cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/3] cxf git commit: Refactor of the STS core
Date Tue, 24 Mar 2015 12:17:09 GMT
Refactor of the STS core


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5f94e273
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5f94e273
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5f94e273

Branch: refs/heads/master
Commit: 5f94e273e7e8d99915eeda1189824f13488eb013
Parents: 6400b3c
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Mar 24 11:38:34 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Mar 24 12:17:01 2015 +0000

----------------------------------------------------------------------
 .../org/apache/cxf/sts/SignatureProperties.java |   4 +-
 .../org/apache/cxf/sts/StaticSTSProperties.java |  30 ++---
 .../cxf/sts/cache/EHCacheIdentityCache.java     |   2 +-
 .../cxf/sts/cache/MemoryIdentityCache.java      |   2 +-
 .../ClaimsAttributeStatementProvider.java       |   2 +-
 .../apache/cxf/sts/claims/ClaimsManager.java    |   2 +-
 .../cxf/sts/claims/LdapClaimsHandler.java       |   7 +-
 .../cxf/sts/claims/LdapGroupClaimsHandler.java  |   8 +-
 .../org/apache/cxf/sts/claims/LdapUtils.java    |   2 +-
 .../cxf/sts/claims/StaticClaimsHandler.java     |   2 +-
 .../cxf/sts/claims/mapper/ClaimUtils.java       |  12 +-
 .../cxf/sts/claims/mapper/JexlClaimsMapper.java |   2 +-
 .../apache/cxf/sts/event/map/EventMapper.java   |   6 +-
 .../cxf/sts/event/map/MapEventLogger.java       |   2 +-
 .../cxf/sts/operation/AbstractOperation.java    |  27 ++---
 .../cxf/sts/operation/TokenCancelOperation.java |   8 +-
 .../cxf/sts/operation/TokenIssueOperation.java  |  21 ++--
 .../cxf/sts/operation/TokenRenewOperation.java  |  14 +--
 .../sts/operation/TokenValidateOperation.java   |   8 +-
 .../DefaultSecurityTokenServiceProvider.java    |   6 +-
 .../apache/cxf/sts/request/RequestParser.java   |  33 +++---
 .../cxf/sts/request/RequestRequirements.java    |  44 +++++++
 .../cxf/sts/service/EncryptionProperties.java   |   4 +-
 .../apache/cxf/sts/service/StaticService.java   |   2 +-
 .../token/delegation/SAMLDelegationHandler.java |   2 +-
 .../provider/AbstractSAMLTokenProvider.java     | 118 +++++++++++++++++++
 .../DefaultAttributeStatementProvider.java      |  20 ++--
 .../provider/DefaultConditionsProvider.java     |   2 +-
 .../token/provider/DefaultSubjectProvider.java  |  12 +-
 .../sts/token/provider/SAMLTokenProvider.java   | 111 ++++-------------
 .../sts/token/provider/SamlCallbackHandler.java |  32 ++---
 .../sts/token/realm/CertConstraintsParser.java  |   4 +-
 .../sts/token/realm/RelationshipResolver.java   |   2 +-
 .../apache/cxf/sts/token/realm/SAMLRealm.java   |  31 ++---
 .../cxf/sts/token/renewer/SAMLTokenRenewer.java |  79 ++-----------
 .../sts/token/validator/SAMLTokenValidator.java |   2 +-
 .../cxf/sts/token/validator/SCTValidator.java   |   2 +-
 .../token/validator/UsernameTokenValidator.java |   2 +-
 .../cxf/sts/request/RequestParserUnitTest.java  |  12 +-
 39 files changed, 339 insertions(+), 342 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/SignatureProperties.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/SignatureProperties.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/SignatureProperties.java
index 73cbad3..6af2da5 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/SignatureProperties.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/SignatureProperties.java
@@ -30,8 +30,8 @@ import org.apache.wss4j.dom.WSConstants;
 public class SignatureProperties {
     private String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
     private String c14nAlgorithm = WSConstants.C14N_EXCL_OMIT_COMMENTS;
-    private List<String> acceptedSignatureAlgorithms = new ArrayList<String>();
-    private List<String> acceptedC14nAlgorithms = new ArrayList<String>();
+    private List<String> acceptedSignatureAlgorithms = new ArrayList<>();
+    private List<String> acceptedC14nAlgorithms = new ArrayList<>();
     private boolean useKeyValue;
     private long keySize = 256;
     private long minimumKeySize = 128;

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java
index afa611b..9a04be5 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/StaticSTSProperties.java
@@ -32,6 +32,7 @@ import org.apache.cxf.BusFactory;
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.sts.service.EncryptionProperties;
 import org.apache.cxf.sts.token.realm.Relationship;
 import org.apache.cxf.sts.token.realm.RelationshipResolver;
@@ -101,10 +102,15 @@ public class StaticSTSProperties implements STSPropertiesMBean {
         }
         
         if (callbackHandler == null && callbackHandlerClass != null) {
-            callbackHandler = getCallbackHandler(callbackHandlerClass);
-            if (callbackHandler == null) {
-                LOG.fine("Cannot load CallbackHandler using: " + callbackHandlerClass);
-                throw new STSException("Configuration error: cannot load callback handler");
+            try {
+                callbackHandler = SecurityUtils.getCallbackHandler(callbackHandlerClass);
+                if (callbackHandler == null) {
+                    LOG.fine("Cannot load CallbackHandler using: " + callbackHandlerClass);
+                    throw new STSException("Configuration error: cannot load callback handler");
+                }
+            } catch (WSSecurityException ex) {
+                LOG.fine("Error in loading the callback handler: " + ex.getMessage());
+                throw new STSException(ex.getMessage());
             }
         }
         WSSConfig.init();
@@ -366,22 +372,6 @@ public class StaticSTSProperties implements STSPropertiesMBean {
         return properties;
     }
     
-    private CallbackHandler getCallbackHandler(Object o) {
-        CallbackHandler handler = null;
-        if (o instanceof CallbackHandler) {
-            handler = (CallbackHandler)o;
-        } else if (o instanceof String) {
-            try {
-                handler = 
-                    (CallbackHandler)ClassLoaderUtils.loadClass((String)o, this.getClass()).newInstance();
-            } catch (Exception e) {
-                LOG.fine(e.getMessage());
-                handler = null;
-            }
-        }
-        return handler;
-    }
-
     public void setRelationships(List<Relationship> relationships) {
         this.relationships = relationships;
         this.relationshipResolver = new RelationshipResolver(this.relationships);

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java
index fea5c09..386f1c7 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/EHCacheIdentityCache.java
@@ -209,7 +209,7 @@ public class EHCacheIdentityCache
             // Identities object NOT found for key sourceUser@sourceRealm
             targetPrincipal = this.identityMapper.mapPrincipal(
                     sourceRealm, sourcePrincipal, targetRealm);
-            identities = new HashMap<String, String>();
+            identities = new HashMap<>();
             identities.put(sourceRealm, sourcePrincipal.getName());
             identities.put(targetRealm, targetPrincipal.getName());
             this.add(targetPrincipal.getName(), targetRealm, identities);

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java
index 58862ec..c18ccdd 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/cache/MemoryIdentityCache.java
@@ -191,7 +191,7 @@ public class MemoryIdentityCache implements IdentityCache, IdentityMapper, Manag
             // Identities object NOT found for key sourceUser@sourceRealm
             targetPrincipal = this.identityMapper.mapPrincipal(
                     sourceRealm, sourcePrincipal, targetRealm);
-            identities = new HashMap<String, String>();
+            identities = new HashMap<>();
             identities.put(sourceRealm, sourcePrincipal.getName());
             identities.put(targetRealm, targetPrincipal.getName());
             this.add(targetPrincipal.getName(), targetRealm, identities);

