cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/4] git commit: Moving STS's RequestClaim(Collection) to rt-security. Renaming STS's Claim(Collection) to ProcessedClaim(Collection). Add the ability to add ClaimCollection Objects to a RST in the AbstractSTSClient
Date Thu, 06 Mar 2014 12:43:28 GMT
Moving STS's RequestClaim(Collection) to rt-security. Renaming STS's Claim(Collection) to ProcessedClaim(Collection). Add the ability to add ClaimCollection Objects to a RST in the AbstractSTSClient


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/db6d5598
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/db6d5598
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/db6d5598

Branch: refs/heads/claims
Commit: db6d55988ee70dfa3e751d4de13cac43005fc3f6
Parents: 30d6e81
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Mar 4 12:22:59 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Mar 4 12:22:59 2014 +0000

----------------------------------------------------------------------
 .../apache/cxf/rt/security/claims/Claim.java    | 99 ++++++++++++++++++++
 .../cxf/rt/security/claims/ClaimCollection.java | 65 +++++++++++++
 rt/ws/security/pom.xml                          |  5 +
 .../ws/security/trust/AbstractSTSClient.java    | 31 +++---
 .../security/trust/claims/ClaimsCallback.java   | 14 +--
 .../java/org/apache/cxf/sts/claims/Claim.java   | 88 -----------------
 .../apache/cxf/sts/claims/ClaimCollection.java  | 32 -------
 .../ClaimsAttributeStatementProvider.java       |  6 +-
 .../apache/cxf/sts/claims/ClaimsHandler.java    |  4 +-
 .../apache/cxf/sts/claims/ClaimsManager.java    | 83 ++++++++--------
 .../org/apache/cxf/sts/claims/ClaimsMapper.java |  4 +-
 .../org/apache/cxf/sts/claims/ClaimsParser.java |  6 +-
 .../cxf/sts/claims/IdentityClaimsParser.java    | 48 ++++------
 .../cxf/sts/claims/LdapClaimsHandler.java       | 22 +++--
 .../cxf/sts/claims/LdapGroupClaimsHandler.java  | 22 +++--
 .../apache/cxf/sts/claims/ProcessedClaim.java   | 63 +++++++++++++
 .../sts/claims/ProcessedClaimCollection.java    | 32 +++++++
 .../org/apache/cxf/sts/claims/RequestClaim.java | 56 -----------
 .../cxf/sts/claims/RequestClaimCollection.java  | 43 ---------
 .../cxf/sts/claims/StaticClaimsHandler.java     | 12 ++-
 .../sts/claims/StaticEndpointClaimsHandler.java | 12 ++-
 .../apache/cxf/sts/event/map/EventMapper.java   |  6 +-
 .../cxf/sts/operation/AbstractOperation.java    | 10 +-
 .../cxf/sts/operation/TokenIssueOperation.java  |  4 +-
 .../sts/operation/TokenValidateOperation.java   |  4 +-
 .../apache/cxf/sts/request/RequestParser.java   | 29 +++---
 .../cxf/sts/request/TokenRequirements.java      | 22 ++---
 .../token/provider/TokenProviderParameters.java | 14 +--
 .../cxf/sts/common/CustomAttributeProvider.java | 12 +--
 .../cxf/sts/common/CustomClaimParser.java       | 13 ++-
 .../cxf/sts/common/CustomClaimsHandler.java     | 23 ++---
 .../cxf/sts/common/CustomUserClaimsHandler.java | 18 ++--
 .../sts/common/RealmSupportClaimsHandler.java   | 18 ++--
 .../org/apache/cxf/sts/ldap/LDAPClaimsTest.java | 36 +++----
 .../cxf/sts/operation/CustomClaimsMapper.java   | 14 +--
 .../sts/operation/IssueSamlClaimsUnitTest.java  |  8 +-
 .../ValidateTokenTransformationUnitTest.java    |  9 +-
 .../cxf/sts/token/provider/SAMLClaimsTest.java  | 45 +++++----
 .../cxf/sts/token/realm/RealmSupportTest.java   | 32 +++----
 .../token/validator/SAMLTokenValidatorTest.java | 11 +--
 .../CustomAttributeStatementProvider.java       | 10 +-
 .../sts/deployment/CustomClaimsHandler.java     | 18 ++--
 .../sts/deployment/CustomClaimsParser.java      | 14 ++-
 43 files changed, 578 insertions(+), 539 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
new file mode 100644
index 0000000..bfc6286
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
@@ -0,0 +1,99 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.claims;
+
+import java.io.Serializable;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.logging.Logger;
+
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.cxf.common.logging.LogUtils;
+
+/**
+ * This represents a Claim.
+ */
+public class Claim implements Serializable {
+    
+    private static final long serialVersionUID = 5730726672368086795L;
+
+    private static final Logger LOG = LogUtils.getL7dLogger(Claim.class);
+
+    private URI claimType;
+    private boolean optional;
+    private List<Object> values = new ArrayList<Object>(1);
+
+    public URI getClaimType() {
+        return claimType;
+    }
+
+    public void setClaimType(URI claimType) {
+        this.claimType = claimType;
+    }
+
+    public boolean isOptional() {
+        return optional;
+    }
+
+    public void setOptional(boolean optional) {
+        this.optional = optional;
+    }
+
+    public void setValues(List<Object> values) {
+        this.values.clear();
+        this.values.addAll(values);
+    }
+
+    public void addValue(Object s) {
+        this.values.add(s);
+    }
+    
+    public List<Object> getValues() {
+        return values;
+    }
+    
+    public void serialize(XMLStreamWriter writer, String prefix, String namespace) throws XMLStreamException {
+        String localname = "ClaimType";
+        if (!values.isEmpty()) {
+            localname = "ClaimValue";
+        }
+        writer.writeStartElement(prefix, localname, namespace);
+        writer.writeAttribute(null, "Uri", claimType.toString());
+        if (optional) {
+            writer.writeAttribute(null, "Optional", "true");
+        }
+
+        if (!values.isEmpty()) {
+            for (Object value : values) {
+                if (value instanceof String) {
+                    writer.writeStartElement(prefix, "Value", namespace);
+                    writer.writeCharacters((String)value);
+                    writer.writeEndElement();
+                } else {
+                    LOG.warning("Only a ClaimValue String can be serialized");
+                }
+            }
+        }
+        writer.writeEndElement();
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimCollection.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimCollection.java b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimCollection.java
new file mode 100644
index 0000000..b59cab4
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimCollection.java
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.claims;
+
+import java.net.URI;
+
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+/**
+ * This holds a collection of Claim Objects.
+ */
+public class ClaimCollection extends java.util.ArrayList<Claim> {
+    
+    private static final long serialVersionUID = -4543840943290756510L;
+    
+    private URI dialect = 
+        URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity");
+    private String dialectPrefix = "ic";
+    
+    public URI getDialect() {
+        return dialect;
+    }
+    
+    public void setDialect(URI dialect) {
+        this.dialect = dialect;
+    }
+
+    public void serialize(XMLStreamWriter writer, String prefix, String namespace) throws XMLStreamException {
+        writer.writeStartElement(prefix, "Claims", namespace);
+        writer.writeNamespace(dialectPrefix, dialect.toString());
+        writer.writeAttribute(null, "Dialect", dialect.toString());
+        
+        for (Claim claim : this) {
+            claim.serialize(writer, dialectPrefix, dialect.toString());
+        }
+        
+        writer.writeEndElement();
+    }
+
+    public String getDialectPrefix() {
+        return dialectPrefix;
+    }
+
+    public void setDialectPrefix(String dialectPrefix) {
+        this.dialectPrefix = dialectPrefix;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/rt/ws/security/pom.xml
----------------------------------------------------------------------
diff --git a/rt/ws/security/pom.xml b/rt/ws/security/pom.xml
index 3535504..6d65dde 100644
--- a/rt/ws/security/pom.xml
+++ b/rt/ws/security/pom.xml
@@ -49,6 +49,11 @@
         </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-security</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-ws-addr</artifactId>
             <version>${project.version}</version>
             <scope>provided</scope>

