_TYPES
Since Quarkus CXF: 2.6.0

quarkus.cxf.logging.sensitive-element-names

List of string

A comma separated list of XML elements containing sensitive information to be masked in the log. This setting can be overridden per client or service endpoint using quarkus.cxf.endpoint."/endpoint-path".logging.sensitive-element-names or quarkus.cxf.client."client-name".logging.sensitive-element-names respectively.

Environment variable: QUARKUS_CXF_LOGGING_SENSITIVE_ELEMENT_NAMES
Since Quarkus CXF: 2.6.0

quarkus.cxf.logging.sensitive-protocol-header-names

List of string

A comma separated list of protocol headers containing sensitive information to be masked in the log. This setting can be overridden per client or service endpoint using quarkus.cxf.endpoint."/endpoint-path".logging.sensitive-protocol-header-names or quarkus.cxf.client."client-name".logging.sensitive-protocol-header-names respectively.

Environment variable: QUARKUS_CXF_LOGGING_SENSITIVE_PROTOCOL_HEADER_NAMES
Since Quarkus CXF: 2.6.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".includes

List of string

A comma separated list of glob patterns for selecting WSDL files which should be processed with wsdl2java tool. The paths are relative to src/main/resources or src/test/resources directories of the current Maven or Gradle module. The glob syntax is specified in io.quarkus.util.GlobUtil.

Examples:

Parameters for foo.wsdl
Parameters for bar.wsdl

# Parameters for foo.wsdl
quarkus.cxf.codegen.wsdl2java.foo-params.includes = wsdl/foo.wsdl
quarkus.cxf.codegen.wsdl2java.foo-params.wsdl-location = wsdl/foo.wsdl
# Parameters for bar.wsdl
quarkus.cxf.codegen.wsdl2java.bar-params.includes = wsdl/bar.wsdl
quarkus.cxf.codegen.wsdl2java.bar-params.wsdl-location = wsdl/bar.wsdl
quarkus.cxf.codegen.wsdl2java.bar-params.xjc = ts

There is no default value for this option, so wsdl2java code generation is disabled by default.

Specifying quarkus.cxf.codegen.wsdl2java.my-name.excludes without setting any includes will cause a build time error.

Make sure that the file sets selected by quarkus.cxf.codegen.wsdl2java.includes and quarkus.cxf.codegen.wsdl2java.[whatever-name].includes do not overlap. Otherwise a build time exception will be thrown.

The files from src/main/resources selected by includes and excludes are automatically included in native image and therefore you do not need to include them via quarkus.cxf.wsdl-path (deprecated) or quarkus.native.resources.includes/excludes.

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__INCLUDES
Since Quarkus CXF: 2.0.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".excludes

List of string

A comma separated list of path patterns for selecting WSDL files which should not be processed with wsdl2java tool. The paths are relative to src/main/resources or src/test/resources directories of the current Maven or Gradle module. Same syntax as includes.

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__EXCLUDES
Since Quarkus CXF: 2.0.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".output-directory

string

A directory into which the generated files will be written, either absolute or relative to the current Maven or Gradle module directory.

The default value is build tool dependent: for Maven, it is typically target/generated-sources/wsdl2java, while for Gradle it is build/classes/java/quarkus-generated-sources/wsdl2java.

Quarkus tooling is only able to set up the default value as a source folder for the given build tool. If you set this to a custom path it is up to you to make sure that your build tool recognizes the path a as source folder.

Also, if you choose a path outside target directory for Maven or outside build directory for Gradle, you need to take care for cleaning stale resources generated by previous builds. E.g. if you change the value of package-names option from org.foo to org.bar you need to take care for the removal of the removal of the old package org.foo.

This will be passed as option -d to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__OUTPUT_DIRECTORY
Since Quarkus CXF: 2.6.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".package-names

List of string

A comma separated list of tokens; each token can be one of the following:

This will be passed as option -p to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__PACKAGE_NAMES
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".exclude-namespace-uris

List of string

A comma separated list of WSDL schema namespace URIs to ignore when generating Java code.

This will be passed as option -nexclude to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__EXCLUDE_NAMESPACE_URIS
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".service-name

string

The WSDL service name to use for the generated code.

This will be passed as option -sn to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__SERVICE_NAME
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".bindings

List of string

A list of paths pointing at JAXWS or JAXB binding files or XMLBeans context files. The path to be either absolute or relative to the current Maven or Gradle module.

This will be passed as option -b to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__BINDINGS
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".validate

boolean

false

If true, WSDLs are validated before processing; otherwise the WSDLs are not validated.

This will be passed as option -validate to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__VALIDATE
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".wsdl-location

string

Specifies the value of the @WebServiceClient annotation’s wsdlLocation property.

This will be passed as option -wsdlLocation to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__WSDL_LOCATION
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".xjc

List of string

A comma separated list of XJC extensions to enable. The following extensions are available through io.quarkiverse.cxf:quarkus-cxf-xjc-plugins dependency:

These values correspond to -wsdl2java options -xjc-Xbg, -xjc-Xbgi, -xjc-Xdv, -xjc-Xjavadoc, -xjc-Xproperty-listener, -xjc-Xts and -xjc-Xwsdlextension respectively.

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__XJC
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".exception-super

string

java.lang.Exception

A fully qualified class name to use as a superclass for fault beans generated from wsdl:fault elements

This will be passed as option -exceptionSuper to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__EXCEPTION_SUPER
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".async-methods

List of string

A comma separated list of SEI methods for which asynchronous sibling methods should be generated; similar to enableAsyncMapping in a JAX-WS binding file

This will be passed as option -asyncMethods to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__ASYNC_METHODS
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".bare-methods

List of string

A comma separated list of SEI methods for which wrapper style sibling methods should be generated; similar to enableWrapperStyle in JAX-WS binding file

This will be passed as option -bareMethods to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__BARE_METHODS
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".mime-methods

List of string

A comma separated list of SEI methods for which mime:content mapping should be enabled; similar to enableMIMEContent in JAX-WS binding file

This will be passed as option -mimeMethods to wsdl2java

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__MIME_METHODS
Since Quarkus CXF: 2.4.0

quarkus.cxf.codegen.wsdl2java."named-parameter-sets".additional-params

List of string

A comma separated list of additional command line parameters that should be passed to CXF wsdl2java tool along with the files selected by includes and excludes. Example: -keep,-dex,false. Check wsdl2java documentation for all supported options.

Environment variable: QUARKUS_CXF_CODEGEN_WSDL2JAVA__NAMED_PARAMETER_SETS__ADDITIONAL_PARAMS
Since Quarkus CXF: 2.0.0

quarkus.cxf.java2ws."named-parameter-sets".includes

List of string

A comma separated list of glob patterns for selecting class names which should be processed with java2ws tool. The glob syntax is specified in io.quarkus.util.GlobUtil. The patterns are matched against fully qualified class names, such as org.acme.MyClass.

The universe of class names to which includes and excludes are applied is defined as follows: 1. Only classes visible in Jandex are considered. 2. From those, only the ones annotated with @WebService are selected.

Examples:

Let’s say that the application contains two classes annotated with @WebService and that both are visible in Jandex. Their names are org.foo.FruitWebService and org.bar.HelloWebService.

Then

Parameters for the foo package
Parameters for the bar package

# Parameters for the foo package
quarkus.cxf.java2ws.foo-params.includes = org.foo.*
quarkus.cxf.java2ws.foo-params.additional-params = -servicename,FruitService
# Parameters for the bar package
quarkus.cxf.java2ws.bar-params.includes = org.bar.*
quarkus.cxf.java2ws.bar-params.additional-params = -servicename,HelloService

There is no default value for this option, so java2ws WSDL generation is effectively disabled by default.

Specifying quarkus.cxf.java2ws.excludes without setting any includes will cause a build time error.

Make sure that the class names selected by quarkus.cxf.java2ws.includes and quarkus.cxf.java2ws.[whatever-name].includes do not overlap. Otherwise a build time exception will be thrown.

If you would like to include the generated WSDL files in native image, you need to add them yourself using quarkus.native.resources.includes/excludes.

Environment variable: QUARKUS_CXF_JAVA2WS__NAMED_PARAMETER_SETS__INCLUDES
Since Quarkus CXF: 2.0.0

quarkus.cxf.java2ws."named-parameter-sets".excludes

List of string

A comma separated list of glob patterns for selecting java class names which should not be processed with java2ws tool. Same syntax as includes.