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
index e5b0468..39469d3 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsAttributeStatementProvider.java
@@ -74,7 +74,7 @@ public class ClaimsAttributeStatementProvider implements AttributeStatementProvi
             return null;
         }
                 
-        List<AttributeBean> attributeList = new ArrayList<AttributeBean>();
+        List<AttributeBean> attributeList = new ArrayList<>();
         String tokenType = providerParameters.getTokenRequirements().getTokenType();
         
         AttributeStatementBean attrBean = new AttributeStatementBean();

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
index ef23fed..b22ecfc 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
@@ -50,7 +50,7 @@ public class ClaimsManager {
 
     private List<ClaimsParser> claimParsers;
     private List<ClaimsHandler> claimHandlers;
-    private List<URI> supportedClaimTypes = new ArrayList<URI>();
+    private List<URI> supportedClaimTypes = new ArrayList<>();
     private boolean stopProcessingOnException = true;
     private IdentityMapper identityMapper;
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
index e34b69a..9572edc 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
@@ -174,7 +174,7 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
             AttributesMapper mapper = 
                 new AttributesMapper() {
                     public Object mapFromAttributes(Attributes attrs) throws NamingException {
-                        Map<String, Attribute> map = new HashMap<String, Attribute>();
+                        Map<String, Attribute> map = new HashMap<>();
                         NamingEnumeration<? extends Attribute> attrEnum = attrs.getAll();
                         while (attrEnum.hasMore()) {
                             Attribute att = attrEnum.next();
@@ -187,7 +187,7 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
             Object result = ldap.lookup(user, mapper);
             ldapAttributes = CastUtils.cast((Map<?, ?>)result);
         } else {
-            List<String> searchAttributeList = new ArrayList<String>();
+            List<String> searchAttributeList = new ArrayList<>();
             for (Claim claim : claims) {
                 if (getClaimsLdapAttributeMapping().keySet().contains(claim.getClaimType().toString())) {
                     searchAttributeList.add(
@@ -200,8 +200,7 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
                 }
             }
 
-            String[] searchAttributes = null;
-            searchAttributes = searchAttributeList.toArray(new String[searchAttributeList.size()]);
+            String[] searchAttributes = searchAttributeList.toArray(new String[searchAttributeList.size()]);
             
             if (this.userBaseDNs == null || this.userBaseDn != null) {
                 ldapAttributes = LdapUtils.getAttributesOfEntry(ldap, this.userBaseDn, this.getObjectClass(), this

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
index f94abf6..21cf925 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
@@ -167,7 +167,7 @@ public class LdapGroupClaimsHandler implements ClaimsHandler, RealmSupport {
     }
     
     public List<URI> getSupportedClaimTypes() {
-        List<URI> list = new ArrayList<URI>();
+        List<URI> list = new ArrayList<>();
         try {
             list.add(new URI(this.groupURI));
         } catch (URISyntaxException e) {
@@ -228,8 +228,8 @@ public class LdapGroupClaimsHandler implements ClaimsHandler, RealmSupport {
             LOG.finer("Retrieve groups for user " + user);
         }
         
-        List<String> groups = null;
-        groups = LdapUtils.getAttributeOfEntries(ldap, this.groupBaseDn, this.getGroupObjectClass(),
+        List<String> groups = 
+            LdapUtils.getAttributeOfEntries(ldap, this.groupBaseDn, this.getGroupObjectClass(),
                                                             this.groupMemberAttribute, user, "cn");
         
         if (groups == null || groups.size() == 0) {
@@ -265,7 +265,7 @@ public class LdapGroupClaimsHandler implements ClaimsHandler, RealmSupport {
             scopePattern = Pattern.compile(regex);
         }
         
-        List<String> filteredGroups = new ArrayList<String>();
+        List<String> filteredGroups = new ArrayList<>();
         for (String group: groups) {
             if (scopePattern != null && scopePattern.matcher(group).matches()) {
                 //Group matches the scoped filter

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java
index 4d100d4..76c78fb 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java
@@ -65,7 +65,7 @@ public final class LdapUtils {
         AttributesMapper mapper = 
             new AttributesMapper() {
                 public Object mapFromAttributes(Attributes attrs) throws NamingException {
-                    Map<String, Attribute> map = new HashMap<String, Attribute>();
+                    Map<String, Attribute> map = new HashMap<>();
                     NamingEnumeration<? extends Attribute> attrEnum = attrs.getAll();
                     while (attrEnum.hasMore()) {
                         Attribute att = attrEnum.next();

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java
index ef90dc3..9df80e3 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/StaticClaimsHandler.java
@@ -47,7 +47,7 @@ public class StaticClaimsHandler implements ClaimsHandler {
 
     
     public List<URI> getSupportedClaimTypes() {
-        List<URI> uriList = new ArrayList<URI>();
+        List<URI> uriList = new ArrayList<>();
         for (String uri : getGlobalClaims().keySet()) {
             try {
                 uriList.add(new URI(uri));

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
index 2ff19c1..008f221 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
@@ -187,7 +187,7 @@ public class ClaimUtils {
         if (processedClaim != null) {
             resultClaim = processedClaim.clone();
             List<Object> values = resultClaim.getValues();
-            List<Object> filteredValues = new ArrayList<Object>();
+            List<Object> filteredValues = new ArrayList<>();
 
             if (values == null || filter == null) {
                 resultClaim.setValues(filteredValues);
@@ -293,7 +293,7 @@ public class ClaimUtils {
             resultClaim = processedClaim.clone();
             if (resultClaim.getValues() != null) {
                 List<Object> oldValues = resultClaim.getValues();
-                List<Object> newValues = new ArrayList<Object>();
+                List<Object> newValues = new ArrayList<>();
                 for (Object value : oldValues) {
                     newValues.add(value.toString().toUpperCase());
                 }
@@ -314,7 +314,7 @@ public class ClaimUtils {
             resultClaim = processedClaim.clone();
             if (resultClaim.getValues() != null) {
                 List<Object> oldValues = resultClaim.getValues();
-                List<Object> newValues = new ArrayList<Object>();
+                List<Object> newValues = new ArrayList<>();
                 for (Object value : oldValues) {
                     newValues.add(value.toString().toLowerCase());
                 }
@@ -343,7 +343,7 @@ public class ClaimUtils {
             resultClaim = processedClaim.clone();
             if (resultClaim.getValues() != null) {
                 List<Object> oldValues = resultClaim.getValues();
-                List<Object> newValues = new ArrayList<Object>();
+                List<Object> newValues = new ArrayList<>();
                 for (Object value : oldValues) {
                     newValues.add(prefix + value.toString() + suffix);
                 }
@@ -370,7 +370,7 @@ public class ClaimUtils {
             resultClaim = processedClaim.clone();
             if (resultClaim.getValues() != null) {
                 List<Object> oldValues = resultClaim.getValues();
-                List<Object> newValues = new ArrayList<Object>();
+                List<Object> newValues = new ArrayList<>();
                 for (Object value : oldValues) {
                     String multivalue = value.toString();
                     StringTokenizer st = new StringTokenizer(multivalue, delimiter);
@@ -430,7 +430,7 @@ public class ClaimUtils {
             resultClaim = processedClaim.clone();
             if (resultClaim.getValues() != null) {
                 List<Object> oldValues = resultClaim.getValues();
-                Set<Object> distincValues = new LinkedHashSet<Object>(oldValues);
+                Set<Object> distincValues = new LinkedHashSet<>(oldValues);
                 resultClaim.getValues().clear();
                 resultClaim.getValues().addAll(distincValues);
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
index 47a97d0..6cffe2e 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
@@ -48,7 +48,7 @@ public class JexlClaimsMapper implements ClaimsMapper {
         // jexl.setLenient(false);
         jexlEngine.setSilent(false);
 