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index 89d96b3..a0b82d2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -72,6 +72,7 @@ import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.service.Service;
 import org.apache.cxf.service.model.BindingInfo;
 import org.apache.cxf.service.model.BindingOperationInfo;
@@ -159,7 +160,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
     protected int keySize = 256;
     protected boolean requiresEntropy = true;
     protected Element template;
-    protected Element claims;
+    protected Object claims;
     protected CallbackHandler claimsCallbackHandler;
     protected AlgorithmSuite algorithmSuite;
     protected String namespace = STSUtils.WST_NS_05_12;
@@ -1264,15 +1265,18 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
     }
     
     protected void addClaims(XMLStreamWriter writer) throws Exception {
-        if (claims != null) {
-            StaxUtils.copy(claims, writer);
-        } else if (claimsCallbackHandler != null) {
+        Object claimsToSerialize = claims;
+        if (claimsToSerialize == null && claimsCallbackHandler != null) {
             ClaimsCallback callback = new ClaimsCallback(message);
             claimsCallbackHandler.handle(new Callback[]{callback});
-            Element claimsElement = callback.getClaims();
-            if (claimsElement != null) {
-                StaxUtils.copy(claimsElement, writer);
-            }
+            claimsToSerialize = callback.getClaims();
+        }
+        
+        if (claimsToSerialize instanceof Element) {
+            StaxUtils.copy((Element)claimsToSerialize, writer);
+        } else if (claimsToSerialize instanceof ClaimCollection) {
+            ClaimCollection claimCollection = (ClaimCollection)claims;
+            claimCollection.serialize(writer, "wst", namespace);
         }
     }
 
@@ -1547,14 +1551,15 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
         template = rstTemplate;
     }
 
-    public void setClaims(Element rstClaims) {
+    /**
+     * Set a Claims Object to be included in the request. This Object can be either a DOM Element, 
+     * which will be copied "as is" into the request, or else a 
+     * org.apache.cxf.rt.security.claims.ClaimCollection Object.
+     */
+    public void setClaims(Object rstClaims) {
         claims = rstClaims;
     }
     
-    public Element getClaims() {
-        return claims;
-    }
-    
     public List<Interceptor<? extends Message>> getOutFaultInterceptors() {
         if (client != null) {
             return client.getOutFaultInterceptors();

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/claims/ClaimsCallback.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/claims/ClaimsCallback.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/claims/ClaimsCallback.java
index 5321ff2..59d34a8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/claims/ClaimsCallback.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/claims/ClaimsCallback.java
@@ -21,19 +21,19 @@ package org.apache.cxf.ws.security.trust.claims;
 
 import javax.security.auth.callback.Callback;
 
-import org.w3c.dom.Element;
-
 import org.apache.cxf.message.Message;
 
 /**
  * This Callback class provides a pluggable way of sending Claims to the STS. A CallbackHandler
  * instance will be supplied with this class, which contains a reference to the current
- * Message. The CallbackHandler implementation is required to set the claims Element to be
- * sent in the request. 
+ * Message. The CallbackHandler implementation is required to set the claims Object to be
+ * sent in the request. This object can be either a DOM Element to be written out "as is", or else
+ * a org.apache.cxf.rt.security.claims.ClaimCollection Object which will be serialized in the 
+ * request.
  */
 public class ClaimsCallback implements Callback {
     
-    private Element claims;
+    private Object claims;
     
     private Message currentMessage;
     
@@ -45,11 +45,11 @@ public class ClaimsCallback implements Callback {
         this.currentMessage = currentMessage;
     }
     
-    public void setClaims(Element claims) {
+    public void setClaims(Object claims) {
         this.claims = claims;
     }
     
-    public Element getClaims() {
+    public Object getClaims() {
         return claims;
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/Claim.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/Claim.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/Claim.java
deleted file mode 100644
index b8391a5..0000000
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/Claim.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.claims;
-
-import java.io.Serializable;
-import java.net.URI;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * This represents a Claim that has been processed by a ClaimsHandler instance.
- */
-public class Claim implements Serializable {
-
-    /**
-     * 
-     */
-    private static final long serialVersionUID = -1151700035195497499L;
-    private URI claimType;
-    private String issuer;
-    private String originalIssuer;
-    private transient Principal principal;
-    private List<Object> values = new ArrayList<Object>(1);
-
-    public String getIssuer() {
-        return issuer;
-    }
-
-    public void setIssuer(String issuer) {
-        this.issuer = issuer;
-    }
-
-    public String getOriginalIssuer() {
-        return originalIssuer;
-    }
-
-    public void setOriginalIssuer(String originalIssuer) {
-        this.originalIssuer = originalIssuer;
-    }
-
-    public URI getClaimType() {
-        return claimType;
-    }
-
-    public void setClaimType(URI claimType) {
-        this.claimType = claimType;
-    }
-
-    public Principal getPrincipal() {
-        return principal;
-    }
-
-    public void setPrincipal(Principal principal) {
-        this.principal = principal;
-    }
-
-    public void setValues(List<Object> values) {
-        this.values.clear();
-        this.values.addAll(values);
-    }
-
-    public void addValue(Object s) {
-        this.values.add(s);
-    }
-    
-    public List<Object> getValues() {
-        return values;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimCollection.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimCollection.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimCollection.java
deleted file mode 100644
index 19d3b47..0000000
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimCollection.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.claims;
-
-/**
- * This holds a collection of Claims.
- */
-public class ClaimCollection extends java.util.ArrayList<Claim> {
-
-    /**
-     * 
-     */
-    private static final long serialVersionUID = -4630183900697336428L;
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
index b8cfc37..060c359 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
@@ -37,7 +37,7 @@ public class ClaimsAttributeStatementProvider implements AttributeStatementProvi
     public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
         // Handle Claims
         ClaimsManager claimsManager = providerParameters.getClaimsManager();
-        ClaimCollection retrievedClaims = new ClaimCollection();
+        ProcessedClaimCollection retrievedClaims = new ProcessedClaimCollection();
         if (claimsManager != null) {
             ClaimsParameters params = new ClaimsParameters();
             params.setAdditionalProperties(providerParameters.getAdditionalProperties());
@@ -67,7 +67,7 @@ public class ClaimsAttributeStatementProvider implements AttributeStatementProvi
             return null;
         }
         
-        Iterator<Claim> claimIterator = retrievedClaims.iterator();
+        Iterator<ProcessedClaim> claimIterator = retrievedClaims.iterator();
         if (!claimIterator.hasNext()) {
             return null;
         }
@@ -77,7 +77,7 @@ public class ClaimsAttributeStatementProvider implements AttributeStatementProvi
         
         AttributeStatementBean attrBean = new AttributeStatementBean();
         while (claimIterator.hasNext()) {
-            Claim claim = claimIterator.next();
+            ProcessedClaim claim = claimIterator.next();
             AttributeBean attributeBean = new AttributeBean();
             
             URI claimType = claim.getClaimType();