Environment variable: QUARKUS_CXF_JAVA2WS__NAMED_PARAMETER_SETS__EXCLUDES
Since Quarkus CXF: 2.0.0

quarkus.cxf.java2ws."named-parameter-sets".additional-params

List of string

A comma separated list of additional command line parameters that should be passed to CXF java2ws tool along with the files selected by includes and excludes. Example: -portname,12345. Check java2ws documentation for all supported options.

Environment variable: QUARKUS_CXF_JAVA2WS__NAMED_PARAMETER_SETS__ADDITIONAL_PARAMS
Since Quarkus CXF: 2.0.0

quarkus.cxf.java2ws."named-parameter-sets".wsdl-name-template

string

%CLASSES_DIR%/wsdl/%SIMPLE_CLASS_NAME%.wsdl

A template for the names of generated WSDL files.

There are 4 place holders, which can be used in the template:

Environment variable: QUARKUS_CXF_JAVA2WS__NAMED_PARAMETER_SETS__WSDL_NAME_TEMPLATE
Since Quarkus CXF: 2.0.0

quarkus.cxf.client."client-name".service-interface

string

The client service interface class name

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SERVICE_INTERFACE
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".alternative

boolean

false

Indicates whether this is an alternative proxy client configuration. If true, then this configuration is ignored when configuring a client without annotation @CXFClient.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__ALTERNATIVE
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".native.runtime-initialized

boolean

false

If true, the client dynamic proxy class generated by native compiler will be initialized at runtime; otherwise the proxy class will be initialized at build time.

Setting this to true makes sense if your service endpoint interface references some class initialized at runtime in its method signatures. E.g. Say, your service interface has method int add(Operands o) and the Operands class was requested to be initialized at runtime. Then, without setting this configuration parameter to true, the native compiler will throw an exception saying something like Classes that should be initialized at run time got initialized during image building: org.acme.Operands …​ jdk.proxy<some-number>.$Proxy<some-number> caused initialization of this class. jdk.proxy<some-number>.$Proxy<some-number> is the proxy class generated by the native compiler.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__NATIVE_RUNTIME_INITIALIZED
Since Quarkus CXF: 2.0.0

quarkus.cxf.endpoint."/endpoint-path".implementor

string

The service endpoint implementation class

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__IMPLEMENTOR
Since Quarkus CXF: 1.0.0

quarkus.cxf.endpoint."/endpoint-path".wsdl

string

The service endpoint WSDL path

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__WSDL
Since Quarkus CXF: 1.0.0

quarkus.cxf.endpoint."/endpoint-path".soap-binding

string

The URL of the SOAP Binding, should be one of four values:

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SOAP_BINDING
Since Quarkus CXF: 1.0.0

quarkus.cxf.endpoint."/endpoint-path".published-endpoint-url

string

The published service endpoint URL

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__PUBLISHED_ENDPOINT_URL
Since Quarkus CXF: 1.0.0

quarkus.cxf.endpoint."/endpoint-path".logging.enabled

true, false, pretty

If true or pretty, the message logging will be enabled; otherwise it will not be enabled. If the value is pretty (since 2.7.0), the pretty attribute will effectively be set to true. The default is given by quarkus.cxf.logging.enabled-for.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__LOGGING_ENABLED
Since Quarkus CXF: 2.6.0

quarkus.cxf.endpoint."/endpoint-path".logging.pretty

boolean

If true, the XML elements will be indented in the log; otherwise they will appear unindented. The default is given by quarkus.cxf.logging.pretty

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__LOGGING_PRETTY
Since Quarkus CXF: 2.6.0

quarkus.cxf.endpoint."/endpoint-path".logging.limit

int

A message length in bytes at which it is truncated in the log. The default is given by quarkus.cxf.logging.limit

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__LOGGING_LIMIT
Since Quarkus CXF: 2.6.0

quarkus.cxf.endpoint."/endpoint-path".logging.in-mem-threshold

long

A message length in bytes at which it will be written to disk. -1 is unlimited. The default is given by quarkus.cxf.logging.in-mem-threshold

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__LOGGING_IN_MEM_THRESHOLD
Since Quarkus CXF: 2.6.0

quarkus.cxf.endpoint."/endpoint-path".logging.log-binary

boolean

If true, binary payloads will be logged; otherwise they won’t be logged. The default is given by quarkus.cxf.logging.log-binary

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__LOGGING_LOG_BINARY
Since Quarkus CXF: 2.6.0

quarkus.cxf.endpoint."/endpoint-path".logging.log-multipart

boolean

If true, multipart payloads will be logged; otherwise they won’t be logged. The default is given by quarkus.cxf.logging.log-multipart

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__LOGGING_LOG_MULTIPART
Since Quarkus CXF: 2.6.0

quarkus.cxf.endpoint."/endpoint-path".logging.verbose

boolean

If true, verbose logging will be enabled; otherwise it won’t be enabled. The default is given by quarkus.cxf.logging.verbose

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__LOGGING_VERBOSE
Since Quarkus CXF: 2.6.0

quarkus.cxf.endpoint."/endpoint-path".logging.in-binary-content-media-types

List of string

A comma separated list of additional binary media types to add to the default values in the LoggingInInterceptor whose content will not be logged unless log-binary is true. The default is given by quarkus.cxf.logging.in-binary-content-media-types

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__LOGGING_IN_BINARY_CONTENT_MEDIA_TYPES
Since Quarkus CXF: 2.6.0

quarkus.cxf.endpoint."/endpoint-path".logging.out-binary-content-media-types

List of string

A comma separated list of additional binary media types to add to the default values in the LoggingOutInterceptor whose content will not be logged unless log-binary is true. The default is given by quarkus.cxf.logging.out-binary-content-media-types

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__LOGGING_OUT_BINARY_CONTENT_MEDIA_TYPES
Since Quarkus CXF: 2.6.0

quarkus.cxf.endpoint."/endpoint-path".logging.binary-content-media-types

List of string

A comma separated list of additional binary media types to add to the default values in the LoggingOutInterceptor and LoggingInInterceptor whose content will not be logged unless log-binary is true. The default is given by quarkus.cxf.logging.binary-content-media-types

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__LOGGING_BINARY_CONTENT_MEDIA_TYPES
Since Quarkus CXF: 2.6.0

quarkus.cxf.endpoint."/endpoint-path".logging.sensitive-element-names

List of string

A comma separated list of XML elements containing sensitive information to be masked in the log. The default is given by quarkus.cxf.logging.sensitive-element-names

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__LOGGING_SENSITIVE_ELEMENT_NAMES
Since Quarkus CXF: 2.6.0

quarkus.cxf.endpoint."/endpoint-path".logging.sensitive-protocol-header-names

List of string

A comma separated list of protocol headers containing sensitive information to be masked in the log. The default is given by quarkus.cxf.logging.sensitive-protocol-header-names

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__LOGGING_SENSITIVE_PROTOCOL_HEADER_NAMES
Since Quarkus CXF: 2.6.0

quarkus.cxf.endpoint."/endpoint-path".features

List of string

A comma-separated list of fully qualified CXF Feature class names or named CDI beans.

Examples:

quarkus.cxf.endpoint."/hello".features = org.apache.cxf.ext.logging.LoggingFeature
quarkus.cxf.endpoint."/fruit".features = #myCustomLoggingFeature

quarkus.cxf.endpoint."/hello".features = org.apache.cxf.ext.logging.LoggingFeature
quarkus.cxf.endpoint."/fruit".features = #myCustomLoggingFeature

In the second case, the #myCustomLoggingFeature bean can be produced as follows:

import org.apache.cxf.ext.logging.LoggingFeature;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Produces;

class Producers {

    @Produces
    @ApplicationScoped
    LoggingFeature myCustomLoggingFeature() {
        LoggingFeature loggingFeature = new LoggingFeature();
        loggingFeature.setPrettyLogging(true);
        return loggingFeature;
    }
}

import org.apache.cxf.ext.logging.LoggingFeature;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Produces;

class Producers {

    @Produces
    @ApplicationScoped
    LoggingFeature myCustomLoggingFeature() {
        LoggingFeature loggingFeature = new LoggingFeature();
        loggingFeature.setPrettyLogging(true);
        return loggingFeature;
    }
}