-        Map<String, Object> functions = new HashMap<String, Object>();
+        Map<String, Object> functions = new HashMap<>();
         functions.put("claims", new ClaimUtils());
         jexlEngine.setFunctions(functions);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java
index 0169941..97cc9e2 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/EventMapper.java
@@ -53,7 +53,7 @@ public class EventMapper implements STSEventListener {
 
     @Override
     public void handleSTSEvent(AbstractSTSEvent event) {
-        Map<String, Object> map = new HashMap<String, Object>();
+        Map<String, Object> map = new HashMap<>();
         map.put(KEYS.TIME.name(), new Date(event.getTimestamp()));
         map.put(KEYS.OPERATION.name(), event.getOperation());
         map.put(KEYS.DURATION.name(), String.valueOf(event.getDuration()) + "ms");
@@ -116,14 +116,14 @@ public class EventMapper implements STSEventListener {
         map.put(KEYS.APPLIESTO.name(), params.getAppliesToAddress());
 
         if (params.getRequestedPrimaryClaims() != null) {
-            List<String> claims = new ArrayList<String>();
+            List<String> claims = new ArrayList<>();
             for (Claim claim : params.getRequestedPrimaryClaims()) {
                 claims.add(claim.getClaimType().toString());
             }
             map.put(KEYS.CLAIMS_PRIMARY.name(), claims.toString());
         }
         if (params.getRequestedSecondaryClaims() != null) {
-            List<String> claims = new ArrayList<String>();
+            List<String> claims = new ArrayList<>();
             for (Claim claim : params.getRequestedSecondaryClaims()) {
                 claims.add(claim.getClaimType().toString());
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/MapEventLogger.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/MapEventLogger.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/MapEventLogger.java
index 958d1d6..d69f1c5 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/MapEventLogger.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/event/map/MapEventLogger.java
@@ -33,7 +33,7 @@ import org.apache.cxf.common.logging.LogUtils;
 public class MapEventLogger implements MapEventListener {
     private static final Logger LOG = LogUtils.getL7dLogger(MapEventLogger.class);
     
-    private List<String> fieldOrder = new ArrayList<String>();
+    private List<String> fieldOrder = new ArrayList<>();
     private boolean logStacktrace;
     private boolean logFieldname;
     private Level logLevel = Level.FINE;

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
index 40c8189..0ee5a6c 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
@@ -53,6 +53,7 @@ import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.cxf.sts.request.ReceivedToken.STATE;
 import org.apache.cxf.sts.request.RequestParser;
+import org.apache.cxf.sts.request.RequestRequirements;
 import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.service.EncryptionProperties;
 import org.apache.cxf.sts.service.ServiceMBean;
@@ -106,13 +107,13 @@ public abstract class AbstractOperation {
     protected STSPropertiesMBean stsProperties;
     protected boolean encryptIssuedToken;
     protected List<ServiceMBean> services;
-    protected List<TokenProvider> tokenProviders = new ArrayList<TokenProvider>();
-    protected List<TokenValidator> tokenValidators = new ArrayList<TokenValidator>();
+    protected List<TokenProvider> tokenProviders = new ArrayList<>();
+    protected List<TokenValidator> tokenValidators = new ArrayList<>();
     protected boolean returnReferences = true;
     protected TokenStore tokenStore;
     protected ClaimsManager claimsManager = new ClaimsManager();
     protected STSEventListener eventPublisher;
-    protected List<TokenDelegationHandler> delegationHandlers = new ArrayList<TokenDelegationHandler>();
+    protected List<TokenDelegationHandler> delegationHandlers = new ArrayList<>();
     
     public boolean isReturnReferences() {
         return returnReferences;
@@ -177,7 +178,7 @@ public abstract class AbstractOperation {
     /**
      * Check the arguments from the STSProvider and parse the request.
      */
-    protected RequestParser parseRequest(
+    protected RequestRequirements parseRequest(
         RequestSecurityTokenType request,
         WebServiceContext context
     ) {
@@ -191,9 +192,7 @@ public abstract class AbstractOperation {
         stsProperties.configureProperties();
         
         RequestParser requestParser = new RequestParser();
-        requestParser.parseRequest(request, context, stsProperties, claimsManager.getClaimParsers());
-        
-        return requestParser;
+        return requestParser.parseRequest(request, context, stsProperties, claimsManager.getClaimParsers());
     }
     
     /**
@@ -461,7 +460,7 @@ public abstract class AbstractOperation {
      * Create a TokenProviderParameters object given a RequestParser and WebServiceContext object
      */
     protected TokenProviderParameters createTokenProviderParameters(
-        RequestParser requestParser, WebServiceContext context
+        RequestRequirements requestRequirements, WebServiceContext context
     ) {
         TokenProviderParameters providerParameters = new TokenProviderParameters();
         providerParameters.setStsProperties(stsProperties);
@@ -469,8 +468,8 @@ public abstract class AbstractOperation {
         providerParameters.setWebServiceContext(context);
         providerParameters.setTokenStore(getTokenStore());
         
-        KeyRequirements keyRequirements = requestParser.getKeyRequirements();
-        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
+        KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
+        TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
         providerParameters.setKeyRequirements(keyRequirements);
         providerParameters.setTokenRequirements(tokenRequirements);
         
@@ -630,7 +629,7 @@ public abstract class AbstractOperation {
     }
     
     protected void performDelegationHandling(
-        RequestParser requestParser, WebServiceContext context, ReceivedToken token,
+        RequestRequirements requestRequirements, WebServiceContext context, ReceivedToken token,
         Principal tokenPrincipal, Set<Principal> tokenRoles
     ) {
         TokenDelegationParameters delegationParameters = new TokenDelegationParameters();
@@ -641,8 +640,8 @@ public abstract class AbstractOperation {
         delegationParameters.setTokenPrincipal(tokenPrincipal);
         delegationParameters.setTokenRoles(tokenRoles);
         
-        KeyRequirements keyRequirements = requestParser.getKeyRequirements();
-        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
+        KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
+        TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
         delegationParameters.setKeyRequirements(keyRequirements);
         delegationParameters.setTokenRequirements(tokenRequirements);
         
@@ -676,7 +675,7 @@ public abstract class AbstractOperation {
     
     protected void checkClaimsSupport(ClaimCollection requestedClaims) {
         if (requestedClaims != null) {
-            List<URI> unhandledClaimTypes = new ArrayList<URI>();
+            List<URI> unhandledClaimTypes = new ArrayList<>();
             for (Claim requestedClaim : requestedClaims) {
                 if (!claimsManager.getSupportedClaimTypes().contains(requestedClaim.getClaimType()) 
                         && !requestedClaim.isOptional()) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenCancelOperation.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenCancelOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenCancelOperation.java
index e52ba21..1194952 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenCancelOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenCancelOperation.java
@@ -35,7 +35,7 @@ import org.apache.cxf.sts.event.STSCancelSuccessEvent;
 import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.cxf.sts.request.ReceivedToken.STATE;
-import org.apache.cxf.sts.request.RequestParser;
+import org.apache.cxf.sts.request.RequestRequirements;
 import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.token.canceller.TokenCanceller;
 import org.apache.cxf.sts.token.canceller.TokenCancellerParameters;
@@ -71,10 +71,10 @@ public class TokenCancelOperation extends AbstractOperation implements CancelOpe
         TokenCancellerParameters cancellerParameters = new TokenCancellerParameters();
         
         try {
-            RequestParser requestParser = parseRequest(request, context);
+            RequestRequirements requestRequirements = parseRequest(request, context);
             