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsHandler.java
index 533c207..a8fdc28 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsHandler.java
@@ -22,6 +22,8 @@ package org.apache.cxf.sts.claims;
 import java.net.URI;
 import java.util.List;
 
+import org.apache.cxf.rt.security.claims.ClaimCollection;
+
 /**
  * This interface provides a pluggable way to handle Claims.
  */
@@ -29,7 +31,7 @@ public interface ClaimsHandler {
 
     List<URI> getSupportedClaimTypes();
 
-    ClaimCollection retrieveClaimValues(RequestClaimCollection claims, ClaimsParameters parameters);
+    ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters);
 
 }
  
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
index 6b5641c..5d28721 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
@@ -29,8 +29,9 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import org.w3c.dom.Element;
-
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.sts.IdentityMapper;
 import org.apache.cxf.sts.token.realm.RealmSupport;
 import org.apache.cxf.sts.token.realm.Relationship;
@@ -97,9 +98,9 @@ public class ClaimsManager {
         }
     }
 
-    public ClaimCollection retrieveClaimValues(
-        RequestClaimCollection primaryClaims,
-        RequestClaimCollection secondaryClaims,
+    public ProcessedClaimCollection retrieveClaimValues(
+        ClaimCollection primaryClaims,
+        ClaimCollection secondaryClaims,
         ClaimsParameters parameters
     ) {
         if (primaryClaims == null && secondaryClaims == null) {
@@ -114,13 +115,13 @@ public class ClaimsManager {
         if (primaryClaims.getDialect() != null
             && primaryClaims.getDialect().equals(secondaryClaims.getDialect())) {
             // Matching dialects - so we must merge them
-            RequestClaimCollection mergedClaims = mergeClaims(primaryClaims, secondaryClaims);
+            ClaimCollection mergedClaims = mergeClaims(primaryClaims, secondaryClaims);
             return retrieveClaimValues(mergedClaims, parameters);
         } else {
             // If the dialects don't match then just return all Claims
-            ClaimCollection claims = retrieveClaimValues(primaryClaims, parameters);
-            ClaimCollection claims2 = retrieveClaimValues(secondaryClaims, parameters);
-            ClaimCollection returnedClaims = new ClaimCollection();
+            ProcessedClaimCollection claims = retrieveClaimValues(primaryClaims, parameters);
+            ProcessedClaimCollection claims2 = retrieveClaimValues(secondaryClaims, parameters);
+            ProcessedClaimCollection returnedClaims = new ProcessedClaimCollection();
             if (claims != null) {
                 returnedClaims.addAll(claims);
             }
@@ -131,7 +132,7 @@ public class ClaimsManager {
         }
     }
     
-    public ClaimCollection retrieveClaimValues(RequestClaimCollection claims, ClaimsParameters parameters) {
+    public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
         Relationship relationship = null;
         if (parameters.getAdditionalProperties() != null) {
             relationship = (Relationship)parameters.getAdditionalProperties().get(
@@ -148,10 +149,10 @@ public class ClaimsManager {
                 return null;
             }
             Principal originalPrincipal = parameters.getPrincipal();
-            ClaimCollection returnCollection = new ClaimCollection();
+            ProcessedClaimCollection returnCollection = new ProcessedClaimCollection();
             for (ClaimsHandler handler : claimHandlers) {
                 
-                RequestClaimCollection supportedClaims = 
+                ClaimCollection supportedClaims = 
                     filterHandlerClaims(claims, handler.getSupportedClaimTypes());
                 if (supportedClaims.isEmpty()) {
                     continue;
@@ -212,7 +213,7 @@ public class ClaimsManager {
                     }
                 }
                 
-                ClaimCollection claimCollection = null;
+                ProcessedClaimCollection claimCollection = null;
                 try {
                     claimCollection = handler.retrieveClaimValues(supportedClaims, parameters);
                 } catch (RuntimeException ex) {
@@ -247,16 +248,16 @@ public class ClaimsManager {
             // Consider refactoring to use a CallbackHandler and keep ClaimsManager token independent
             SamlAssertionWrapper assertion = 
                 (SamlAssertionWrapper)parameters.getAdditionalProperties().get(SamlAssertionWrapper.class.getName());
-            List<Claim> claimList = null;
+            List<ProcessedClaim> claimList = null;
             if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
                 claimList = this.parseClaimsInAssertion(assertion.getSaml2());
             } else {
                 claimList = this.parseClaimsInAssertion(assertion.getSaml1());
             }
-            ClaimCollection sourceClaims = new ClaimCollection();
+            ProcessedClaimCollection sourceClaims = new ProcessedClaimCollection();
             sourceClaims.addAll(claimList);
             
-            ClaimCollection targetClaims = claimsMapper.mapClaims(relationship.getSourceRealm(),
+            ProcessedClaimCollection targetClaims = claimsMapper.mapClaims(relationship.getSourceRealm(),
                     sourceClaims, relationship.getTargetRealm(), parameters);
             validateClaimValues(claims, targetClaims);
             return targetClaims;
@@ -264,11 +265,11 @@ public class ClaimsManager {
 
     }
 
-    private RequestClaimCollection filterHandlerClaims(RequestClaimCollection claims,
+    private ClaimCollection filterHandlerClaims(ClaimCollection claims,
                                                          List<URI> handlerClaimTypes) {
-        RequestClaimCollection supportedClaims = new RequestClaimCollection(); 
+        ClaimCollection supportedClaims = new ClaimCollection(); 
         supportedClaims.setDialect(claims.getDialect());
-        for (RequestClaim claim : claims) {
+        for (Claim claim : claims) {
             if (handlerClaimTypes.contains(claim.getClaimType())) {
                 supportedClaims.add(claim);
             }
@@ -276,12 +277,12 @@ public class ClaimsManager {
         return supportedClaims;
     }
     
-    private boolean validateClaimValues(RequestClaimCollection requestedClaims, ClaimCollection claims) {
-        for (RequestClaim claim : requestedClaims) {
+    private boolean validateClaimValues(ClaimCollection requestedClaims, ProcessedClaimCollection claims) {
+        for (Claim claim : requestedClaims) {
             URI claimType = claim.getClaimType();
             boolean found = false;
             if (!claim.isOptional()) {
-                for (Claim c : claims) {
+                for (ProcessedClaim c : claims) {
                     if (c.getClaimType().equals(claimType)) {
                         found = true;
                         break;
@@ -298,7 +299,7 @@ public class ClaimsManager {
     }
 
 
-    protected List<Claim> parseClaimsInAssertion(org.opensaml.saml1.core.Assertion assertion) {
+    protected List<ProcessedClaim> parseClaimsInAssertion(org.opensaml.saml1.core.Assertion assertion) {
         List<org.opensaml.saml1.core.AttributeStatement> attributeStatements = 
             assertion.getAttributeStatements();
         if (attributeStatements == null || attributeStatements.isEmpty()) {
@@ -307,7 +308,7 @@ public class ClaimsManager {
             }            
             return Collections.emptyList();
         }
-        ClaimCollection collection = new ClaimCollection();
+        ProcessedClaimCollection collection = new ProcessedClaimCollection();
 
         for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements) {
             if (LOG.isLoggable(Level.FINEST)) {
@@ -319,7 +320,7 @@ public class ClaimsManager {
                 if (LOG.isLoggable(Level.FINEST)) {
                     LOG.finest("parsing attribute: " + attribute.getAttributeName());
                 }
-                Claim c = new Claim();
+                ProcessedClaim c = new ProcessedClaim();
                 c.setIssuer(assertion.getIssuer());
                 c.setClaimType(URI.create(attribute.getAttributeName()));
                 try {
@@ -343,7 +344,7 @@ public class ClaimsManager {
         return collection;
     }
 