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__FEATURES
Since Quarkus CXF: 1.0.0

quarkus.cxf.endpoint."/endpoint-path".handlers

List of string

The comma-separated list of Handler classes

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__HANDLERS
Since Quarkus CXF: 1.0.0

quarkus.cxf.endpoint."/endpoint-path".in-interceptors

List of string

The comma-separated list of InInterceptor classes

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__IN_INTERCEPTORS
Since Quarkus CXF: 1.0.0

quarkus.cxf.endpoint."/endpoint-path".out-interceptors

List of string

The comma-separated list of OutInterceptor classes

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__OUT_INTERCEPTORS
Since Quarkus CXF: 1.0.0

quarkus.cxf.endpoint."/endpoint-path".out-fault-interceptors

List of string

The comma-separated list of OutFaultInterceptor classes

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__OUT_FAULT_INTERCEPTORS
Since Quarkus CXF: 1.0.0

quarkus.cxf.endpoint."/endpoint-path".in-fault-interceptors

List of string

The comma-separated list of InFaultInterceptor classes

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__IN_FAULT_INTERCEPTORS
Since Quarkus CXF: 1.0.0

quarkus.cxf.endpoint."/endpoint-path".schema-validation.enabled-for

in, request, out, response, both, none

Select for which messages XML Schema validation should be enabled. If not specified, no XML Schema validation will be enforced unless it is enabled by other means, such as @org.apache.cxf.annotations.SchemaValidation or @org.apache.cxf.annotations.EndpointProperty(key = "schema-validation-enabled", value = "true") annotations.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SCHEMA_VALIDATION_ENABLED_FOR
Since Quarkus CXF: 2.7.0

quarkus.cxf.client."client-name".wsdl

string

A URL, resource path or local filesystem path pointing to a WSDL document to use when generating the service proxy of this client.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__WSDL
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".soap-binding

string

The URL of the SOAP Binding, should be one of four values:

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SOAP_BINDING
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".client-endpoint-url

string

The client endpoint URL

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__CLIENT_ENDPOINT_URL
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".endpoint-namespace

string

The client endpoint namespace

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__ENDPOINT_NAMESPACE
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".endpoint-name

string

The client endpoint name

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__ENDPOINT_NAME
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".username

string

The username for HTTP Basic authentication

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__USERNAME
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".password

string

The password for HTTP Basic authentication

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__PASSWORD
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".secure-wsdl-access

boolean

false

If true, then the Authentication header will be sent preemptively when requesting the WSDL, as long as the username is set; otherwise the WSDL will be requested anonymously.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURE_WSDL_ACCESS
Since Quarkus CXF: 2.7.0

quarkus.cxf.client."client-name".logging.enabled

true, false, pretty

If true or pretty, the message logging will be enabled; otherwise it will not be enabled. If the value is pretty (since 2.7.0), the pretty attribute will effectively be set to true. The default is given by quarkus.cxf.logging.enabled-for.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__LOGGING_ENABLED
Since Quarkus CXF: 2.6.0

quarkus.cxf.client."client-name".logging.pretty

boolean

If true, the XML elements will be indented in the log; otherwise they will appear unindented. The default is given by quarkus.cxf.logging.pretty

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__LOGGING_PRETTY
Since Quarkus CXF: 2.6.0

quarkus.cxf.client."client-name".logging.limit

int

A message length in bytes at which it is truncated in the log. The default is given by quarkus.cxf.logging.limit

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__LOGGING_LIMIT
Since Quarkus CXF: 2.6.0

quarkus.cxf.client."client-name".logging.in-mem-threshold

long

A message length in bytes at which it will be written to disk. -1 is unlimited. The default is given by quarkus.cxf.logging.in-mem-threshold

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__LOGGING_IN_MEM_THRESHOLD
Since Quarkus CXF: 2.6.0

quarkus.cxf.client."client-name".logging.log-binary

boolean

If true, binary payloads will be logged; otherwise they won’t be logged. The default is given by quarkus.cxf.logging.log-binary

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__LOGGING_LOG_BINARY
Since Quarkus CXF: 2.6.0

quarkus.cxf.client."client-name".logging.log-multipart

boolean

If true, multipart payloads will be logged; otherwise they won’t be logged. The default is given by quarkus.cxf.logging.log-multipart

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__LOGGING_LOG_MULTIPART
Since Quarkus CXF: 2.6.0

quarkus.cxf.client."client-name".logging.verbose

boolean

If true, verbose logging will be enabled; otherwise it won’t be enabled. The default is given by quarkus.cxf.logging.verbose

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__LOGGING_VERBOSE
Since Quarkus CXF: 2.6.0

quarkus.cxf.client."client-name".logging.in-binary-content-media-types

List of string

A comma separated list of additional binary media types to add to the default values in the LoggingInInterceptor whose content will not be logged unless log-binary is true. The default is given by quarkus.cxf.logging.in-binary-content-media-types

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__LOGGING_IN_BINARY_CONTENT_MEDIA_TYPES
Since Quarkus CXF: 2.6.0

quarkus.cxf.client."client-name".logging.out-binary-content-media-types

List of string

A comma separated list of additional binary media types to add to the default values in the LoggingOutInterceptor whose content will not be logged unless log-binary is true. The default is given by quarkus.cxf.logging.out-binary-content-media-types

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__LOGGING_OUT_BINARY_CONTENT_MEDIA_TYPES
Since Quarkus CXF: 2.6.0

quarkus.cxf.client."client-name".logging.binary-content-media-types

List of string

A comma separated list of additional binary media types to add to the default values in the LoggingOutInterceptor and LoggingInInterceptor whose content will not be logged unless log-binary is true. The default is given by quarkus.cxf.logging.binary-content-media-types

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__LOGGING_BINARY_CONTENT_MEDIA_TYPES
Since Quarkus CXF: 2.6.0

quarkus.cxf.client."client-name".logging.sensitive-element-names

List of string

A comma separated list of XML elements containing sensitive information to be masked in the log. The default is given by quarkus.cxf.logging.sensitive-element-names

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__LOGGING_SENSITIVE_ELEMENT_NAMES
Since Quarkus CXF: 2.6.0

quarkus.cxf.client."client-name".logging.sensitive-protocol-header-names

List of string

A comma separated list of protocol headers containing sensitive information to be masked in the log. The default is given by quarkus.cxf.logging.sensitive-protocol-header-names

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__LOGGING_SENSITIVE_PROTOCOL_HEADER_NAMES
Since Quarkus CXF: 2.6.0

quarkus.cxf.client."client-name".features

List of string

A comma-separated list of fully qualified CXF Feature class names.

Example:

quarkus.cxf.endpoint."/my-endpoint".features = org.apache.cxf.ext.logging.LoggingFeature

quarkus.cxf.endpoint."/my-endpoint".features = org.apache.cxf.ext.logging.LoggingFeature

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__FEATURES
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".handlers

List of string

The comma-separated list of Handler classes

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__HANDLERS
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".in-interceptors

List of string

The comma-separated list of InInterceptor classes

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__IN_INTERCEPTORS
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".out-interceptors

List of string

The comma-separated list of OutInterceptor classes

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__OUT_INTERCEPTORS
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".out-fault-interceptors

List of string

The comma-separated list of OutFaultInterceptor classes

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__OUT_FAULT_INTERCEPTORS
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".in-fault-interceptors

List of string

The comma-separated list of InFaultInterceptor classes

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__IN_FAULT_INTERCEPTORS
Since Quarkus CXF: 1.0.0

quarkus.cxf.client."client-name".connection-timeout

long

30000

Specifies the amount of time, in milliseconds, that the consumer will attempt to establish a connection before it times out. 0 is infinite.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__CONNECTION_TIMEOUT
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".receive-timeout

long

60000

Specifies the amount of time, in milliseconds, that the consumer will wait for a response before it times out. 0 is infinite.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__RECEIVE_TIMEOUT
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".connection-request-timeout

long

60000

Specifies the amount of time, in milliseconds, used when requesting a connection from the connection manager(if appliable). 0 is infinite.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__CONNECTION_REQUEST_TIMEOUT
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".auto-redirect

boolean

false

Specifies if the consumer will automatically follow a server issued redirection. (name is not part of standard)

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__AUTO_REDIRECT
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".max-retransmits

int

-1

Specifies the maximum amount of retransmits that are allowed for redirects. Retransmits for authorization is included in the retransmit count. Each redirect may cause another retransmit for a UNAUTHORIZED response code, ie. 401. Any negative number indicates unlimited retransmits, although, loop protection is provided. The default is unlimited. (name is not part of standard)

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__MAX_RETRANSMITS
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".allow-chunking

boolean

true

If true, the client is free to use chunking streams if it wants, but it is not required to use chunking streams. If false, the client must use regular, non-chunked requests in all cases.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__ALLOW_CHUNKING
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".chunking-threshold

int

4096

If AllowChunking is true, this sets the threshold at which messages start getting chunked. Messages under this limit do not get chunked.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__CHUNKING_THRESHOLD
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".chunk-length

int

-1

Specifies the chunk length for a HttpURLConnection. This value is used in java.net.HttpURLConnection.setChunkedStreamingMode(int chunklen). chunklen indicates the number of bytes to write in each chunk. If chunklen is less than or equal to zero, a default value will be used.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__CHUNK_LENGTH
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".accept

string

Specifies the MIME types the client is prepared to handle (e.g., HTML, JPEG, GIF, etc.)