-            KeyRequirements keyRequirements = requestParser.getKeyRequirements();
-            TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
+            KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
+            TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
             
             cancellerParameters.setStsProperties(stsProperties);
             cancellerParameters.setPrincipal(context.getUserPrincipal());

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
index 3ca5d22..e449152 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
@@ -40,7 +40,7 @@ import org.apache.cxf.sts.event.STSIssueSuccessEvent;
 import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.cxf.sts.request.ReceivedToken.STATE;
-import org.apache.cxf.sts.request.RequestParser;
+import org.apache.cxf.sts.request.RequestRequirements;
 import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.service.EncryptionProperties;
 import org.apache.cxf.sts.token.provider.TokenProvider;
@@ -111,9 +111,9 @@ public class TokenIssueOperation extends AbstractOperation implements IssueOpera
         long start = System.currentTimeMillis();
         TokenProviderParameters providerParameters = new TokenProviderParameters();
         try {
-            RequestParser requestParser = parseRequest(request, context);
+            RequestRequirements requestRequirements = parseRequest(request, context);
     
-            providerParameters = createTokenProviderParameters(requestParser, context);
+            providerParameters = createTokenProviderParameters(requestRequirements, context);
     
             // Check if the requested claims can be handled by the configured claim handlers
             ClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
@@ -124,7 +124,7 @@ public class TokenIssueOperation extends AbstractOperation implements IssueOpera
             
             String realm = providerParameters.getRealm();
     
-            TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
+            TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
             String tokenType = tokenRequirements.getTokenType();
     
             if (stsProperties.getSamlRealmCodec() != null) {
@@ -153,14 +153,14 @@ public class TokenIssueOperation extends AbstractOperation implements IssueOpera
             if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
                 ReceivedToken validateTarget = providerParameters.getTokenRequirements().getOnBehalfOf();
                 handleDelegationToken(validateTarget, providerParameters, context, 
-                                      realm, tokenRequirements, requestParser);
+                                      realm, requestRequirements);
             }
             
             // See whether ActAs is allowed or not
             if (providerParameters.getTokenRequirements().getActAs() != null) {
                 ReceivedToken validateTarget = providerParameters.getTokenRequirements().getActAs();
                 handleDelegationToken(validateTarget, providerParameters, context, 
-                                      realm, tokenRequirements, requestParser);
+                                      realm, requestRequirements);
             }
     
             // create token
@@ -194,7 +194,7 @@ public class TokenIssueOperation extends AbstractOperation implements IssueOpera
             }
             // prepare response
             try {
-                KeyRequirements keyRequirements = requestParser.getKeyRequirements();
+                KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
                 EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
                 RequestSecurityTokenResponseType response = 
                     createResponse(
@@ -223,11 +223,10 @@ public class TokenIssueOperation extends AbstractOperation implements IssueOpera
         TokenProviderParameters providerParameters,
         WebServiceContext context,
         String realm,
-        TokenRequirements tokenRequirements,
-        RequestParser requestParser
+        RequestRequirements requestRequirements
     ) {
         TokenValidatorResponse tokenResponse = validateReceivedToken(
-                context, realm, tokenRequirements, validateTarget);
+                context, realm, requestRequirements.getTokenRequirements(), validateTarget);
 
         if (tokenResponse == null) {
             LOG.fine("No Token Validator has been found that can handle this token");
@@ -255,7 +254,7 @@ public class TokenIssueOperation extends AbstractOperation implements IssueOpera
         }
         
         // See whether OnBehalfOf/ActAs is allowed or not
-        performDelegationHandling(requestParser, context, validateTarget, tokenPrincipal, tokenRoles);
+        performDelegationHandling(requestRequirements, context, validateTarget, tokenPrincipal, tokenRoles);
     }
 
     private RequestSecurityTokenResponseType createResponse(

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java
index 58edc4e..e7cba56 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java
@@ -36,7 +36,7 @@ import org.apache.cxf.sts.event.STSRenewSuccessEvent;
 import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.cxf.sts.request.ReceivedToken.STATE;
-import org.apache.cxf.sts.request.RequestParser;
+import org.apache.cxf.sts.request.RequestRequirements;
 import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.service.EncryptionProperties;
 import org.apache.cxf.sts.token.provider.TokenProviderParameters;
@@ -78,10 +78,10 @@ public class TokenRenewOperation extends AbstractOperation implements RenewOpera
         TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
         
         try {
-            RequestParser requestParser = parseRequest(request, context);
+            RequestRequirements requestRequirements = parseRequest(request, context);
     
-            KeyRequirements keyRequirements = requestParser.getKeyRequirements();
-            TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
+            KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
+            TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
             
             renewerParameters.setStsProperties(stsProperties);
             renewerParameters.setPrincipal(context.getUserPrincipal());
@@ -138,7 +138,7 @@ public class TokenRenewOperation extends AbstractOperation implements RenewOpera
             // Renew the token
             //
             TokenRenewerResponse tokenRenewerResponse = null;
-            renewerParameters = createTokenRenewerParameters(requestParser, context);
+            renewerParameters = createTokenRenewerParameters(requestRequirements, context);
             Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
             if (additionalProperties != null) {
                 renewerParameters.setAdditionalProperties(additionalProperties);
@@ -288,10 +288,10 @@ public class TokenRenewOperation extends AbstractOperation implements RenewOpera
     }
 
     private TokenRenewerParameters createTokenRenewerParameters(
-        RequestParser requestParser, WebServiceContext context
+        RequestRequirements requestRequirements, WebServiceContext context
     ) {
         TokenProviderParameters providerParameters = 
-            createTokenProviderParameters(requestParser, context);
+            createTokenProviderParameters(requestRequirements, context);
         
         TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
         renewerParameters.setAppliesToAddress(providerParameters.getAppliesToAddress());

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
index fb326ea..7450542 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
@@ -35,7 +35,7 @@ import org.apache.cxf.sts.event.STSValidateFailureEvent;
 import org.apache.cxf.sts.event.STSValidateSuccessEvent;
 import org.apache.cxf.sts.request.ReceivedToken;
 import org.apache.cxf.sts.request.ReceivedToken.STATE;
-import org.apache.cxf.sts.request.RequestParser;
+import org.apache.cxf.sts.request.RequestRequirements;
 import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.token.provider.TokenProvider;
 import org.apache.cxf.sts.token.provider.TokenProviderParameters;
@@ -68,9 +68,9 @@ public class TokenValidateOperation extends AbstractOperation implements Validat
         TokenValidatorParameters validatorParameters = new TokenValidatorParameters();
         
         try {
-            RequestParser requestParser = parseRequest(request, context);
+            RequestRequirements requestRequirements = parseRequest(request, context);
             
-            TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
+            TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
             
             validatorParameters.setStsProperties(stsProperties);
             validatorParameters.setPrincipal(context.getUserPrincipal());
@@ -120,7 +120,7 @@ public class TokenValidateOperation extends AbstractOperation implements Validat
             if (tokenResponse.getToken().getState() == STATE.VALID 
                 && !STSConstants.STATUS.equals(tokenType)) {
                 TokenProviderParameters providerParameters = 
-                     createTokenProviderParameters(requestParser, context);
+                     createTokenProviderParameters(requestRequirements, context);
                 
                 processValidToken(providerParameters, validateTarget, tokenResponse);
                 