-    protected List<Claim> parseClaimsInAssertion(org.opensaml.saml2.core.Assertion assertion) {
+    protected List<ProcessedClaim> parseClaimsInAssertion(org.opensaml.saml2.core.Assertion assertion) {
         List<org.opensaml.saml2.core.AttributeStatement> attributeStatements = 
             assertion.getAttributeStatements();
         if (attributeStatements == null || attributeStatements.isEmpty()) {
@@ -353,7 +354,7 @@ public class ClaimsManager {
             return Collections.emptyList();
         }
 
-        List<Claim> collection = new ArrayList<Claim>();
+        List<ProcessedClaim> collection = new ArrayList<ProcessedClaim>();
 
         for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements) {
             if (LOG.isLoggable(Level.FINEST)) {
@@ -364,7 +365,7 @@ public class ClaimsManager {
                 if (LOG.isLoggable(Level.FINEST)) {
                     LOG.finest("parsing attribute: " + attribute.getName());
                 }
-                Claim c = new Claim();
+                ProcessedClaim c = new ProcessedClaim();
                 c.setClaimType(URI.create(attribute.getName()));
                 c.setIssuer(assertion.getIssuer().getNameQualifier());
                 for (XMLObject attributeValue : attribute.getAttributeValues()) {
@@ -388,20 +389,20 @@ public class ClaimsManager {
      * This facilitates handling claims from a service via wst:SecondaryParameters/wst:Claims 
      * with any client-specific claims sent in wst:RequestSecurityToken/wst:Claims
      */
-    private RequestClaimCollection mergeClaims(
-        RequestClaimCollection primaryClaims, RequestClaimCollection secondaryClaims
+    private ClaimCollection mergeClaims(
+        ClaimCollection primaryClaims, ClaimCollection secondaryClaims
     ) {
-        RequestClaimCollection parsedClaims = new RequestClaimCollection();
+        ClaimCollection parsedClaims = new ClaimCollection();
         parsedClaims.addAll(secondaryClaims);
         
         // Merge claims
-        RequestClaimCollection mergedClaims = new RequestClaimCollection();
+        ClaimCollection mergedClaims = new ClaimCollection();
         mergedClaims.setDialect(primaryClaims.getDialect());
         
-        for (RequestClaim claim : primaryClaims) {
-            RequestClaim matchingClaim = null;
+        for (Claim claim : primaryClaims) {
+            Claim matchingClaim = null;
             // Search for a matching claim via the ClaimType URI
-            for (RequestClaim secondaryClaim : parsedClaims) {
+            for (Claim secondaryClaim : parsedClaims) {
                 if (secondaryClaim.getClaimType().equals(claim.getClaimType())) {
                     matchingClaim = secondaryClaim;
                     break;
@@ -411,16 +412,16 @@ public class ClaimsManager {
             if (matchingClaim == null) {
                 mergedClaims.add(claim);
             } else {
-                RequestClaim mergedClaim = new RequestClaim();
+                Claim mergedClaim = new Claim();
                 mergedClaim.setClaimType(claim.getClaimType());
-                if (claim.getClaimValue() != null) {
-                    mergedClaim.setClaimValue(claim.getClaimValue());
-                    if (matchingClaim.getClaimValue() != null) {
-                        LOG.log(Level.WARNING, "Secondary claim value " + matchingClaim.getClaimValue()
+                if (claim.getValues() != null && !claim.getValues().isEmpty()) {
+                    mergedClaim.setValues(claim.getValues());
+                    if (matchingClaim.getValues() != null && !matchingClaim.getValues().isEmpty()) {
+                        LOG.log(Level.WARNING, "Secondary claim value " + matchingClaim.getValues()
                                 + " ignored in favour of primary claim value");
                     }
-                } else if (matchingClaim.getClaimValue() != null) {
-                    mergedClaim.setClaimValue(matchingClaim.getClaimValue());
+                } else if (matchingClaim.getValues() != null && !matchingClaim.getValues().isEmpty()) {
+                    mergedClaim.setValues(matchingClaim.getValues());
                 }
                 mergedClaims.add(mergedClaim);
                 

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsMapper.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsMapper.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsMapper.java
index 73325b7..25526f8 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsMapper.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsMapper.java
@@ -32,7 +32,7 @@ public interface ClaimsMapper {
      * @param targetRealm the target realm of the Principal
      * @return claims collection of the target realm
      */
-    ClaimCollection mapClaims(String sourceRealm,
-            ClaimCollection sourceClaims, String targetRealm, ClaimsParameters parameters);
+    ProcessedClaimCollection mapClaims(String sourceRealm,
+            ProcessedClaimCollection sourceClaims, String targetRealm, ClaimsParameters parameters);
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsParser.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsParser.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsParser.java
index 4332993..203911e 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsParser.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsParser.java
@@ -21,13 +21,15 @@ package org.apache.cxf.sts.claims;
 
 import org.w3c.dom.Element;
 
+import org.apache.cxf.rt.security.claims.Claim;
+
 public interface ClaimsParser {
 
     /**
      * @param claim Element to parse claim request from
-     * @return RequestClaim parsed from claim
+     * @return Claim parsed from claim
      */
-    RequestClaim parse(Element claim);
+    Claim parse(Element claim);
 
     /**
      * This method indicates the claims dialect this Parser can handle.

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/IdentityClaimsParser.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/IdentityClaimsParser.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/IdentityClaimsParser.java
index c2bad63..71d7d7a 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/IdentityClaimsParser.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/IdentityClaimsParser.java
@@ -21,14 +21,13 @@ package org.apache.cxf.sts.claims;
 
 import java.net.URI;
 import java.net.URISyntaxException;
-
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.rt.security.claims.Claim;
 
 public class IdentityClaimsParser implements ClaimsParser {
     
@@ -37,17 +36,18 @@ public class IdentityClaimsParser implements ClaimsParser {
 
     private static final Logger LOG = LogUtils.getL7dLogger(IdentityClaimsParser.class);
 
-    public RequestClaim parse(Element claim) {
+    public Claim parse(Element claim) {
         return parseClaimType(claim);
     }
 
-    public static RequestClaim parseClaimType(Element claimType) {
+    public static Claim parseClaimType(Element claimType) {
         String claimLocalName = claimType.getLocalName();
         String claimNS = claimType.getNamespaceURI();
-        if ("ClaimType".equals(claimLocalName)) {
+        
+        if ("ClaimType".equals(claimLocalName) || "ClaimValue".equals(claimLocalName)) {
             String claimTypeUri = claimType.getAttributeNS(null, "Uri");
             String claimTypeOptional = claimType.getAttributeNS(null, "Optional");
-            RequestClaim requestClaim = new RequestClaim();
+            Claim requestClaim = new Claim();
             try {
                 requestClaim.setClaimType(new URI(claimTypeUri));
             } catch (URISyntaxException e) {
@@ -58,36 +58,22 @@ public class IdentityClaimsParser implements ClaimsParser {
                 );
             }
             requestClaim.setOptional(Boolean.parseBoolean(claimTypeOptional));
-            return requestClaim;
-        } else if ("ClaimValue".equals(claimLocalName)) {
-            String claimTypeUri = claimType.getAttributeNS(null, "Uri");
-            String claimTypeOptional = claimType.getAttributeNS(null, "Optional");
-            RequestClaim requestClaim = new RequestClaim();
-            try {
-                requestClaim.setClaimType(new URI(claimTypeUri));
-            } catch (URISyntaxException e) {
-                LOG.log(
-                    Level.WARNING, 
-                    "Cannot create URI from the given ClaimTye attribute value " + claimTypeUri,
-                    e
-                );
-            }
             