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__ACCEPT
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".accept-language

string

Specifies the language the client desires (e.g., English, French, etc.)

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__ACCEPT_LANGUAGE
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".accept-encoding

string

Specifies the encoding the client is prepared to handle (e.g., gzip)

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__ACCEPT_ENCODING
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".content-type

string

Specifies the content type of the stream being sent in a post request. (this should be text/xml for web services, or can be set to application/x-www-form-urlencoded if the client is sending form data).

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__CONTENT_TYPE
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".host

string

Specifies the Internet host and port number of the resource on which the request is being invoked. This is sent by default based upon the URL. Certain DNS scenarios or application designs may request you to set this, but typically it is not required.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__HOST
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".connection

close, keep-alive

keep-alive

The connection disposition. If close the connection to the server is closed after each request/response dialog. If Keep-Alive the client requests the server to keep the connection open, and if the server honors the keep alive request, the connection is reused. Many servers and proxies do not honor keep-alive requests.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__CONNECTION
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".cache-control

string

Most commonly used to specify no-cache, however the standard supports a dozen or so caching related directives for requests

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__CACHE_CONTROL
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".version

string

auto

HTTP Version used for the connection. The default value auto will use whatever the default is for the HTTPConduit implementation defined via quarkus.cxf.client."client-name".http-conduit-factory. Other possible values: 1.1, 2.

Some of these values might be unsupported by some HTTPConduit implementations.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__VERSION
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".browser-type

string

The value of the User-Agent HTTP header.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__BROWSER_TYPE
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".decoupled-endpoint

string

An URI path (starting with /) or a full URI for the receipt of responses over a separate provider consumer connection. If the value starts with /, then it is prefixed with the base URI configured via quarkus.cxf.client."client-name".decoupled-endpoint-base before being used as a value for the WS-Addressing ReplyTo message header.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__DECOUPLED_ENDPOINT
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".proxy-server

string

Specifies the address of proxy server if one is used.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__PROXY_SERVER
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".proxy-server-port

int

Specifies the port number used by the proxy server.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__PROXY_SERVER_PORT
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".non-proxy-hosts

string

Specifies the list of hostnames that will not use the proxy configuration. Examples:

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__NON_PROXY_HOSTS
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".proxy-server-type

http, socks

http

Specifies the type of the proxy server. Can be either HTTP or SOCKS.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__PROXY_SERVER_TYPE
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".proxy-username

string

Username for the proxy authentication

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__PROXY_USERNAME
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".proxy-password

string

Password for the proxy authentication

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__PROXY_PASSWORD
Since Quarkus CXF: 2.2.3

quarkus.cxf.client."client-name".http-conduit-factory

QuarkusCXFDefault, CXFDefault, HttpClientHTTPConduitFactory, URLConnectionHTTPConduitFactory

Select the HTTPConduitFactory implementation for this client.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__HTTP_CONDUIT_FACTORY
Since Quarkus CXF: 2.3.0

quarkus.cxf.client."client-name".key-store

string

The key store location for this client. The resource is first looked up in the classpath, then in the file system.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__KEY_STORE
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".key-store-password

string

The key store password

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__KEY_STORE_PASSWORD
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".key-store-type

string

JKS

The type of the key store.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__KEY_STORE_TYPE
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".key-password

string

The key password.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__KEY_PASSWORD
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".trust-store

string

The trust store location for this client. The resource is first looked up in the classpath, then in the file system.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__TRUST_STORE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".trust-store-password

string

The trust store password.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__TRUST_STORE_PASSWORD
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".trust-store-type

string

JKS

The type of the trust store.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__TRUST_STORE_TYPE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".hostname-verifier

string

Can be one of the following:

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__HOSTNAME_VERIFIER
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".schema-validation.enabled-for

in, request, out, response, both, none

Select for which messages XML Schema validation should be enabled. If not specified, no XML Schema validation will be enforced unless it is enabled by other means, such as @org.apache.cxf.annotations.SchemaValidation or @org.apache.cxf.annotations.EndpointProperty(key = "schema-validation-enabled", value = "true") annotations.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SCHEMA_VALIDATION_ENABLED_FOR
Since Quarkus CXF: 2.7.0

quarkus.cxf.metrics.enabled-for

clients, services, both, none

both

Specifies whether the metrics collection will be enabled for clients, services, both or none. This global setting can be overridden per client or service endpoint using the quarkus.cxf.client."client-name".metrics.enabled or quarkus.cxf.endpoint."/endpoint-path".metrics.enabled option respectively.

Environment variable: QUARKUS_CXF_METRICS_ENABLED_FOR
Since Quarkus CXF: 2.7.0

quarkus.cxf.client."client-name".metrics.enabled

boolean

true

If true and if quarkus.cxf.metrics.enabled-for is set to both or clients then the MetricsFeature will be added to this client; otherwise the feature will not be added to this client.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__METRICS_ENABLED
Since Quarkus CXF: 2.7.0

quarkus.cxf.endpoint."/endpoint-path".metrics.enabled

boolean

true

If true and if quarkus.cxf.metrics.enabled-for is set to both or services then the MetricsFeature will be added to this service endpoint; otherwise the feature will not be added to this service endpoint.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__METRICS_ENABLED
Since Quarkus CXF: 2.7.0

quarkus.cxf.otel.enabled-for

clients, services, both, none

both

Specifies whether the OpenTelemetry tracing will be enabled for clients, services, both or none. This global setting can be overridden per client or service endpoint using the quarkus.cxf.client."client-name".otel.enabled or quarkus.cxf.endpoint."/endpoint-path".otel.enabled option respectively.

Environment variable: QUARKUS_CXF_OTEL_ENABLED_FOR
Since Quarkus CXF: 2.7.0

quarkus.cxf.client."client-name".otel.enabled

boolean

true

If true and if quarkus.cxf.otel.enabled-for is set to both or clients then the OpenTelemetryClientFeature will be added to this client; otherwise the feature will not be added to this client.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__OTEL_ENABLED
Since Quarkus CXF: 2.7.0

quarkus.cxf.endpoint."/endpoint-path".otel.enabled

boolean

true

If true and if quarkus.cxf.otel.enabled-for is set to both or services then the OpenTelemetryFeature will be added to this service endpoint; otherwise the feature will not be added to this service endpoint.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__OTEL_ENABLED
Since Quarkus CXF: 2.7.0

quarkus.cxf.client."client-name".security.username

string

The user’s name. It is used as follows:

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_USERNAME
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.password

string

The user’s password when a callback-handler is not defined. This is only used for the password in a WS-Security UsernameToken.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_PASSWORD
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.signature.username

string

The user’s name for signature. It is used as the alias name in the keystore to get the user’s cert and private key for signature. If this is not defined, then username is used instead. If that is also not specified, it uses the the default alias set in the properties file referenced by signature.properties. If that’s also not set, and the keystore only contains a single key, that key will be used.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_SIGNATURE_USERNAME
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.signature.password

string

The user’s password for signature when a callback-handler is not defined.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_SIGNATURE_PASSWORD
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.encryption.username

string

The user’s name for encryption. It is used as the alias name in the keystore to get the user’s public key for encryption. If this is not defined, then username is used instead. If that is also not specified, it uses the the default alias set in the properties file referenced by encrypt.properties. If that’s also not set, and the keystore only contains a single key, that key will be used.

For the WS-Security web service provider, the useReqSigCert value can be used to accept (encrypt to) any client whose public key is in the service’s truststore (defined in encrypt.properties).

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ENCRYPTION_USERNAME
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.callback-handler

string

A reference to a javax.security.auth.callback.CallbackHandler bean used to obtain passwords, for both outbound and inbound requests.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CALLBACK_HANDLER
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.saml-callback-handler

string

A reference to a javax.security.auth.callback.CallbackHandler implementation used to construct SAML Assertions.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_SAML_CALLBACK_HANDLER
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.signature.properties

Map<String,String>

The Crypto property configuration to use for signing, if signature.crypto is not set.

Example

[prefix].signature.properties."org.apache.ws.security.crypto.provider" =
org.apache.ws.security.components.crypto.Merlin
[prefix].signature.properties."org.apache.ws.security.crypto.merlin.keystore.password" = password
[prefix].signature.properties."org.apache.ws.security.crypto.merlin.file" = certs/alice.jks

[prefix].signature.properties."org.apache.ws.security.crypto.provider" =
org.apache.ws.security.components.crypto.Merlin
[prefix].signature.properties."org.apache.ws.security.crypto.merlin.keystore.password" = password
[prefix].signature.properties."org.apache.ws.security.crypto.merlin.file" = certs/alice.jks

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_SIGNATURE_PROPERTIES
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.encryption.properties

Map<String,String>

The Crypto property configuration to use for encryption, if encryption.crypto is not set.

