cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/3] cxf git commit: Large refactor mainly of cxf-rt-rs-security-xml following on from WSS4J trunk changes
Date Mon, 23 Mar 2015 15:44:47 GMT
Large refactor mainly of cxf-rt-rs-security-xml following on from WSS4J trunk changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/35063023
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/35063023
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/35063023

Branch: refs/heads/master
Commit: 3506302369c0a28647056c1da469bd9844e45826
Parents: ed18c00
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Mar 23 14:42:48 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Mar 23 15:44:40 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/common/CryptoLoader.java    |  65 +++------
 .../cxf/rs/security/common/SecurityUtils.java   |  21 +--
 .../rs/security/saml/AbstractSamlInHandler.java |   7 +-
 .../saml/AbstractSamlOutInterceptor.java        |   4 +-
 .../apache/cxf/rs/security/saml/SAMLUtils.java  |  13 +-
 .../security/saml/SamlHeaderOutInterceptor.java |   2 +-
 .../security/xml/AbstractXmlEncInHandler.java   |  12 +-
 .../security/xml/AbstractXmlSecInHandler.java   |  12 +-
 .../xml/AbstractXmlSecOutInterceptor.java       |  12 +-
 .../security/xml/AbstractXmlSigInHandler.java   |  81 +----------
 .../cxf/rs/security/xml/EncryptionUtils.java    |   6 +-
 .../rs/security/xml/XmlEncOutInterceptor.java   |  75 +++--------
 .../rs/security/xml/XmlSecInInterceptor.java    |   6 +-
 .../rs/security/xml/XmlSecOutInterceptor.java   |  33 +----
 .../rs/security/xml/XmlSigOutInterceptor.java   |   2 +-
 rt/security/pom.xml                             |  22 ---
 .../apache/cxf/rt/security/claims/Claim.java    |   2 +-
 .../claims/ClaimsAuthorizingInterceptor.java    |  10 +-
 .../apache/cxf/rt/security/saml/SAMLUtils.java  |   2 +-
 .../cxf/rt/security/utils/SecurityUtils.java    | 119 +++++++++++++++++
 .../AbstractXACMLAuthorizingInterceptor.java    |   2 +-
 .../xacml/DefaultXACMLRequestBuilder.java       |  11 +-
 .../apache/cxf/ws/security/SecurityUtils.java   | 133 -------------------
 .../cxf/ws/security/kerberos/KerberosUtils.java |   2 +-
 .../KerberosTokenInterceptorProvider.java       |   8 +-
 .../policy/interceptors/NegotiationUtils.java   |   8 +-
 .../policy/interceptors/STSTokenHelper.java     |  15 ++-
 .../SecureConversationInInterceptor.java        |   9 +-
 .../SecureConversationOutInterceptor.java       |   8 +-
 .../SpnegoContextTokenInInterceptor.java        |   3 +-
 .../SpnegoContextTokenOutInterceptor.java       |   9 +-
 .../tokenstore/EHCacheTokenStoreFactory.java    |   2 +-
 .../ws/security/tokenstore/SecurityToken.java   |  12 +-
 .../ws/security/tokenstore/TokenStoreUtils.java |  64 +++++++++
 .../ws/security/trust/AbstractSTSClient.java    |   7 +-
 .../ws/security/trust/STSTokenValidator.java    |   5 +-
 .../wss4j/AbstractTokenInterceptor.java         |   3 +-
 .../wss4j/AbstractWSS4JStaxInterceptor.java     |   2 +-
 .../wss4j/BinarySecurityTokenInterceptor.java   |   3 +-
 .../ws/security/wss4j/SamlTokenInterceptor.java |   3 +-
 .../wss4j/UsernameTokenInterceptor.java         |   3 +-
 .../ws/security/wss4j/WSS4JInInterceptor.java   |   8 +-
 .../security/wss4j/WSS4JStaxInInterceptor.java  |   4 +-
 .../cxf/ws/security/wss4j/WSS4JUtils.java       |   7 +-
 .../policyhandlers/AbstractBindingBuilder.java  |  46 ++++---
 .../AbstractCommonBindingHandler.java           |   8 +-
 .../AbstractStaxBindingHandler.java             |   7 +-
 .../AsymmetricBindingHandler.java               |  18 +--
 .../StaxAsymmetricBindingHandler.java           |   6 +-
 .../StaxSymmetricBindingHandler.java            |  58 ++------
 .../StaxTransportBindingHandler.java            |   6 +-
 .../policyhandlers/SymmetricBindingHandler.java |  10 +-
 .../policyhandlers/TransportBindingHandler.java |   2 +-
 .../AbstractBindingPolicyValidator.java         |  22 ---
 .../AsymmetricBindingPolicyValidator.java       |  11 +-
 .../KerberosTokenPolicyValidator.java           |   4 +-
 .../X509TokenPolicyValidator.java               |   7 +-
 57 files changed, 442 insertions(+), 600 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
index 267dae7..8d1474e 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/CryptoLoader.java
@@ -19,21 +19,16 @@
 