-            Node valueNode = claimType.getFirstChild();
-            if (valueNode != null) {
-                if ("Value".equals(valueNode.getLocalName())) {
-                    requestClaim.setClaimValue(valueNode.getTextContent().trim());
+            if ("ClaimValue".equals(claimLocalName)) {
+                Node valueNode = claimType.getFirstChild();
+                if (valueNode != null) {
+                    if ("Value".equals(valueNode.getLocalName())) {
+                        requestClaim.addValue(valueNode.getTextContent().trim());
+                    } else {
+                        LOG.warning("Unsupported child element of ClaimValue element "
+                                + valueNode.getLocalName());
+                        return null;
+                    }
                 } else {
-                    LOG.warning("Unsupported child element of ClaimValue element "
-                            + valueNode.getLocalName());
+                    LOG.warning("No child element of ClaimValue element available");
                     return null;
                 }
-            } else {
-                LOG.warning("No child element of ClaimValue element available");
-                return null;
             }
-             
-            requestClaim.setOptional(Boolean.parseBoolean(claimTypeOptional));
             
             return requestClaim;
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
index e4dcd3e..238544c 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
@@ -38,6 +38,8 @@ import javax.security.auth.x500.X500Principal;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.sts.token.realm.RealmSupport;
 import org.springframework.ldap.core.AttributesMapper;
 import org.springframework.ldap.core.LdapTemplate;
@@ -135,8 +137,8 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
         return uriList;
     }    
     
-    public ClaimCollection retrieveClaimValues(
-            RequestClaimCollection claims, ClaimsParameters parameters) {
+    public ProcessedClaimCollection retrieveClaimValues(
+            ClaimCollection claims, ClaimsParameters parameters) {
         String user = null;
         boolean useLdapLookup = false;
         
@@ -148,18 +150,18 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
         } else if (principal instanceof X500Principal) {
             X500Principal x500p = (X500Principal)principal;
             LOG.warning("Unsupported principal type X500: " + x500p.getName());
-            return new ClaimCollection();
+            return new ProcessedClaimCollection();
         } else if (principal != null) {
             user = principal.getName();
             if (user == null) {
                 LOG.warning("User must not be null");
-                return new ClaimCollection();
+                return new ProcessedClaimCollection();
             }
             useLdapLookup = LdapUtils.isDN(user);
             
         } else {
             LOG.warning("Principal is null");
-            return new ClaimCollection();
+            return new ProcessedClaimCollection();
         }
        
         if (LOG.isLoggable(Level.FINEST)) {
@@ -185,7 +187,7 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
             ldapAttributes = CastUtils.cast((Map<?, ?>)result);
         } else {
             List<String> searchAttributeList = new ArrayList<String>();
-            for (RequestClaim claim : claims) {
+            for (Claim claim : claims) {
                 if (getClaimsLdapAttributeMapping().keySet().contains(claim.getClaimType().toString())) {
                     searchAttributeList.add(
                         getClaimsLdapAttributeMapping().get(claim.getClaimType().toString())
@@ -209,12 +211,12 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
             if (LOG.isLoggable(Level.INFO)) {
                 LOG.finest("User '" + user + "' not found");
             }
-            return new ClaimCollection();
+            return new ProcessedClaimCollection();
         }
         
-        ClaimCollection claimsColl = new ClaimCollection();
+        ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
 
-        for (RequestClaim claim : claims) {
+        for (Claim claim : claims) {
             URI claimType = claim.getClaimType();
             String ldapAttribute = getClaimsLdapAttributeMapping().get(claimType.toString());
             Attribute attr = ldapAttributes.get(ldapAttribute);
@@ -223,7 +225,7 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
                     LOG.finest("Claim '" + claim.getClaimType() + "' is null");
                 }
             } else {
-                Claim c = new Claim();
+                ProcessedClaim c = new ProcessedClaim();
                 c.setClaimType(claimType);
                 c.setPrincipal(principal);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
index 2703fb3..f94abf6 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
@@ -34,6 +34,8 @@ import javax.security.auth.kerberos.KerberosPrincipal;
 import javax.security.auth.x500.X500Principal;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.sts.token.realm.RealmSupport;
 import org.springframework.ldap.core.LdapTemplate;
 
@@ -174,18 +176,18 @@ public class LdapGroupClaimsHandler implements ClaimsHandler, RealmSupport {
         return list;
     }    
     
-    public ClaimCollection retrieveClaimValues(
-            RequestClaimCollection claims, ClaimsParameters parameters) {
+    public ProcessedClaimCollection retrieveClaimValues(
+            ClaimCollection claims, ClaimsParameters parameters) {
         
         boolean found = false;
-        for (RequestClaim claim: claims) {
+        for (Claim claim: claims) {
             if (claim.getClaimType().toString().equals(this.groupURI)) {
                 found = true;
                 break;
             }
         }
         if (!found) {
-            return new ClaimCollection();
+            return new ProcessedClaimCollection();
         }
         
         String user = null;
@@ -207,7 +209,7 @@ public class LdapGroupClaimsHandler implements ClaimsHandler, RealmSupport {
             LOG.warning("Principal is null");
         }
         if (user == null) {
-            return new ClaimCollection();
+            return new ProcessedClaimCollection();
         }
         
         if (!LdapUtils.isDN(user)) {
@@ -218,7 +220,7 @@ public class LdapGroupClaimsHandler implements ClaimsHandler, RealmSupport {
                 LOG.fine("DN for (" + this.getUserNameAttribute() + "=" + user + ") found: " + user);
             } else {
                 LOG.warning("DN not found for user '" + user + "'");
-                return new ClaimCollection();
+                return new ProcessedClaimCollection();
             }
         }
         
@@ -234,7 +236,7 @@ public class LdapGroupClaimsHandler implements ClaimsHandler, RealmSupport {
             if (LOG.isLoggable(Level.INFO)) {
                 LOG.info("No groups found for user '" + user + "'");
             }
-            return new ClaimCollection();
+            return new ProcessedClaimCollection();
         }
         
         if (LOG.isLoggable(Level.FINE)) {
@@ -300,11 +302,11 @@ public class LdapGroupClaimsHandler implements ClaimsHandler, RealmSupport {
         LOG.info("Filtered groups: " + filteredGroups);
         if (filteredGroups.size() == 0) {
             LOG.info("No matching groups found for user '" + principal + "'");
-            return new ClaimCollection();
+            return new ProcessedClaimCollection();
         }
         
-        ClaimCollection claimsColl = new ClaimCollection();
-        Claim c = new Claim();
+        ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
+        ProcessedClaim c = new ProcessedClaim();
         c.setClaimType(URI.create(this.groupURI));
         c.setPrincipal(principal);
         c.setValues(new ArrayList<Object>(filteredGroups));