Example

[prefix].encryption.properties."org.apache.ws.security.crypto.provider" =
org.apache.ws.security.components.crypto.Merlin
[prefix].encryption.properties."org.apache.ws.security.crypto.merlin.keystore.password" = password
[prefix].encryption.properties."org.apache.ws.security.crypto.merlin.file" = certs/alice.jks

[prefix].encryption.properties."org.apache.ws.security.crypto.provider" =
org.apache.ws.security.components.crypto.Merlin
[prefix].encryption.properties."org.apache.ws.security.crypto.merlin.keystore.password" = password
[prefix].encryption.properties."org.apache.ws.security.crypto.merlin.file" = certs/alice.jks

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ENCRYPTION_PROPERTIES
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.signature.crypto

string

A reference to a org.apache.wss4j.common.crypto.Crypto bean to be used for signature. If not set, signature.properties will be used to configure a Crypto instance.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_SIGNATURE_CRYPTO
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.encryption.crypto

string

A reference to a org.apache.wss4j.common.crypto.Crypto to be used for encryption. If not set, encryption.properties will be used to configure a Crypto instance.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ENCRYPTION_CRYPTO
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.encryption.certificate

string

A message property for prepared X509 certificate to be used for encryption. If this is not defined, then the certificate will be either loaded from the keystore encryption.properties or extracted from request (when WS-Security is used and if encryption.username has value useReqSigCert.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ENCRYPTION_CERTIFICATE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.enable-revocation

boolean

false

If true, Certificate Revocation List (CRL) checking is enabled when verifying trust in a certificate; otherwise it is not enabled.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ENABLE_REVOCATION
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.enable-unsigned-saml-assertion-principal

boolean

false

If true, unsigned SAML assertions will be allowed as SecurityContext Principals; otherwise they won’t be allowed as SecurityContext Principals.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.validate-saml-subject-confirmation

boolean

true

If true, the SubjectConfirmation requirements of a received SAML Token (sender-vouches or holder-of-key) will be validated; otherwise they won’t be validated.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_VALIDATE_SAML_SUBJECT_CONFIRMATION
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.sc-from-jaas-subject

boolean

true

If true, security context can be created from JAAS Subject; otherwise it must not be created from JAAS Subject.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_SC_FROM_JAAS_SUBJECT
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.audience-restriction-validation

boolean

true

If true, then if the SAML Token contains Audience Restriction URIs, one of them must match one of the values in audience.restrictions; otherwise the SAML AudienceRestriction validation is disabled.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_AUDIENCE_RESTRICTION_VALIDATION
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.saml-role-attributename

string

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role

The attribute URI of the SAML AttributeStatement where the role information is stored.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_SAML_ROLE_ATTRIBUTENAME
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.subject-cert-constraints

string

A String of regular expressions (separated by the value specified in security.cert.constraints.separator) which will be applied to the subject DN of the certificate used for signature validation, after trust verification of the certificate chain associated with the certificate.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_SUBJECT_CERT_CONSTRAINTS
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.cert-constraints-separator

string

,

The separator that is used to parse certificate constraints configured in security.subject.cert.constraints

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CERT_CONSTRAINTS_SEPARATOR
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.actor

string

The actor or role name of the wsse:Security header. If this parameter is omitted, the actor name is not set.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ACTOR
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.validate.token

boolean

true

If true, the password of a received UsernameToken will be validated; otherwise it won’t be validated.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_VALIDATE_TOKEN
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.username-token.always.encrypted

boolean

true

Whether to always encrypt UsernameTokens that are defined as a SupportingToken. This should not be set to false in a production environment, as it exposes the password (or the digest of the password) on the wire.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_USERNAME_TOKEN_ALWAYS_ENCRYPTED
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.is-bsp-compliant

boolean

true

If true, the compliance with the Basic Security Profile (BSP) 1.1 will be ensured; otherwise it will not be ensured.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_IS_BSP_COMPLIANT
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.enable.nonce.cache

boolean

If true, the UsernameToken nonces will be cached for both message initiators and recipients; otherwise they won’t be cached for neither message initiators nor recipients. The default is true for message recipients, and false for message initiators.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ENABLE_NONCE_CACHE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.enable.timestamp.cache

boolean

If true, the Timestamp Created Strings (these are only cached in conjunction with a message Signature) will be cached for both message initiators and recipients; otherwise they won’t be cached for neither message initiators nor recipients. The default is true for message recipients, and false for message initiators.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ENABLE_TIMESTAMP_CACHE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.enable.streaming

boolean

false

If true, the new streaming (StAX) implementation of WS-Security is used; otherwise the old DOM implementation is used.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ENABLE_STREAMING
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.return.security.error

boolean

false

If true, detailed security error messages are sent to clients; otherwise the details are omitted and only a generic error message is sent.

The "real" security errors should not be returned to the client in production, as they may leak information about the deployment, or otherwise provide an "oracle" for attacks.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_RETURN_SECURITY_ERROR
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.must-understand

boolean

true

If true, the SOAP mustUnderstand header is included in security headers based on a WS-SecurityPolicy; otherwise the header is always omitted.

Works only with enable.streaming = true - see CXF-8940

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_MUST_UNDERSTAND
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.enable.saml.cache

boolean

If true and in case the token contains a OneTimeUse Condition, the SAML2 Token Identifiers will be cached for both message initiators and recipients; otherwise they won’t be cached for neither message initiators nor recipients. The default is true for message recipients, and false for message initiators.

Caching only applies when either a SamlToken policy is in effect, or a SAML action has been configured for the non-security-policy case.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ENABLE_SAML_CACHE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.store.bytes.in.attachment

boolean

Whether to store bytes (CipherData or BinarySecurityToken) in an attachment. The default is true if MTOM is enabled. Set it to false to BASE-64 encode the bytes and "inlined" them in the message instead. Setting this to true is more efficient, as it means that the BASE-64 encoding step can be skipped. This only applies to the DOM WS-Security stack.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STORE_BYTES_IN_ATTACHMENT
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.swa.encryption.attachment.transform.content

boolean

false

If true, Attachment-Content-Only transform will be used when an Attachment is encrypted via a WS-SecurityPolicy expression; otherwise Attachment-Complete transform will be used when an Attachment is encrypted via a WS-SecurityPolicy expression.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_SWA_ENCRYPTION_ATTACHMENT_TRANSFORM_CONTENT
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.use.str.transform

boolean

true

If true, the STR (Security Token Reference) Transform will be used when (externally) signing a SAML Token; otherwise the STR (Security Token Reference) Transform will not be used.

Some frameworks cannot process the SecurityTokenReference. You may set this false in such cases.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_USE_STR_TRANSFORM
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.add.inclusive.prefixes

boolean

true

If true, an InclusiveNamespaces PrefixList will be added as a CanonicalizationMethod child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS; otherwise the PrefixList will not be added.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ADD_INCLUSIVE_PREFIXES
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.disable.require.client.cert.check

boolean

false

If true, the enforcement of the WS-SecurityPolicy RequireClientCertificate policy will be disabled; otherwise the enforcement of the WS-SecurityPolicy RequireClientCertificate policy is enabled.