 package org.apache.cxf.rs.security.common;
 
-import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
-import java.net.URI;
 import java.net.URL;
 import java.util.Map;
 import java.util.Properties;
 import java.util.concurrent.ConcurrentHashMap;
 
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.common.classloader.ClassLoaderUtils.ClassLoaderHolder;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.resource.ResourceManager;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
@@ -42,16 +37,17 @@ import org.apache.wss4j.common.ext.WSSecurityException;
 public class CryptoLoader {
     
     private static final String CRYPTO_CACHE = "rs-security-xml-crypto.cache";
-    
+
     public Crypto loadCrypto(String cryptoResource) throws IOException, WSSecurityException {
-        URL url = ClassLoaderUtils.getResource(cryptoResource, this.getClass());
+        URL url = 
+            org.apache.cxf.rt.security.utils.SecurityUtils.loadResource(null, cryptoResource);
         if (url != null) {
             return loadCryptoFromURL(url);
         } else {
             return null;
         }
     }
-    
+
     public Crypto getCrypto(Message message,
                             String cryptoKey, 
                             String propKey) 
@@ -74,47 +70,18 @@ public class CryptoLoader {
             return crypto;
         }
         
-        ClassLoaderHolder orig = null;
-        try {
-            URL url = ClassLoaderUtils.getResource(propResourceName, this.getClass());
-            if (url == null) {
-                ResourceManager manager = message.getExchange()
-                        .getBus().getExtension(ResourceManager.class);
-                ClassLoader loader = manager.resolveResource("", ClassLoader.class);
-                if (loader != null) {
-                    orig = ClassLoaderUtils.setThreadContextClassloader(loader);
-                }
-                url = manager.resolveResource(propResourceName, URL.class);
-            }
-            if (url == null) {
-                try {
-                    URI propResourceUri = URI.create(propResourceName);
-                    if (propResourceUri.getScheme() != null) {
-                        url = propResourceUri.toURL();
-                    } else {
-                        File f = new File(propResourceUri.toString());
-                        if (f.exists()) { 
-                            url = f.toURI().toURL();
-                        }
-                    }
-                } catch (IOException ex) {
-                    // let CryptoFactory try to load it
-                }   
-            }
-            if (url != null) {
-                crypto = loadCryptoFromURL(url);
-            } else {
-                crypto = CryptoFactory.getInstance(propResourceName, Thread.currentThread().getContextClassLoader());
-            }
-            if (cryptoCache != null) {
-                cryptoCache.put(o, crypto);
-            }
-            return crypto;
-        } finally {
-            if (orig != null) {
-                orig.reset();
-            }
+        URL url = org.apache.cxf.rt.security.utils.SecurityUtils.loadResource(message, propResourceName);
+
+        if (url != null) {
+            crypto = loadCryptoFromURL(url);
+        } else {
+            crypto = CryptoFactory.getInstance(propResourceName, Thread.currentThread().getContextClassLoader());
         }
+        if (cryptoCache != null && crypto != null) {
+            cryptoCache.put(o, crypto);
+        }
+        
+        return crypto;
     }
     
     public static Crypto loadCryptoFromURL(URL url) throws IOException, WSSecurityException {
@@ -133,7 +100,7 @@ public class CryptoLoader {
                 Map<Object, Crypto> o = 
                     CastUtils.cast((Map<?, ?>)info.getProperty(CRYPTO_CACHE));
                 if (o == null) {
-                    o = new ConcurrentHashMap<Object, Crypto>();
+                    o = new ConcurrentHashMap<>();
                     info.setProperty(CRYPTO_CACHE, o);
                 }
                 return o;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
index 51db0d2..bc9849f 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
@@ -28,7 +28,6 @@ import javax.security.auth.callback.CallbackHandler;
 