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/provider/DefaultSecurityTokenServiceProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/provider/DefaultSecurityTokenServiceProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/provider/DefaultSecurityTokenServiceProvider.java
index 27f4bd1..084503e 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/provider/DefaultSecurityTokenServiceProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/provider/DefaultSecurityTokenServiceProvider.java
@@ -123,7 +123,7 @@ public class DefaultSecurityTokenServiceProvider extends SecurityTokenServicePro
         TokenRenewOperation renewOperation = new TokenRenewOperation();
         populateAbstractOperation(renewOperation);
         
-        List<TokenRenewer> tokenRenewers = new ArrayList<TokenRenewer>();
+        List<TokenRenewer> tokenRenewers = new ArrayList<>();
         tokenRenewers.add(new SAMLTokenRenewer());
         renewOperation.setTokenRenewers(tokenRenewers);
         
@@ -131,10 +131,10 @@ public class DefaultSecurityTokenServiceProvider extends SecurityTokenServicePro
     }
     
     private void populateAbstractOperation(AbstractOperation abstractOperation) {
-        List<TokenProvider> tokenProviders = new ArrayList<TokenProvider>();
+        List<TokenProvider> tokenProviders = new ArrayList<>();
         tokenProviders.add(new SAMLTokenProvider());
         
-        List<TokenValidator> tokenValidators = new ArrayList<TokenValidator>();
+        List<TokenValidator> tokenValidators = new ArrayList<>();
         tokenValidators.add(new SAMLTokenValidator());
         tokenValidators.add(new UsernameTokenValidator());
         tokenValidators.add(new X509TokenValidator());

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
index 2c4c9eb..201ffc4 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestParser.java
@@ -96,17 +96,14 @@ public class RequestParser {
     
     private static final Logger LOG = LogUtils.getL7dLogger(RequestParser.class);
     
-    private KeyRequirements keyRequirements = new KeyRequirements();
-    private TokenRequirements tokenRequirements = new TokenRequirements();
-
-    public void parseRequest(
+    public RequestRequirements parseRequest(
         RequestSecurityTokenType request, WebServiceContext wsContext, STSPropertiesMBean stsProperties, 
         List<ClaimsParser> claimsParsers
     ) throws STSException {
         LOG.fine("Parsing RequestSecurityToken");
         
-        keyRequirements = new KeyRequirements();
-        tokenRequirements = new TokenRequirements();
+        KeyRequirements keyRequirements = new KeyRequirements();
+        TokenRequirements tokenRequirements = new TokenRequirements();
         
         for (Object requestObject : request.getAny()) {
             // JAXB types
@@ -139,7 +136,7 @@ public class RequestParser {
                 Element element = (Element)requestObject;
                 if (STSConstants.WST_NS_05_12.equals(element.getNamespaceURI())
                     && "SecondaryParameters".equals(element.getLocalName())) {
-                    parseSecondaryParameters(element, claimsParsers);
+                    parseSecondaryParameters(element, claimsParsers, tokenRequirements, keyRequirements);
                 } else if ("AppliesTo".equals(element.getLocalName())
                     && (STSConstants.WSP_NS.equals(element.getNamespaceURI())
                         || STSConstants.WSP_NS_04.equals(element.getNamespaceURI()))) {
@@ -165,14 +162,12 @@ public class RequestParser {
         String context = request.getContext();
         tokenRequirements.setContext(context);
         LOG.fine("Received Context attribute: " + context);
-    }
-    
-    public KeyRequirements getKeyRequirements() {
-        return keyRequirements;
-    }
-    
-    public TokenRequirements getTokenRequirements() {
-        return tokenRequirements;
+        
+        RequestRequirements requestRequirements = new RequestRequirements();
+        requestRequirements.setKeyRequirements(keyRequirements);
+        requestRequirements.setTokenRequirements(tokenRequirements);
+        
+        return requestRequirements;
     }
     
     /**
@@ -436,7 +431,7 @@ public class RequestParser {
         if (participantsType.getParticipant() != null 
             && !participantsType.getParticipant().isEmpty()) {
             List<Object> secondaryParticipants = 
-                new ArrayList<Object>(participantsType.getParticipant().size());
+                new ArrayList<>(participantsType.getParticipant().size());
             for (ParticipantType secondaryParticipant : participantsType.getParticipant()) {
                 secondaryParticipants.add(secondaryParticipant.getAny());
             }
@@ -469,8 +464,7 @@ public class RequestParser {
         }
 
         try {
-            KeyInfo keyInfo = 
-                keyInfoFactory.unmarshalKeyInfo(new DOMStructure(keyInfoElement));
+            KeyInfo keyInfo = keyInfoFactory.unmarshalKeyInfo(new DOMStructure(keyInfoElement));
             List<?> list = keyInfo.getContent();
 
             for (int i = 0; i < list.size(); i++) {
@@ -563,7 +557,8 @@ public class RequestParser {
      * direct children of the RequestSecurityToken element. 
      * @param secondaryParameters the secondaryParameters element to parse
      */
-    private void parseSecondaryParameters(Element secondaryParameters, List<ClaimsParser> claimsParsers) {
+    private void parseSecondaryParameters(Element secondaryParameters, List<ClaimsParser> claimsParsers,
+                                          TokenRequirements tokenRequirements, KeyRequirements keyRequirements) {
         LOG.fine("Found SecondaryParameters element");
         Element child = DOMUtils.getFirstElement(secondaryParameters);
         while (child != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestRequirements.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestRequirements.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestRequirements.java
new file mode 100644
index 0000000..b625468
--- /dev/null
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/RequestRequirements.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.request;
+
+/**
+ * This class contains values that have been extracted from the request
+ */
+public class RequestRequirements {
+    private TokenRequirements tokenRequirements;
+    private KeyRequirements keyRequirements;
+    
+    public TokenRequirements getTokenRequirements() {
+        return tokenRequirements;
+    }
+    
+    public void setTokenRequirements(TokenRequirements tokenRequirements) {
+        this.tokenRequirements = tokenRequirements;
+    }
+    
+    public KeyRequirements getKeyRequirements() {
+        return keyRequirements;
+    }
+    
+    public void setKeyRequirements(KeyRequirements keyRequirements) {
+        this.keyRequirements = keyRequirements;
+    }
+    
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/EncryptionProperties.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/EncryptionProperties.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/EncryptionProperties.java
index 6fbc093..86a47b6 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/EncryptionProperties.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/EncryptionProperties.java
@@ -32,8 +32,8 @@ public class EncryptionProperties {
     private String encryptionAlgorithm = WSConstants.AES_256;
     private String keyWrapAlgorithm = WSConstants.KEYTRANSPORT_RSAOEP;
     private int keyIdentifierType = WSConstants.ISSUER_SERIAL;
-    private List<String> acceptedEncryptionAlgorithms = new ArrayList<String>();
-    private List<String> acceptedKeyWrapAlgorithms = new ArrayList<String>();
+    private List<String> acceptedEncryptionAlgorithms = new ArrayList<>();
+    private List<String> acceptedKeyWrapAlgorithms = new ArrayList<>();
     private String encryptionName;
     
     public EncryptionProperties() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/StaticService.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/StaticService.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/StaticService.java
index 8d309a4..cfd7ffd 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/StaticService.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/StaticService.java
@@ -43,7 +43,7 @@ public class StaticService implements ServiceMBean {
     /**
      * a collection of compiled regular expression patterns
      */
-    private final Collection<Pattern> endpointPatterns = new ArrayList<Pattern>();
+    private final Collection<Pattern> endpointPatterns = new ArrayList<>();
     