Some servers may not do client certificate verification at the start of the SSL handshake, and therefore the client certificates may not be available to the WS-Security layer for policy verification.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_DISABLE_REQUIRE_CLIENT_CERT_CHECK
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.expand.xop.include

boolean

If true, the xop:Include elements will be searched for encryption and signature (on the outbound side) or for signature verification (on the inbound side); otherwise the search won’t happen. This ensures that the actual bytes are signed, and not just the reference. The default is true if MTOM is enabled, otherwise the default is false.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_EXPAND_XOP_INCLUDE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.timestamp.timeToLive

string

300

The time in seconds to add to the Creation value of an incoming Timestamp to determine whether to accept it as valid or not.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_TIMESTAMP_TIMETOLIVE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.timestamp.futureTimeToLive

string

60

The time in seconds in the future within which the Created time of an incoming Timestamp is valid. The default is greater than zero to avoid problems where clocks are slightly askew. Set this to 0 to reject all future-created `Timestamp`s.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_TIMESTAMP_FUTURETIMETOLIVE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.usernametoken.timeToLive

string

300

The time in seconds to append to the Creation value of an incoming UsernameToken to determine whether to accept it as valid or not.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_USERNAMETOKEN_TIMETOLIVE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.usernametoken.futureTimeToLive

string

60

The time in seconds in the future within which the Created time of an incoming UsernameToken is valid. The default is greater than zero to avoid problems where clocks are slightly askew. Set this to 0 to reject all future-created `UsernameToken`s.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_USERNAMETOKEN_FUTURETIMETOLIVE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.spnego.client.action

string

A reference to a org.apache.wss4j.common.spnego.SpnegoClientAction bean to use for SPNEGO. This allows the user to plug in a different implementation to obtain a service ticket.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_SPNEGO_CLIENT_ACTION
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.nonce.cache.instance

string

A reference to a org.apache.wss4j.common.cache.ReplayCache bean used to cache UsernameToken nonces. A org.apache.wss4j.common.cache.EHCacheReplayCache instance is used by default.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_NONCE_CACHE_INSTANCE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.timestamp.cache.instance

string

A reference to a org.apache.wss4j.common.cache.ReplayCache bean used to cache Timestamp Created Strings. A org.apache.wss4j.common.cache.EHCacheReplayCache instance is used by default.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_TIMESTAMP_CACHE_INSTANCE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.saml.cache.instance

string

A reference to a org.apache.wss4j.common.cache.ReplayCache bean used to cache SAML2 Token Identifier Strings (if the token contains a OneTimeUse condition). A org.apache.wss4j.common.cache.EHCacheReplayCache instance is used by default.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_SAML_CACHE_INSTANCE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.cache.config.file

string

Set this property to point to a configuration file for the underlying caching implementation for the TokenStore. The default configuration file that is used is cxf-ehcache.xml in org.apache.cxf:cxf-rt-security JAR.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CACHE_CONFIG_FILE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.token-store-cache-instance

string

A reference to a org.apache.cxf.ws.security.tokenstore.TokenStore bean to use for caching security tokens. By default this uses a instance.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_TOKEN_STORE_CACHE_INSTANCE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.cache.identifier

string

The Cache Identifier to use with the TokenStore. CXF uses the following key to retrieve a token store: org.apache.cxf.ws.security.tokenstore.TokenStore-<identifier>. This key can be used to configure service-specific cache configuration. If the identifier does not match, then it falls back to a cache configuration with key org.apache.cxf.ws.security.tokenstore.TokenStore.

The default <identifier> is the QName of the service in question. However to pick up a custom cache configuration (for example, if you want to specify a TokenStore per-client proxy), it can be configured with this identifier instead.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CACHE_IDENTIFIER
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.role.classifier

string

The Subject Role Classifier to use. If one of the WSS4J Validators returns a JAAS Subject from Validation, then the WSS4JInInterceptor will attempt to create a SecurityContext based on this Subject. If this value is not specified, then it tries to get roles using the DefaultSecurityContext in org.apache.cxf:cxf-core. Otherwise it uses this value in combination with the role.classifier.type to get the roles from the Subject.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ROLE_CLASSIFIER
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.role.classifier.type

string

prefix

The Subject Role Classifier Type to use. If one of the WSS4J Validators returns a JAAS Subject from Validation, then the WSS4JInInterceptor will attempt to create a SecurityContext based on this Subject. Currently accepted values are prefix or classname. Must be used in conjunction with the role.classifier.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ROLE_CLASSIFIER_TYPE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.asymmetric.signature.algorithm

string

This configuration tag allows the user to override the default Asymmetric Signature algorithm (RSA-SHA1) for use in WS-SecurityPolicy, as the WS-SecurityPolicy specification does not allow the use of other algorithms at present.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_ASYMMETRIC_SIGNATURE_ALGORITHM
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.symmetric.signature.algorithm

string

This configuration tag allows the user to override the default Symmetric Signature algorithm (HMAC-SHA1) for use in WS-SecurityPolicy, as the WS-SecurityPolicy specification does not allow the use of other algorithms at present.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_SYMMETRIC_SIGNATURE_ALGORITHM
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.password.encryptor.instance

string

A reference to a org.apache.wss4j.common.crypto.PasswordEncryptor bean, which is used to encrypt or decrypt passwords in the Merlin Crypto implementation (or any custom Crypto implementations).

By default, WSS4J uses the org.apache.wss4j.common.crypto.JasyptPasswordEncryptor which must be instantiated with a password to use to decrypt keystore passwords in the Merlin Crypto definition. This password is obtained via the CallbackHandler defined via callback-handler

The encrypted passwords must be stored in the format "ENC(encoded encrypted password)".

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_PASSWORD_ENCRYPTOR_INSTANCE
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.delegated.credential

string

A reference to a Kerberos org.ietf.jgss.GSSCredential bean to use for WS-Security. This is used to retrieve a service ticket instead of using the client credentials.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_DELEGATED_CREDENTIAL
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.security.context.creator

string

A reference to a org.apache.cxf.ws.security.wss4j.WSS4JSecurityContextCreator bean that is used to create a CXF SecurityContext from the set of WSS4J processing results. The default implementation is org.apache.cxf.ws.security.wss4j.DefaultWSS4JSecurityContextCreator.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_SECURITY_CONTEXT_CREATOR
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.security.token.lifetime

long

300000

The security token lifetime value (in milliseconds).

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_SECURITY_TOKEN_LIFETIME
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.kerberos.request.credential.delegation

boolean

false

If true, credential delegation is requested in the KerberosClient; otherwise the credential delegation is not in the KerberosClient.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_KERBEROS_REQUEST_CREDENTIAL_DELEGATION
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.kerberos.use.credential.delegation

boolean

false

If true, GSSCredential bean is retrieved from the Message Context using the delegated.credential property and then it is used to obtain a service ticket.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_KERBEROS_USE_CREDENTIAL_DELEGATION
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.kerberos.is.username.in.servicename.form

boolean

false

If true, the Kerberos username is in servicename form; otherwise the Kerberos username is not in servicename form.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.kerberos.jaas.context

string

The JAAS Context name to use for Kerberos.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_KERBEROS_JAAS_CONTEXT
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.kerberos.spn

string

The Kerberos Service Provider Name (spn) to use.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_KERBEROS_SPN
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.kerberos.client

string

A reference to a org.apache.cxf.ws.security.kerberos.KerberosClient bean used to obtain a service ticket.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_KERBEROS_CLIENT
Since Quarkus CXF: 2.5.0

quarkus.cxf.client."client-name".security.custom.digest.algorithm

string

http://www.w3.org/2001/04/xmlenc#sha256

The Digest Algorithm to set on the org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType. This value is only taken into account if the current security policy has set CustomAlgorithmSuite as an AlgorithmSuite, for instance

<wsp:Policy wsu:Id="SecurityServiceEncryptThenSignPolicy"
  xmlns:wsp="http://www.w3.org/ns/ws-policy"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
  <wsp:ExactlyOne>
    <wsp:All>
      <sp:AsymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
        <wsp:Policy>
          ...
          <sp:AlgorithmSuite>
            <wsp:Policy>
              <sp:CustomAlgorithmSuite/>
            </wsp:Policy>
          </sp:AlgorithmSuite>
          ...
        </wsp:Policy>
      </sp:AsymmetricBinding>
      ...
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

<wsp:Policy wsu:Id="SecurityServiceEncryptThenSignPolicy"
  xmlns:wsp="http://www.w3.org/ns/ws-policy"
  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
  <wsp:ExactlyOne>
    <wsp:All>
      <sp:AsymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
        <wsp:Policy>
          ...
          <sp:AlgorithmSuite>
            <wsp:Policy>
              <sp:CustomAlgorithmSuite/>
            </wsp:Policy>
          </sp:AlgorithmSuite>
          ...
        </wsp:Policy>
      </sp:AsymmetricBinding>
      ...
    </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

For more information about algorithms, see WS-SecurityPolicy 1.2 specification and the Algorithms section of XML Encryption Syntax and Processing Specification.

CustomAlgorithmSuite and the *.security.custom.* family of options were introduced to make it possible to run CXF SOAP clients and services on systems with FIPS assertions enabled.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CUSTOM_DIGEST_ALGORITHM
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".security.custom.encryption.algorithm

string

http://www.w3.org/2009/xmlenc11#aes256-gcm

The Encryption Algorithm to set on the org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType. This value is only taken into account if the current security policy has set CustomAlgorithmSuite as an AlgorithmSuite

For more information about algorithms, see WS-SecurityPolicy 1.2 specification and the Algorithms section of XML Encryption Syntax and Processing Specification.