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ProcessedClaim.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ProcessedClaim.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ProcessedClaim.java
new file mode 100644
index 0000000..fff7fe6
--- /dev/null
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ProcessedClaim.java
@@ -0,0 +1,63 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.claims;
+
+import java.security.Principal;
+
+import org.apache.cxf.rt.security.claims.Claim;
+
+/**
+ * This represents a Claim that has been processed by a ClaimsHandler instance.
+ */
+public class ProcessedClaim extends Claim {
+
+    /**
+     * 
+     */
+    private static final long serialVersionUID = -336574019841442184L;
+    private String issuer;
+    private String originalIssuer;
+    private transient Principal principal;
+
+    public String getIssuer() {
+        return issuer;
+    }
+
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
+
+    public String getOriginalIssuer() {
+        return originalIssuer;
+    }
+
+    public void setOriginalIssuer(String originalIssuer) {
+        this.originalIssuer = originalIssuer;
+    }
+
+    public Principal getPrincipal() {
+        return principal;
+    }
+
+    public void setPrincipal(Principal principal) {
+        this.principal = principal;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ProcessedClaimCollection.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ProcessedClaimCollection.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ProcessedClaimCollection.java
new file mode 100644
index 0000000..5fde169
--- /dev/null
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ProcessedClaimCollection.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.claims;
+
+/**
+ * This holds a collection of Claims that have been processed by a ClaimsHandler implementation
+ */
+public class ProcessedClaimCollection extends java.util.ArrayList<ProcessedClaim> {
+
+    /**
+     * 
+     */
+    private static final long serialVersionUID = -4630183900697336428L;
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaim.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaim.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaim.java
deleted file mode 100644
index 85c6082..0000000
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaim.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.claims;
-
-import java.net.URI;
-
-/**
- * This represents a Claim that has been processed by the RequestParser.
- */
-public class RequestClaim {
-
-    private URI claimType;
-    private boolean optional;
-    private String claimValue;
-
-    public URI getClaimType() {
-        return claimType;
-    }
-
-    public void setClaimType(URI claimType) {
-        this.claimType = claimType;
-    }
-
-    public boolean isOptional() {
-        return optional;
-    }
-
-    public void setOptional(boolean optional) {
-        this.optional = optional;
-    }
-
-    public String getClaimValue() {
-        return claimValue;
-    }
-
-    public void setClaimValue(String claimValue) {
-        this.claimValue = claimValue;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaimCollection.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaimCollection.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaimCollection.java
deleted file mode 100644
index 3809530..0000000
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaimCollection.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.claims;
-
-import java.net.URI;
-
-/**
- * This holds a collection of RequestClaims.
- */
-public class RequestClaimCollection extends java.util.ArrayList<RequestClaim> {
-    
-    /**
-     * 
-     */
-    private static final long serialVersionUID = 6013920740410651546L;
-    private URI dialect;
-    
-    public URI getDialect() {
-        return dialect;
-    }
-    
-    public void setDialect(URI dialect) {
-        this.dialect = dialect;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java
index 859d649..ef90dc3 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java
@@ -28,6 +28,8 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
 
 public class StaticClaimsHandler implements ClaimsHandler {
 
@@ -57,13 +59,13 @@ public class StaticClaimsHandler implements ClaimsHandler {
         return uriList;
     }    
     
-    public ClaimCollection retrieveClaimValues(
-            RequestClaimCollection claims, ClaimsParameters parameters) {
+    public ProcessedClaimCollection retrieveClaimValues(
+            ClaimCollection claims, ClaimsParameters parameters) {
         
-        ClaimCollection claimsColl = new ClaimCollection();
-        for (RequestClaim claim : claims) {
+        ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
+        for (Claim claim : claims) {
             if (getGlobalClaims().keySet().contains(claim.getClaimType().toString())) {
-                Claim c = new Claim();
+                ProcessedClaim c = new ProcessedClaim();
                 c.setClaimType(claim.getClaimType());
                 c.setPrincipal(parameters.getPrincipal());
                 c.addValue(getGlobalClaims().get(claim.getClaimType().toString()));

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java
index e60fb02..98ec5c5 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticEndpointClaimsHandler.java
@@ -27,6 +27,8 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
 
 public class StaticEndpointClaimsHandler implements ClaimsHandler {
 
@@ -51,10 +53,10 @@ public class StaticEndpointClaimsHandler implements ClaimsHandler {
         return Collections.unmodifiableList(this.supportedClaims);
     }    
     
-    public ClaimCollection retrieveClaimValues(
-            RequestClaimCollection claims, ClaimsParameters parameters) {
+    public ProcessedClaimCollection retrieveClaimValues(
+            ClaimCollection claims, ClaimsParameters parameters) {
         
-        ClaimCollection claimsColl = new ClaimCollection();
+        ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
         String appliesTo = parameters.getAppliesToAddress();
         if (appliesTo == null) {
             if (LOG.isLoggable(Level.FINER)) {
@@ -70,9 +72,9 @@ public class StaticEndpointClaimsHandler implements ClaimsHandler {
             }
             return claimsColl;
         }
-        for (RequestClaim claim : claims) {
+        for (Claim claim : claims) {
             if (endpointClaims.keySet().contains(claim.getClaimType().toString())) {
-                Claim c = new Claim();
+                ProcessedClaim c = new ProcessedClaim();
                 c.setClaimType(claim.getClaimType());
                 c.setPrincipal(parameters.getPrincipal());
                 c.addValue(endpointClaims.get(claim.getClaimType().toString()));

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java
index d29bb63..d8eea08 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java
@@ -29,7 +29,7 @@ import java.util.logging.Logger;
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.sts.claims.RequestClaim;
+import org.apache.cxf.rt.security.claims.Claim;
 import org.apache.cxf.sts.event.AbstractSTSEvent;
 import org.apache.cxf.sts.event.AbstractSTSFailureEvent;
 import org.apache.cxf.sts.event.STSEventListener;
@@ -116,14 +116,14 @@ public class EventMapper implements STSEventListener {
 
         if (params.getRequestedPrimaryClaims() != null) {
             List<String> claims = new ArrayList<String>();
-            for (RequestClaim claim : params.getRequestedPrimaryClaims()) {
+            for (Claim claim : params.getRequestedPrimaryClaims()) {
                 claims.add(claim.getClaimType().toString());
             }
             map.put(KEYS.CLAIMS_PRIMARY.name(), claims.toString());
         }
         if (params.getRequestedSecondaryClaims() != null) {
             List<String> claims = new ArrayList<String>();
-            for (RequestClaim claim : params.getRequestedSecondaryClaims()) {
+            for (Claim claim : params.getRequestedSecondaryClaims()) {
                 claims.add(claim.getClaimType().toString());
             }
             map.put(KEYS.CLAIMS_SECONDARY.name(), claims.toString());

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
index af1529c..fad24db 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
@@ -39,14 +39,14 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.sts.IdentityMapper;
 import org.apache.cxf.sts.QNameConstants;
 import org.apache.cxf.sts.RealmParser;
 import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.STSPropertiesMBean;
 import org.apache.cxf.sts.claims.ClaimsManager;
-import org.apache.cxf.sts.claims.RequestClaim;
-import org.apache.cxf.sts.claims.RequestClaimCollection;
 import org.apache.cxf.sts.event.AbstractSTSEvent;
 import org.apache.cxf.sts.event.STSEventListener;
 import org.apache.cxf.sts.request.KeyRequirements;
@@ -480,7 +480,7 @@ public abstract class AbstractOperation {
         }
         
         // Set the requested Claims
-        RequestClaimCollection claims = tokenRequirements.getPrimaryClaims();
+        ClaimCollection claims = tokenRequirements.getPrimaryClaims();
         providerParameters.setRequestedPrimaryClaims(claims);
         claims = tokenRequirements.getSecondaryClaims();
         providerParameters.setRequestedSecondaryClaims(claims);
@@ -665,10 +665,10 @@ public abstract class AbstractOperation {
         }
     }
     