     /**
      * Return true if the supplied address corresponds to a known address for this service

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
index d0d0ae7..5a59c91 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/delegation/SAMLDelegationHandler.java
@@ -112,7 +112,7 @@ public class SAMLDelegationHandler implements TokenDelegationHandler {
     }
     
     protected List<String> getAudienceRestrictions(SamlAssertionWrapper assertion) {
-        List<String> addresses = new ArrayList<String>();
+        List<String> addresses = new ArrayList<>();
         if (assertion.getSaml1() != null) {
             for (AudienceRestrictionCondition restriction 
                 : assertion.getSaml1().getConditions().getAudienceRestrictionConditions()) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/AbstractSAMLTokenProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/AbstractSAMLTokenProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/AbstractSAMLTokenProvider.java
new file mode 100644
index 0000000..a798d43
--- /dev/null
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/AbstractSAMLTokenProvider.java
@@ -0,0 +1,118 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.provider;
+
+import java.util.List;
+import java.util.logging.Logger;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.SignatureProperties;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.token.realm.SAMLRealm;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+
+/**
+ * Some abstract functionality for creating a SAML token
+ */
+public abstract class AbstractSAMLTokenProvider {
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(AbstractSAMLTokenProvider.class);
+    
+    protected void signToken(
+        SamlAssertionWrapper assertion, 
+        SAMLRealm samlRealm,
+        STSPropertiesMBean stsProperties,
+        KeyRequirements keyRequirements
+    ) throws Exception {
+        // Initialise signature objects with defaults of STSPropertiesMBean
+        Crypto signatureCrypto = stsProperties.getSignatureCrypto();
+        CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
+        SignatureProperties signatureProperties = stsProperties.getSignatureProperties();
+        String alias = stsProperties.getSignatureUsername();
+
+        if (samlRealm != null) {
+            // If SignatureCrypto configured in realm then
+            // callbackhandler and alias of STSPropertiesMBean is ignored
+            if (samlRealm.getSignatureCrypto() != null) {
+                LOG.fine("SAMLRealm signature keystore used");
+                signatureCrypto = samlRealm.getSignatureCrypto();
+                callbackHandler = samlRealm.getCallbackHandler();
+                alias = samlRealm.getSignatureAlias();
+            }
+            // SignatureProperties can be defined independently of SignatureCrypto
+            if (samlRealm.getSignatureProperties() != null) {
+                signatureProperties = samlRealm.getSignatureProperties();
+            }
+        }
+
+        // Get the signature algorithm to use
+        String signatureAlgorithm = keyRequirements.getSignatureAlgorithm();
+        if (signatureAlgorithm == null) {
+            // If none then default to what is configured
+            signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
+        } else {
+            List<String> supportedAlgorithms = 
+                signatureProperties.getAcceptedSignatureAlgorithms();
+            if (!supportedAlgorithms.contains(signatureAlgorithm)) {
+                signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
+                LOG.fine("SignatureAlgorithm not supported, defaulting to: " + signatureAlgorithm);
+            }
+        }
+
+        // Get the c14n algorithm to use
+        String c14nAlgorithm = keyRequirements.getC14nAlgorithm();
+        if (c14nAlgorithm == null) {
+            // If none then default to what is configured
+            c14nAlgorithm = signatureProperties.getC14nAlgorithm();
+        } else {
+            List<String> supportedAlgorithms = 
+                signatureProperties.getAcceptedC14nAlgorithms();
+            if (!supportedAlgorithms.contains(c14nAlgorithm)) {
+                c14nAlgorithm = signatureProperties.getC14nAlgorithm();
+                LOG.fine("C14nAlgorithm not supported, defaulting to: " + c14nAlgorithm);
+            }
+        }
+
+        // If alias not defined, get the default of the SignatureCrypto
+        if ((alias == null || "".equals(alias)) && (signatureCrypto != null)) {
+            alias = signatureCrypto.getDefaultX509Identifier();
+            LOG.fine("Signature alias is null so using default alias: " + alias);
+        }
+        // Get the password
+        WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
+        LOG.fine("Creating SAML Token");
+        callbackHandler.handle(cb);
+        String password = cb[0].getPassword();
+
+        LOG.fine("Signing SAML Token");
+        boolean useKeyValue = signatureProperties.isUseKeyValue();
+        assertion.signAssertion(
+            alias, password, signatureCrypto, useKeyValue, c14nAlgorithm, signatureAlgorithm,
+            signatureProperties.getDigestAlgorithm()
+        );
+    }
+    
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
index 6088a34..b5807c9 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultAttributeStatementProvider.java
@@ -47,7 +47,7 @@ public class DefaultAttributeStatementProvider implements AttributeStatementProv
      */
     public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
         AttributeStatementBean attrBean = new AttributeStatementBean();
-        List<AttributeBean> attributeList = new ArrayList<AttributeBean>();
+        List<AttributeBean> attributeList = new ArrayList<>();
 
         TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
         String tokenType = tokenRequirements.getTokenType();
@@ -78,13 +78,13 @@ public class DefaultAttributeStatementProvider implements AttributeStatementProv
     private AttributeBean createDefaultAttribute(String tokenType) {
         AttributeBean attributeBean = new AttributeBean();
 
-        if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
-            || WSConstants.SAML2_NS.equals(tokenType)) {
-            attributeBean.setQualifiedName("token-requestor");
-            attributeBean.setNameFormat("http://cxf.apache.org/sts");
-        } else {
+        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+            || WSConstants.SAML_NS.equals(tokenType)) {
             attributeBean.setSimpleName("token-requestor");
             attributeBean.setQualifiedName("http://cxf.apache.org/sts");
+        } else {
+            attributeBean.setQualifiedName("token-requestor");
+            attributeBean.setNameFormat("http://cxf.apache.org/sts");
         }
         
         attributeBean.addAttributeValue("authenticated");
@@ -102,12 +102,12 @@ public class DefaultAttributeStatementProvider implements AttributeStatementProv
         AttributeBean parameterBean = new AttributeBean();
 
         String claimType = "ActAs";
-        if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)) {
-            parameterBean.setQualifiedName(claimType);
-            parameterBean.setNameFormat("http://cxf.apache.org/sts");
-        } else {
+        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType)) {
             parameterBean.setSimpleName(claimType);
             parameterBean.setQualifiedName("http://cxf.apache.org/sts");
+        } else {
+            parameterBean.setQualifiedName(claimType);
+            parameterBean.setNameFormat("http://cxf.apache.org/sts");
         }
         if (parameter instanceof UsernameTokenType) {
             parameterBean.addAttributeValue(