CustomAlgorithmSuite and the *.security.custom.* family of options were introduced to make it possible to run CXF SOAP clients and services on systems with FIPS assertions enabled.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CUSTOM_ENCRYPTION_ALGORITHM
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".security.custom.symmetric.key.encryption.algorithm

string

http://www.w3.org/2001/04/xmlenc#kw-aes256

The Symmetric Key Encryption Algorithm to set on the org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType. This value is only taken into account if the current security policy has set CustomAlgorithmSuite as an AlgorithmSuite

For more information about algorithms, see WS-SecurityPolicy 1.2 specification and the Algorithms section of XML Encryption Syntax and Processing Specification.

CustomAlgorithmSuite and the *.security.custom.* family of options were introduced to make it possible to run CXF SOAP clients and services on systems with FIPS assertions enabled.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CUSTOM_SYMMETRIC_KEY_ENCRYPTION_ALGORITHM
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".security.custom.asymmetric.key.encryption.algorithm

string

http://www.w3.org/2001/04/xmlenc#rsa-1_5

The Asymmetric Key Encryption Algorithm to set on the org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType. This value is only taken into account if the current security policy has set CustomAlgorithmSuite as an AlgorithmSuite

For more information about algorithms, see WS-SecurityPolicy 1.2 specification and the Algorithms section of XML Encryption Syntax and Processing Specification.

CustomAlgorithmSuite and the *.security.custom.* family of options were introduced to make it possible to run CXF SOAP clients and services on systems with FIPS assertions enabled.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CUSTOM_ASYMMETRIC_KEY_ENCRYPTION_ALGORITHM
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".security.custom.encryption.key.derivation

string

http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1

The Encryption Key Derivation to set on the org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType. This value is only taken into account if the current security policy has set CustomAlgorithmSuite as an AlgorithmSuite

For more information about algorithms, see WS-SecurityPolicy 1.2 specification and the Algorithms section of XML Encryption Syntax and Processing Specification.

CustomAlgorithmSuite and the *.security.custom.* family of options were introduced to make it possible to run CXF SOAP clients and services on systems with FIPS assertions enabled.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CUSTOM_ENCRYPTION_KEY_DERIVATION
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".security.custom.signature.key.derivation

string

http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1

The Signature Key Derivation to set on the org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType. This value is only taken into account if the current security policy has set CustomAlgorithmSuite as an AlgorithmSuite

For more information about algorithms, see WS-SecurityPolicy 1.2 specification and the Algorithms section of XML Encryption Syntax and Processing Specification.

CustomAlgorithmSuite and the *.security.custom.* family of options were introduced to make it possible to run CXF SOAP clients and services on systems with FIPS assertions enabled.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CUSTOM_SIGNATURE_KEY_DERIVATION
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".security.custom.encryption.derived.key.length

int

256

The Encryption Derived Key Length (number of bits) to set on the org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType. This value is only taken into account if the current security policy has set CustomAlgorithmSuite as an AlgorithmSuite

For more information about algorithms, see WS-SecurityPolicy 1.2 specification and the Algorithms section of XML Encryption Syntax and Processing Specification.

CustomAlgorithmSuite and the *.security.custom.* family of options were introduced to make it possible to run CXF SOAP clients and services on systems with FIPS assertions enabled.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CUSTOM_ENCRYPTION_DERIVED_KEY_LENGTH
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".security.custom.signature.derived.key.length

int

192

The Signature Derived Key Length (number of bits) to set on the org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType. This value is only taken into account if the current security policy has set CustomAlgorithmSuite as an AlgorithmSuite

For more information about algorithms, see WS-SecurityPolicy 1.2 specification and the Algorithms section of XML Encryption Syntax and Processing Specification.

CustomAlgorithmSuite and the *.security.custom.* family of options were introduced to make it possible to run CXF SOAP clients and services on systems with FIPS assertions enabled.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CUSTOM_SIGNATURE_DERIVED_KEY_LENGTH
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".security.custom.minimum.symmetric.key.length

int

256

The Minimum Symmetric Key Length (number of bits) to set on the org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType. This value is only taken into account if the current security policy has set CustomAlgorithmSuite as an AlgorithmSuite

For more information about algorithms, see WS-SecurityPolicy 1.2 specification and the Algorithms section of XML Encryption Syntax and Processing Specification.

CustomAlgorithmSuite and the *.security.custom.* family of options were introduced to make it possible to run CXF SOAP clients and services on systems with FIPS assertions enabled.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CUSTOM_MINIMUM_SYMMETRIC_KEY_LENGTH
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".security.custom.maximum.symmetric.key.length

int

256

The Maximum Symmetric Key Length to set on the org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType. This value is only taken into account if the current security policy has set CustomAlgorithmSuite as an AlgorithmSuite

For more information about algorithms, see WS-SecurityPolicy 1.2 specification and the Algorithms section of XML Encryption Syntax and Processing Specification.

CustomAlgorithmSuite and the *.security.custom.* family of options were introduced to make it possible to run CXF SOAP clients and services on systems with FIPS assertions enabled.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CUSTOM_MAXIMUM_SYMMETRIC_KEY_LENGTH
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".security.custom.minimum.asymmetric.key.length

int

1024

The Minimum Symmetric Key Length (number of bits) to set on the org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType. This value is only taken into account if the current security policy has set CustomAlgorithmSuite as an AlgorithmSuite

For more information about algorithms, see WS-SecurityPolicy 1.2 specification and the Algorithms section of XML Encryption Syntax and Processing Specification.

CustomAlgorithmSuite and the *.security.custom.* family of options were introduced to make it possible to run CXF SOAP clients and services on systems with FIPS assertions enabled.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CUSTOM_MINIMUM_ASYMMETRIC_KEY_LENGTH
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".security.custom.maximum.asymmetric.key.length

int

4096

The Maximum Symmetric Key Length (number of bits) to set on the org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType. This value is only taken into account if the current security policy has set CustomAlgorithmSuite as an AlgorithmSuite

For more information about algorithms, see WS-SecurityPolicy 1.2 specification and the Algorithms section of XML Encryption Syntax and Processing Specification.

CustomAlgorithmSuite and the *.security.custom.* family of options were introduced to make it possible to run CXF SOAP clients and services on systems with FIPS assertions enabled.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_CUSTOM_MAXIMUM_ASYMMETRIC_KEY_LENGTH
Since Quarkus CXF: 3.8.1

quarkus.cxf.client."client-name".security.sts.client

string

A reference to a fully configured org.apache.cxf.ws.security.trust.STSClient bean to communicate with the STS. If not set, the STS client will be created and configured based on other [prefix].security.sts.client.* properties as long as they are available.

To work around the fact that org.apache.cxf.ws.security.trust.STSClient does not have a no-args constructor and cannot thus be used as a CDI bean type, you can use the wrapper class io.quarkiverse.cxf.ws.security.sts.client.STSClientBean instead.

Tip: Check the Security Token Service (STS) extension page for more information about WS-Trust.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STS_CLIENT
Since Quarkus CXF: 3.8.0

quarkus.cxf.client."client-name".security.sts.client.wsdl

string

A URL, resource path or local filesystem path pointing to a WSDL document to use when generating the service proxy of the STS client.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STS_CLIENT_WSDL
Since Quarkus CXF: 3.8.0

quarkus.cxf.client."client-name".security.sts.client.service-name

string

A fully qualified name of the STS service. Common values include:

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STS_CLIENT_SERVICE_NAME
Since Quarkus CXF: 3.8.0

quarkus.cxf.client."client-name".security.sts.client.endpoint-name

string

A fully qualified name of the STS endpoint name. Common values include:

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STS_CLIENT_ENDPOINT_NAME
Since Quarkus CXF: 3.8.0

quarkus.cxf.client."client-name".security.sts.client.username

string

The user name to use when authenticating against the STS. It is used as follows:

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STS_CLIENT_USERNAME
Since Quarkus CXF: 3.8.0

quarkus.cxf.client."client-name".security.sts.client.password

string

The password associated with the username.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STS_CLIENT_PASSWORD
Since Quarkus CXF: 3.8.0

quarkus.cxf.client."client-name".security.sts.client.encryption.username

string

The user’s name for encryption. It is used as the alias name in the keystore to get the user’s public key for encryption. If this is not defined, then username is used instead. If that is also not specified, it uses the the default alias set in the properties file referenced by encrypt.properties. If that’s also not set, and the keystore only contains a single key, that key will be used.

For the WS-Security web service provider, the useReqSigCert value can be used to accept (encrypt to) any client whose public key is in the service’s truststore (defined in encrypt.properties).

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STS_CLIENT_ENCRYPTION_USERNAME
Since Quarkus CXF: 3.8.0

quarkus.cxf.client."client-name".security.sts.client.encryption.properties

Map<String,String>

The Crypto property configuration to use for encryption, if encryption.crypto is not set.