-    protected void checkClaimsSupport(RequestClaimCollection requestedClaims) {
+    protected void checkClaimsSupport(ClaimCollection requestedClaims) {
         if (requestedClaims != null) {
             List<URI> unhandledClaimTypes = new ArrayList<URI>();
-            for (RequestClaim requestedClaim : requestedClaims) {
+            for (Claim requestedClaim : requestedClaims) {
                 if (!claimsManager.getSupportedClaimTypes().contains(requestedClaim.getClaimType()) 
                         && !requestedClaim.isOptional()) {
                     unhandledClaimTypes.add(requestedClaim.getClaimType());

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
index 400a0e7..1de4480 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
@@ -33,8 +33,8 @@ import javax.xml.ws.handler.MessageContext;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.sts.QNameConstants;
-import org.apache.cxf.sts.claims.RequestClaimCollection;
 import org.apache.cxf.sts.event.STSIssueFailureEvent;
 import org.apache.cxf.sts.event.STSIssueSuccessEvent;
 import org.apache.cxf.sts.request.KeyRequirements;
@@ -113,7 +113,7 @@ public class TokenIssueOperation extends AbstractOperation implements IssueOpera
             providerParameters = createTokenProviderParameters(requestParser, context);
     
             // Check if the requested claims can be handled by the configured claim handlers
-            RequestClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
+            ClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
             checkClaimsSupport(requestedClaims);
             requestedClaims = providerParameters.getRequestedSecondaryClaims();
             checkClaimsSupport(requestedClaims);

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
index dac396f..fb326ea 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
@@ -27,10 +27,10 @@ import javax.xml.bind.JAXBElement;
 import javax.xml.ws.WebServiceContext;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.sts.QNameConstants;
 import org.apache.cxf.sts.RealmParser;
 import org.apache.cxf.sts.STSConstants;
-import org.apache.cxf.sts.claims.RequestClaimCollection;
 import org.apache.cxf.sts.event.STSValidateFailureEvent;
 import org.apache.cxf.sts.event.STSValidateSuccessEvent;
 import org.apache.cxf.sts.request.ReceivedToken;
@@ -125,7 +125,7 @@ public class TokenValidateOperation extends AbstractOperation implements Validat
                 processValidToken(providerParameters, validateTarget, tokenResponse);
                 
                 // Check if the requested claims can be handled by the configured claim handlers
-                RequestClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
+                ClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
                 checkClaimsSupport(requestedClaims);
                 requestedClaims = providerParameters.getRequestedSecondaryClaims();
                 checkClaimsSupport(requestedClaims);

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
index 9acce25..0ed2e51 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
@@ -44,18 +44,17 @@ import javax.xml.ws.handler.MessageContext;
 
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
-
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.sts.QNameConstants;
 import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.STSPropertiesMBean;
 import org.apache.cxf.sts.claims.ClaimsParser;
 import org.apache.cxf.sts.claims.IdentityClaimsParser;
-import org.apache.cxf.sts.claims.RequestClaim;
-import org.apache.cxf.sts.claims.RequestClaimCollection;
 import org.apache.cxf.ws.security.sts.provider.STSException;
 import org.apache.cxf.ws.security.sts.provider.model.BinarySecretType;
 import org.apache.cxf.ws.security.sts.provider.model.CancelTargetType;
@@ -298,7 +297,7 @@ public class RequestParser {
             LOG.fine("Found CancelTarget token");
         } else if (QNameConstants.CLAIMS.equals(jaxbElement.getName())) {
             ClaimsType claimsType = (ClaimsType)jaxbElement.getValue();
-            RequestClaimCollection requestedClaims = parseClaims(claimsType, claimsParsers);
+            ClaimCollection requestedClaims = parseClaims(claimsType, claimsParsers);
             tokenRequirements.setPrimaryClaims(requestedClaims);
             LOG.fine("Found Primary Claims token");
         } else if (QNameConstants.RENEWING.equals(jaxbElement.getName())) {
@@ -555,7 +554,7 @@ public class RequestParser {
                 keyRequirements.setKeyType(keyType);
             } else if ("Claims".equals(localName) && STSConstants.WST_NS_05_12.equals(namespace)) {
                 LOG.fine("Found Secondary Claims element");
-                RequestClaimCollection requestedClaims = parseClaims(child, claimsParsers);
+                ClaimCollection requestedClaims = parseClaims(child, claimsParsers);
                 tokenRequirements.setSecondaryClaims(requestedClaims);
             } else {
                 LOG.fine("Found unknown element: " + localName + " " + namespace);
@@ -565,11 +564,11 @@ public class RequestParser {
     }
     
     /**
-     * Create a RequestClaimCollection from a DOM Element
+     * Create a ClaimCollection from a DOM Element
      */
-    private RequestClaimCollection parseClaims(Element claimsElement, List<ClaimsParser> claimsParsers) {
+    private ClaimCollection parseClaims(Element claimsElement, List<ClaimsParser> claimsParsers) {
         String dialectAttr = null;
-        RequestClaimCollection requestedClaims = new RequestClaimCollection();
+        ClaimCollection requestedClaims = new ClaimCollection();
         try {
             dialectAttr = claimsElement.getAttributeNS(null, "Dialect");
             if (dialectAttr != null && !"".equals(dialectAttr)) {
@@ -585,7 +584,7 @@ public class RequestParser {
         
         Element childClaimType = DOMUtils.getFirstElement(claimsElement);
         while (childClaimType != null) {
-            RequestClaim requestClaim = parseChildClaimType(childClaimType, dialectAttr, claimsParsers);
+            Claim requestClaim = parseChildClaimType(childClaimType, dialectAttr, claimsParsers);
             if (requestClaim != null) {
                 requestedClaims.add(requestClaim);
             }
@@ -596,13 +595,13 @@ public class RequestParser {
     }
     
     /**
-     * Create a RequestClaimCollection from a JAXB ClaimsType object
+     * Create a ClaimCollection from a JAXB ClaimsType object
      */
-    private static RequestClaimCollection parseClaims(
+    private static ClaimCollection parseClaims(
         ClaimsType claimsType, List<ClaimsParser> claimsParsers
     ) {
         String dialectAttr = null;
-        RequestClaimCollection requestedClaims = new RequestClaimCollection();
+        ClaimCollection requestedClaims = new ClaimCollection();
         try {
             dialectAttr = claimsType.getDialect();
             if (dialectAttr != null && !"".equals(dialectAttr)) {
@@ -618,7 +617,7 @@ public class RequestParser {
         
         for (Object claim : claimsType.getAny()) {
             if (claim instanceof Element) {
-                RequestClaim requestClaim = parseChildClaimType((Element)claim, dialectAttr, claimsParsers);
+                Claim requestClaim = parseChildClaimType((Element)claim, dialectAttr, claimsParsers);
                 if (requestClaim != null) {
                     requestedClaims.add(requestClaim);
                 }
@@ -629,9 +628,9 @@ public class RequestParser {
     }
     
     /**
-     * Parse a child ClaimType into a RequestClaim object.
+     * Parse a child ClaimType into a Claim object.
      */
-    private static RequestClaim parseChildClaimType(
+    private static Claim parseChildClaimType(
         Element childClaimType, String dialect, List<ClaimsParser> claimsParsers
     ) {
         if (claimsParsers != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
index cf43411..68f9390 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/TokenRequirements.java
@@ -19,7 +19,7 @@
 package org.apache.cxf.sts.request;
 
 import org.w3c.dom.Element;
-import org.apache.cxf.sts.claims.RequestClaimCollection;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
 