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
index 7d1d6ac..f720ed6 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultConditionsProvider.java
@@ -222,7 +222,7 @@ public class DefaultConditionsProvider implements ConditionsProvider {
     protected List<AudienceRestrictionBean> createAudienceRestrictions(
         TokenProviderParameters providerParameters
     ) {
-        List<AudienceRestrictionBean> audienceRestrictions = new ArrayList<AudienceRestrictionBean>();
+        List<AudienceRestrictionBean> audienceRestrictions = new ArrayList<>();
         String appliesToAddress = providerParameters.getAppliesToAddress();
         if (appliesToAddress != null) {
             AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
index 7d28b57..f845a86 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
@@ -222,20 +222,20 @@ public class DefaultSubjectProvider implements SubjectProvider {
      * Get the SubjectConfirmation method given a tokenType and keyType
      */
     protected String getSubjectConfirmationMethod(String tokenType, String keyType) {
-        if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
-            || WSConstants.SAML2_NS.equals(tokenType)) {
+        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+            || WSConstants.SAML_NS.equals(tokenType)) {
             if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType) 
                 || STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
-                return SAML2Constants.CONF_HOLDER_KEY;
+                return SAML1Constants.CONF_HOLDER_KEY;
             } else {
-                return SAML2Constants.CONF_BEARER;
+                return SAML1Constants.CONF_BEARER;
             }
         } else {
             if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType) 
                 || STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
-                return SAML1Constants.CONF_HOLDER_KEY;
+                return SAML2Constants.CONF_HOLDER_KEY;
             } else {
-                return SAML1Constants.CONF_BEARER;
+                return SAML2Constants.CONF_BEARER;
             }
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
index 098f6a4..bad2009 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
@@ -26,15 +26,12 @@ import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-import javax.security.auth.callback.CallbackHandler;
-
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.STSPropertiesMBean;
-import org.apache.cxf.sts.SignatureProperties;
 import org.apache.cxf.sts.cache.CacheUtils;
 import org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider;
 import org.apache.cxf.sts.request.KeyRequirements;
@@ -42,8 +39,6 @@ import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.token.realm.SAMLRealm;
 import org.apache.cxf.ws.security.sts.provider.STSException;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
@@ -59,7 +54,7 @@ import org.opensaml.saml.common.SAMLVersion;
 /**
  * A TokenProvider implementation that provides a SAML Token.
  */
-public class SAMLTokenProvider implements TokenProvider {
+public class SAMLTokenProvider extends AbstractSAMLTokenProvider implements TokenProvider {
     
     private static final Logger LOG = LogUtils.getL7dLogger(SAMLTokenProvider.class);
     
@@ -69,7 +64,7 @@ public class SAMLTokenProvider implements TokenProvider {
     private SubjectProvider subjectProvider = new DefaultSubjectProvider();
     private ConditionsProvider conditionsProvider = new DefaultConditionsProvider();
     private boolean signToken = true;
-    private Map<String, SAMLRealm> realmMap = new HashMap<String, SAMLRealm>();
+    private Map<String, SAMLRealm> realmMap = new HashMap<>();
     private SamlCustomHandler samlCustomHandler;
     
     /**
@@ -100,14 +95,14 @@ public class SAMLTokenProvider implements TokenProvider {
      */
     public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
         testKeyType(tokenParameters);
-        byte[] secret = null;
-        byte[] entropyBytes = null;
-        long keySize = 0;
-        boolean computedKey = false;
         KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
         TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
         LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
         
+        byte[] secret = null;
+        byte[] entropyBytes = null;
+        long keySize = 0;
+        boolean computedKey = false;
         if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyRequirements.getKeyType())) {
             SymmetricKeyHandler keyHandler = new SymmetricKeyHandler(tokenParameters);
             keyHandler.createSymmetricKey();
@@ -308,73 +303,7 @@ public class SAMLTokenProvider implements TokenProvider {
         
         if (signToken) {
             STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
-            
-            // Initialise signature objects with defaults of STSPropertiesMBean
-            Crypto signatureCrypto = stsProperties.getSignatureCrypto();
-            CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
-            SignatureProperties signatureProperties = stsProperties.getSignatureProperties();
-            String alias = stsProperties.getSignatureUsername();
-            
-            if (samlRealm != null) {
-                // If SignatureCrypto configured in realm then
-                // callbackhandler and alias of STSPropertiesMBean is ignored
-                if (samlRealm.getSignatureCrypto() != null) {
-                    LOG.fine("SAMLRealm signature keystore used");
-                    signatureCrypto = samlRealm.getSignatureCrypto();
-                    callbackHandler = samlRealm.getCallbackHandler();
-                    alias = samlRealm.getSignatureAlias();
-                }
-                // SignatureProperties can be defined independently of SignatureCrypto
-                if (samlRealm.getSignatureProperties() != null) {
-                    signatureProperties = samlRealm.getSignatureProperties();
-                }
-            }
-            
-            // Get the signature algorithm to use
-            String signatureAlgorithm = tokenParameters.getKeyRequirements().getSignatureAlgorithm();
-            if (signatureAlgorithm == null) {
-                // If none then default to what is configured
-                signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
-            } else {
-                List<String> supportedAlgorithms = 
-                    signatureProperties.getAcceptedSignatureAlgorithms();
-                if (!supportedAlgorithms.contains(signatureAlgorithm)) {
-                    signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
-                    LOG.fine("SignatureAlgorithm not supported, defaulting to: " + signatureAlgorithm);
-                }
-            }
-            
-            // Get the c14n algorithm to use
-            String c14nAlgorithm = tokenParameters.getKeyRequirements().getC14nAlgorithm();
-            if (c14nAlgorithm == null) {
-                // If none then default to what is configured
-                c14nAlgorithm = signatureProperties.getC14nAlgorithm();
-            } else {
-                List<String> supportedAlgorithms = 
-                    signatureProperties.getAcceptedC14nAlgorithms();
-                if (!supportedAlgorithms.contains(c14nAlgorithm)) {
-                    c14nAlgorithm = signatureProperties.getC14nAlgorithm();
-                    LOG.fine("C14nAlgorithm not supported, defaulting to: " + c14nAlgorithm);
-                }
-            }
-            
-            // If alias not defined, get the default of the SignatureCrypto
-            if ((alias == null || "".equals(alias)) && (signatureCrypto != null)) {
-                alias = signatureCrypto.getDefaultX509Identifier();
-                LOG.fine("Signature alias is null so using default alias: " + alias);
-            }
-            // Get the password
-            WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
-            LOG.fine("Creating SAML Token");
-            callbackHandler.handle(cb);
-            String password = cb[0].getPassword();
-    
-            LOG.fine("Signing SAML Token");
-            boolean useKeyValue = signatureProperties.isUseKeyValue();
-            assertion.signAssertion(
-                alias, password, signatureCrypto, useKeyValue, c14nAlgorithm, signatureAlgorithm,
-                signatureProperties.getDigestAlgorithm()
-            );
+            signToken(assertion, samlRealm, stsProperties, tokenParameters.getKeyRequirements());
         }
         