Example

[prefix].encryption.properties."org.apache.ws.security.crypto.provider" =
org.apache.ws.security.components.crypto.Merlin
[prefix].encryption.properties."org.apache.ws.security.crypto.merlin.keystore.password" = password
[prefix].encryption.properties."org.apache.ws.security.crypto.merlin.file" = certs/alice.jks

[prefix].encryption.properties."org.apache.ws.security.crypto.provider" =
org.apache.ws.security.components.crypto.Merlin
[prefix].encryption.properties."org.apache.ws.security.crypto.merlin.keystore.password" = password
[prefix].encryption.properties."org.apache.ws.security.crypto.merlin.file" = certs/alice.jks

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STS_CLIENT_ENCRYPTION_PROPERTIES
Since Quarkus CXF: 3.8.0

quarkus.cxf.client."client-name".security.sts.client.encryption.crypto

string

A reference to a org.apache.wss4j.common.crypto.Crypto to be used for encryption. If not set, encryption.properties will be used to configure a Crypto instance.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STS_CLIENT_ENCRYPTION_CRYPTO
Since Quarkus CXF: 3.8.0

quarkus.cxf.client."client-name".security.sts.client.token.crypto

string

A reference to a org.apache.wss4j.common.crypto.Crypto to be used for the STS. If not set, token.properties will be used to configure a Crypto instance.

WCF’s trust server sometimes will encrypt the token in the response IN ADDITION TO the full security on the message. These properties control the way the STS client will decrypt the EncryptedData elements in the response.

These are also used by the token.properties to send/process any RSA/DSAKeyValue tokens used if the KeyType is PublicKey

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STS_CLIENT_TOKEN_CRYPTO
Since Quarkus CXF: 3.8.0

quarkus.cxf.client."client-name".security.sts.client.token.properties

Map<String,String>

The Crypto property configuration to use for encryption, if encryption.crypto is not set.

Example

[prefix].token.properties."org.apache.ws.security.crypto.provider" = org.apache.ws.security.components.crypto.Merlin
[prefix].token.properties."org.apache.ws.security.crypto.merlin.keystore.password" = password
[prefix].token.properties."org.apache.ws.security.crypto.merlin.file" = certs/alice.jks

[prefix].token.properties."org.apache.ws.security.crypto.provider" = org.apache.ws.security.components.crypto.Merlin
[prefix].token.properties."org.apache.ws.security.crypto.merlin.keystore.password" = password
[prefix].token.properties."org.apache.ws.security.crypto.merlin.file" = certs/alice.jks

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STS_CLIENT_TOKEN_PROPERTIES
Since Quarkus CXF: 3.8.0

quarkus.cxf.client."client-name".security.sts.client.token.username

string

The alias name in the keystore to get the user’s public key to send to the STS for the PublicKey KeyType case.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STS_CLIENT_TOKEN_USERNAME
Since Quarkus CXF: 3.8.0

quarkus.cxf.client."client-name".security.sts.client.token.usecert

boolean

false

Whether to write out an X509Certificate structure in UseKey/KeyInfo, or whether to write out a KeyValue structure.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STS_CLIENT_TOKEN_USECERT
Since Quarkus CXF: 3.8.0

quarkus.cxf.client."client-name".security.sts.client.soap12-binding

boolean

false

If true the STS client will be set to send Soap 1.2 messages; otherwise it will send SOAP 1.1 messages.

Environment variable: QUARKUS_CXF_CLIENT__CLIENT_NAME__SECURITY_STS_CLIENT_SOAP12_BINDING
Since Quarkus CXF: 3.8.0

quarkus.cxf.endpoint."/endpoint-path".security.username

string

The user’s name. It is used as follows:

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_USERNAME
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.password

string

The user’s password when a callback-handler is not defined. This is only used for the password in a WS-Security UsernameToken.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_PASSWORD
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.signature.username

string

The user’s name for signature. It is used as the alias name in the keystore to get the user’s cert and private key for signature. If this is not defined, then username is used instead. If that is also not specified, it uses the the default alias set in the properties file referenced by signature.properties. If that’s also not set, and the keystore only contains a single key, that key will be used.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_SIGNATURE_USERNAME
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.signature.password

string

The user’s password for signature when a callback-handler is not defined.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_SIGNATURE_PASSWORD
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.encryption.username

string

The user’s name for encryption. It is used as the alias name in the keystore to get the user’s public key for encryption. If this is not defined, then username is used instead. If that is also not specified, it uses the the default alias set in the properties file referenced by encrypt.properties. If that’s also not set, and the keystore only contains a single key, that key will be used.

For the WS-Security web service provider, the useReqSigCert value can be used to accept (encrypt to) any client whose public key is in the service’s truststore (defined in encrypt.properties).

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_ENCRYPTION_USERNAME
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.callback-handler

string

A reference to a javax.security.auth.callback.CallbackHandler bean used to obtain passwords, for both outbound and inbound requests.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_CALLBACK_HANDLER
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.saml-callback-handler

string

A reference to a javax.security.auth.callback.CallbackHandler implementation used to construct SAML Assertions.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_SAML_CALLBACK_HANDLER
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.signature.properties

Map<String,String>

The Crypto property configuration to use for signing, if signature.crypto is not set.

Example

[prefix].signature.properties."org.apache.ws.security.crypto.provider" =
org.apache.ws.security.components.crypto.Merlin
[prefix].signature.properties."org.apache.ws.security.crypto.merlin.keystore.password" = password
[prefix].signature.properties."org.apache.ws.security.crypto.merlin.file" = certs/alice.jks

[prefix].signature.properties."org.apache.ws.security.crypto.provider" =
org.apache.ws.security.components.crypto.Merlin
[prefix].signature.properties."org.apache.ws.security.crypto.merlin.keystore.password" = password
[prefix].signature.properties."org.apache.ws.security.crypto.merlin.file" = certs/alice.jks

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_SIGNATURE_PROPERTIES
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.encryption.properties

Map<String,String>

The Crypto property configuration to use for encryption, if encryption.crypto is not set.

Example

[prefix].encryption.properties."org.apache.ws.security.crypto.provider" =
org.apache.ws.security.components.crypto.Merlin
[prefix].encryption.properties."org.apache.ws.security.crypto.merlin.keystore.password" = password
[prefix].encryption.properties."org.apache.ws.security.crypto.merlin.file" = certs/alice.jks

[prefix].encryption.properties."org.apache.ws.security.crypto.provider" =
org.apache.ws.security.components.crypto.Merlin
[prefix].encryption.properties."org.apache.ws.security.crypto.merlin.keystore.password" = password
[prefix].encryption.properties."org.apache.ws.security.crypto.merlin.file" = certs/alice.jks

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_ENCRYPTION_PROPERTIES
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.signature.crypto

string

A reference to a org.apache.wss4j.common.crypto.Crypto bean to be used for signature. If not set, signature.properties will be used to configure a Crypto instance.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_SIGNATURE_CRYPTO
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.encryption.crypto

string

A reference to a org.apache.wss4j.common.crypto.Crypto to be used for encryption. If not set, encryption.properties will be used to configure a Crypto instance.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_ENCRYPTION_CRYPTO
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.encryption.certificate

string

A message property for prepared X509 certificate to be used for encryption. If this is not defined, then the certificate will be either loaded from the keystore encryption.properties or extracted from request (when WS-Security is used and if encryption.username has value useReqSigCert.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_ENCRYPTION_CERTIFICATE
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.enable-revocation

boolean

false

If true, Certificate Revocation List (CRL) checking is enabled when verifying trust in a certificate; otherwise it is not enabled.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_ENABLE_REVOCATION
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.enable-unsigned-saml-assertion-principal

boolean

false

If true, unsigned SAML assertions will be allowed as SecurityContext Principals; otherwise they won’t be allowed as SecurityContext Principals.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.validate-saml-subject-confirmation

boolean

true

If true, the SubjectConfirmation requirements of a received SAML Token (sender-vouches or holder-of-key) will be validated; otherwise they won’t be validated.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_VALIDATE_SAML_SUBJECT_CONFIRMATION
Since Quarkus CXF: 2.5.0

quarkus.cxf.endpoint."/endpoint-path".security.sc-from-jaas-subject

boolean

true

If true, security context can be created from JAAS Subject; otherwise it must not be created from JAAS Subject.

This option is experimental, because it is not covered by tests yet.

Environment variable: QUARKUS_CXF_ENDPOINT___ENDPOINT_PATH__SECURITY_SC_FROM_JAAS_SUBJECT
Since Quarkus CXF: 2.5.0