 /**
  * This class contains values that have been extracted from a RequestSecurityToken corresponding to 
@@ -36,8 +36,8 @@ public class TokenRequirements {
     private ReceivedToken cancelTarget;
     private ReceivedToken renewTarget;
     private Lifetime lifetime;
-    private RequestClaimCollection primaryClaims;
-    private RequestClaimCollection secondaryClaims;
+    private ClaimCollection primaryClaims;
+    private ClaimCollection secondaryClaims;
     private Renewing renewing;
     
     public Renewing getRenewing() {
@@ -120,27 +120,19 @@ public class TokenRequirements {
         this.lifetime = lifetime;
     }
     
-    @Deprecated
-    public RequestClaimCollection getClaims() {
-        if (primaryClaims != null) {
-            return primaryClaims;
-        }
-        return secondaryClaims;
-    }
-    
-    public RequestClaimCollection getPrimaryClaims() {
+    public ClaimCollection getPrimaryClaims() {
         return primaryClaims;
     }
 
-    public void setPrimaryClaims(RequestClaimCollection primaryClaims) {
+    public void setPrimaryClaims(ClaimCollection primaryClaims) {
         this.primaryClaims = primaryClaims;
     }
 
-    public RequestClaimCollection getSecondaryClaims() {
+    public ClaimCollection getSecondaryClaims() {
         return secondaryClaims;
     }
 
-    public void setSecondaryClaims(RequestClaimCollection secondaryClaims) {
+    public void setSecondaryClaims(ClaimCollection secondaryClaims) {
         this.secondaryClaims = secondaryClaims;
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java
index 9f90333..35841b6 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java
@@ -24,9 +24,9 @@ import java.util.Map;
 
 import javax.xml.ws.WebServiceContext;
 
+import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.sts.STSPropertiesMBean;
 import org.apache.cxf.sts.claims.ClaimsManager;
-import org.apache.cxf.sts.claims.RequestClaimCollection;
 import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.service.EncryptionProperties;
@@ -43,8 +43,8 @@ public class TokenProviderParameters {
     private EncryptionProperties encryptionProperties;
     private Principal principal;
     private WebServiceContext webServiceContext;
-    private RequestClaimCollection requestedPrimaryClaims;
-    private RequestClaimCollection requestedSecondaryClaims;
+    private ClaimCollection requestedPrimaryClaims;
+    private ClaimCollection requestedSecondaryClaims;
     private KeyRequirements keyRequirements;
     private TokenRequirements tokenRequirements;
     private String appliesToAddress;
@@ -141,19 +141,19 @@ public class TokenProviderParameters {
         return realm;
     }
 
-    public RequestClaimCollection getRequestedPrimaryClaims() {
+    public ClaimCollection getRequestedPrimaryClaims() {
         return requestedPrimaryClaims;
     }
 
-    public void setRequestedPrimaryClaims(RequestClaimCollection requestedPrimaryClaims) {
+    public void setRequestedPrimaryClaims(ClaimCollection requestedPrimaryClaims) {
         this.requestedPrimaryClaims = requestedPrimaryClaims;
     }
 
-    public RequestClaimCollection getRequestedSecondaryClaims() {
+    public ClaimCollection getRequestedSecondaryClaims() {
         return requestedSecondaryClaims;
     }
 
-    public void setRequestedSecondaryClaims(RequestClaimCollection requestedSecondaryClaims) {
+    public void setRequestedSecondaryClaims(ClaimCollection requestedSecondaryClaims) {
         this.requestedSecondaryClaims = requestedSecondaryClaims;
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomAttributeProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomAttributeProvider.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomAttributeProvider.java
index 2f3d619..b965b33 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomAttributeProvider.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomAttributeProvider.java
@@ -24,10 +24,10 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
-import org.apache.cxf.sts.claims.Claim;
-import org.apache.cxf.sts.claims.ClaimCollection;
 import org.apache.cxf.sts.claims.ClaimsManager;
 import org.apache.cxf.sts.claims.ClaimsParameters;
+import org.apache.cxf.sts.claims.ProcessedClaim;
+import org.apache.cxf.sts.claims.ProcessedClaimCollection;
 import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.token.provider.AttributeStatementProvider;
@@ -58,7 +58,7 @@ public class CustomAttributeProvider implements AttributeStatementProvider {
         
         // Handle Claims
         ClaimsManager claimsManager = providerParameters.getClaimsManager();
-        ClaimCollection retrievedClaims = new ClaimCollection();
+        ProcessedClaimCollection retrievedClaims = new ProcessedClaimCollection();
         if (claimsManager != null) {
             ClaimsParameters params = new ClaimsParameters();
             params.setAdditionalProperties(providerParameters.getAdditionalProperties());
@@ -80,7 +80,7 @@ public class CustomAttributeProvider implements AttributeStatementProvider {
         }
         
         AttributeStatementBean attrBean = new AttributeStatementBean();
-        Iterator<Claim> claimIterator = retrievedClaims.iterator();
+        Iterator<ProcessedClaim> claimIterator = retrievedClaims.iterator();
         if (!claimIterator.hasNext()) {
             // If no Claims have been processed then create a default attribute
             AttributeBean attributeBean = createDefaultAttribute(tokenType);
@@ -88,7 +88,7 @@ public class CustomAttributeProvider implements AttributeStatementProvider {
         }
         
         while (claimIterator.hasNext()) {
-            Claim claim = claimIterator.next();
+            ProcessedClaim claim = claimIterator.next();
             AttributeBean attributeBean = createAttributeFromClaim(claim, tokenType);
             attributeList.add(attributeBean);
         }
@@ -173,7 +173,7 @@ public class CustomAttributeProvider implements AttributeStatementProvider {
     /**
      * Create an Attribute from a claim.
      */
-    private AttributeBean createAttributeFromClaim(Claim claim, String tokenType) {
+    private AttributeBean createAttributeFromClaim(ProcessedClaim claim, String tokenType) {
         AttributeBean attributeBean = new AttributeBean();
         if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
             || WSConstants.SAML2_NS.equals(tokenType)) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db6d5598/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimParser.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimParser.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimParser.java
index 83e2bc4..f460245 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimParser.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/CustomClaimParser.java
@@ -21,15 +21,14 @@ package org.apache.cxf.sts.common;
 import java.net.URI;
 
 import org.w3c.dom.Element;
-
+import org.apache.cxf.rt.security.claims.Claim;
 import org.apache.cxf.sts.claims.ClaimsParser;
-import org.apache.cxf.sts.claims.RequestClaim;
 
 public class CustomClaimParser implements ClaimsParser {
 
     public static final String CLAIMS_DIALECT = "http://my.custom.org/my/custom/namespace";
     
-    public RequestClaim parse(Element claim) {
+    public Claim parse(Element claim) {
         
         String claimLocalName = claim.getLocalName();
         String claimNS = claim.getNamespaceURI();
@@ -38,7 +37,7 @@ public class CustomClaimParser implements ClaimsParser {
             CustomRequestClaim response = new CustomRequestClaim();
             response.setClaimType(URI.create(claimTypeUri));
             String claimValue = claim.getAttributeNS(null, "value");
-            response.setClaimValue(claimValue);
+            response.addValue(claimValue);
             String scope = claim.getAttributeNS(null, "scope");
             response.setScope(scope);
             return response;
@@ -53,7 +52,11 @@ public class CustomClaimParser implements ClaimsParser {
     /**
      * Extends RequestClaim class to add additional attributes
      */
-    public class CustomRequestClaim extends RequestClaim {
+    public class CustomRequestClaim extends Claim {
+        /**
+         * 
+         */
+        private static final long serialVersionUID = 7407723714936495457L;
         private String scope;
         
         public String getScope() {


Mime
View raw message