         return assertion;
@@ -383,10 +312,12 @@ public class SAMLTokenProvider implements TokenProvider {
     public SamlCallbackHandler createCallbackHandler(
         TokenProviderParameters tokenParameters, byte[] secret, SAMLRealm samlRealm, Document doc
     ) throws Exception {
+        boolean statementAdded = false;
+        
         // Parse the AttributeStatements
         List<AttributeStatementBean> attrBeanList = null;
         if (attributeStatementProviders != null && attributeStatementProviders.size() > 0) {
-            attrBeanList = new ArrayList<AttributeStatementBean>();
+            attrBeanList = new ArrayList<>();
             for (AttributeStatementProvider statementProvider : attributeStatementProviders) {
                 AttributeStatementBean statementBean = statementProvider.getStatement(tokenParameters);
                 if (statementBean != null) {
@@ -396,6 +327,7 @@ public class SAMLTokenProvider implements TokenProvider {
                         + statementProvider.getClass().getName()
                     );
                     attrBeanList.add(statementBean);
+                    statementAdded = true;
                 }
             }
         }
@@ -403,10 +335,9 @@ public class SAMLTokenProvider implements TokenProvider {
         // Parse the AuthenticationStatements
         List<AuthenticationStatementBean> authBeanList = null;
         if (authenticationStatementProviders != null && authenticationStatementProviders.size() > 0) {
-            authBeanList = new ArrayList<AuthenticationStatementBean>();
+            authBeanList = new ArrayList<>();
             for (AuthenticationStatementProvider statementProvider : authenticationStatementProviders) {
-                AuthenticationStatementBean statementBean = 
-                    statementProvider.getStatement(tokenParameters);
+                AuthenticationStatementBean statementBean = statementProvider.getStatement(tokenParameters);
                 if (statementBean != null) {
                     LOG.fine(
                         "AuthenticationStatement" + statementBean.toString() 
@@ -414,6 +345,7 @@ public class SAMLTokenProvider implements TokenProvider {
                         + statementProvider.getClass().getName()
                     );
                     authBeanList.add(statementBean);
+                    statementAdded = true;
                 }
             }
         }
@@ -422,11 +354,9 @@ public class SAMLTokenProvider implements TokenProvider {
         List<AuthDecisionStatementBean> authDecisionBeanList = null;
         if (authDecisionStatementProviders != null 
             && authDecisionStatementProviders.size() > 0) {
-            authDecisionBeanList = new ArrayList<AuthDecisionStatementBean>();
-            for (AuthDecisionStatementProvider statementProvider 
-                : authDecisionStatementProviders) {
-                AuthDecisionStatementBean statementBean = 
-                    statementProvider.getStatement(tokenParameters);
+            authDecisionBeanList = new ArrayList<>();
+            for (AuthDecisionStatementProvider statementProvider : authDecisionStatementProviders) {
+                AuthDecisionStatementBean statementBean = statementProvider.getStatement(tokenParameters);
                 if (statementBean != null) {
                     LOG.fine(
                         "AuthDecisionStatement" + statementBean.toString() 
@@ -434,16 +364,15 @@ public class SAMLTokenProvider implements TokenProvider {
                         + statementProvider.getClass().getName()
                     );
                     authDecisionBeanList.add(statementBean);
+                    statementAdded = true;
                 }
             }
         }
         
         // If no providers have been configured, then default to the ClaimsAttributeStatementProvider
         // If no Claims are available then use the DefaultAttributeStatementProvider
-        if ((attributeStatementProviders == null || attributeStatementProviders.isEmpty()) 
-            && (authenticationStatementProviders == null || authenticationStatementProviders.isEmpty())
-            && (authDecisionStatementProviders == null || authDecisionStatementProviders.isEmpty())) {
-            attrBeanList = new ArrayList<AttributeStatementBean>();
+        if (!statementAdded) {
+            attrBeanList = new ArrayList<>();
             AttributeStatementProvider attributeProvider = new ClaimsAttributeStatementProvider();
             AttributeStatementBean attributeBean = attributeProvider.getStatement(tokenParameters);
             if (attributeBean != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java
index 679df31..2c6ab90 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java
@@ -100,48 +100,48 @@ public class SamlCallbackHandler implements CallbackHandler {
     }
     
     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
-        for (int i = 0; i < callbacks.length; i++) {
-            if (callbacks[i] instanceof SAMLCallback) {
-                SAMLCallback callback = (SAMLCallback) callbacks[i];
+        for (Callback callback : callbacks) {
+            if (callback instanceof SAMLCallback) {
+                SAMLCallback samlCallback = (SAMLCallback) callback;
 
                 // Set the Subject
                 if (subjectBean != null) {
-                    callback.setSubject(subjectBean);
+                    samlCallback.setSubject(subjectBean);
                 }
                 
                 // Set the token Type.
                 TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
                 String tokenType = tokenRequirements.getTokenType();
                 boolean saml1 = false;
-                if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
-                    || WSConstants.SAML2_NS.equals(tokenType)) {
-                    callback.setSamlVersion(Version.SAML_20);
-                } else {
-                    callback.setSamlVersion(Version.SAML_11);
+                if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+                    || WSConstants.SAML_NS.equals(tokenType)) {
+                    samlCallback.setSamlVersion(Version.SAML_11);
                     saml1 = true;
                     setSubjectOnBeans();
+                } else {
+                    samlCallback.setSamlVersion(Version.SAML_20);
                 }
                 
                 // Set the issuer
                 if (issuer == null) {
                     STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
-                    callback.setIssuer(stsProperties.getIssuer());
+                    samlCallback.setIssuer(stsProperties.getIssuer());
                 } else {
-                    callback.setIssuer(issuer);
+                    samlCallback.setIssuer(issuer);
                 }
 
                 // Set the statements
                 boolean statementAdded = false;
                 if (attributeBeans != null && !attributeBeans.isEmpty()) {
-                    callback.setAttributeStatementData(attributeBeans);
+                    samlCallback.setAttributeStatementData(attributeBeans);
                     statementAdded = true;
                 }
                 if (authBeans != null && !authBeans.isEmpty()) {
-                    callback.setAuthenticationStatementData(authBeans);
+                    samlCallback.setAuthenticationStatementData(authBeans);
                     statementAdded = true;
                 }
                 if (authDecisionBeans != null && !authDecisionBeans.isEmpty()) {
-                    callback.setAuthDecisionStatementData(authDecisionBeans);
+                    samlCallback.setAuthDecisionStatementData(authDecisionBeans);
                     statementAdded = true;
                 }
                 
@@ -150,11 +150,11 @@ public class SamlCallbackHandler implements CallbackHandler {
                     AttributeStatementBean defaultStatement = 
                         new DefaultAttributeStatementProvider().getStatement(tokenParameters);
                     defaultStatement.setSubject(subjectBean);
-                    callback.setAttributeStatementData(Collections.singletonList(defaultStatement));
+                    samlCallback.setAttributeStatementData(Collections.singletonList(defaultStatement));
                 }
                 
                 // Set the conditions
-                callback.setConditions(conditionsBean);
+                samlCallback.setConditions(conditionsBean);
             }
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/CertConstraintsParser.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/CertConstraintsParser.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/CertConstraintsParser.java
index bab9047..9b46ea8 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/CertConstraintsParser.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/CertConstraintsParser.java
@@ -39,7 +39,7 @@ public class CertConstraintsParser {
     /**
      * a collection of compiled regular expression patterns for the subject DN
      */
-    private Collection<Pattern> subjectDNPatterns = new ArrayList<Pattern>();
+    private Collection<Pattern> subjectDNPatterns = new ArrayList<>();
     
     /**
      * Set a list of Strings corresponding to regular expression constraints on the subject DN
@@ -47,7 +47,7 @@ public class CertConstraintsParser {
      */
     public void setSubjectConstraints(List<String> constraints) {
         if (constraints != null) {
-            subjectDNPatterns = new ArrayList<Pattern>();
+            subjectDNPatterns = new ArrayList<>();
             for (String constraint : constraints) {
                 try {
                     subjectDNPatterns.add(Pattern.compile(constraint.trim()));

http://git-wip-us.apache.org/repos/asf/cxf/blob/5f94e273/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/RelationshipResolver.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/RelationshipResolver.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/RelationshipResolver.java
index 6538459..a531b54 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/RelationshipResolver.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/RelationshipResolver.java
@@ -29,7 +29,7 @@ public class RelationshipResolver {
     
     
     public RelationshipResolver(List<Relationship> relationships) {
-        relationshipMap = new HashMap<String, Relationship>();
+        relationshipMap = new HashMap<>();
         for (Relationship rel : relationships) {
             String key = generateKey(rel.getSourceRealm(), rel.getTargetRealm());
             relationshipMap.put(key, rel);


Mime
View raw message