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.interceptor.Fault;
@@ -125,7 +124,7 @@ public final class SecurityUtils {
     }
     
     public static String getPassword(Message message, String userName, 
-                                     int type, Class<?> callingClass) {
+                                     int type, Class<?> callingClass) throws WSSecurityException {
         CallbackHandler handler = getCallbackHandler(message, callingClass);
         if (handler == null) {
             return null;
@@ -143,28 +142,18 @@ public final class SecurityUtils {
         return password == null ? "" : password;
     }
     
-    public static CallbackHandler getCallbackHandler(Message message, Class<?> callingClass) {
+    public static CallbackHandler getCallbackHandler(Message message, Class<?> callingClass) 
+        throws WSSecurityException {
         return getCallbackHandler(message, callingClass, SecurityConstants.CALLBACK_HANDLER);
     }
     
     public static CallbackHandler getCallbackHandler(Message message, 
                                                      Class<?> callingClass,
-                                                     String callbackProperty) {
+                                                     String callbackProperty) throws WSSecurityException {
         //Then try to get the password from the given callback handler
         Object o = message.getContextualProperty(callbackProperty);
     
-        CallbackHandler handler = null;
-        if (o instanceof CallbackHandler) {
-            handler = (CallbackHandler)o;
-        } else if (o instanceof String) {
-            try {
-                handler = (CallbackHandler)ClassLoaderUtils
-                    .loadClass((String)o, callingClass).newInstance();
-            } catch (Exception e) {
-                handler = null;
-            }
-        }
-        return handler;
+        return org.apache.cxf.rt.security.utils.SecurityUtils.getCallbackHandler(o);
     }
  
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
index a8a1be3..1e93601 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlInHandler.java
@@ -50,7 +50,9 @@ import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.WSProviderConfig;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
@@ -59,7 +61,6 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.dom.WSDocInfo;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
 import org.apache.wss4j.dom.validate.Credential;
 import org.apache.wss4j.dom.validate.SamlAssertionValidator;
@@ -75,7 +76,7 @@ public abstract class AbstractSamlInHandler implements ContainerRequestFilter {
         LogUtils.getL7dLogger(AbstractSamlInHandler.class);
     
     static {
-        WSSConfig.init();
+        WSProviderConfig.init();
     }
     
     private Validator samlValidator = new SamlAssertionValidator();
@@ -142,7 +143,7 @@ public abstract class AbstractSamlInHandler implements ContainerRequestFilter {
                     throwFault("Crypto can not be loaded", ex);
                 }
                 data.setEnableRevocation(MessageUtils.isTrue(
-                    message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION)));
+                    message.getContextualProperty(ConfigurationConstants.ENABLE_REVOCATION)));
                 Signature sig = assertion.getSignature();
                 WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
                 

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java
index f54152e..71f140a 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/AbstractSamlOutInterceptor.java
@@ -27,13 +27,13 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
+import org.apache.wss4j.common.crypto.WSProviderConfig;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.dom.WSSConfig;
 
 public abstract class AbstractSamlOutInterceptor extends AbstractPhaseInterceptor<Message> {
     
     static {
-        WSSConfig.init();
+        WSProviderConfig.init();
     }
     
     private boolean useDeflateEncoding = true;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
index c19d199..7660337 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
@@ -63,9 +63,16 @@ public final class SAMLUtils {
     }
     
     public static SamlAssertionWrapper createAssertion(Message message) throws Fault {
-        CallbackHandler handler = SecurityUtils.getCallbackHandler(
-            message, SAMLUtils.class, SecurityConstants.SAML_CALLBACK_HANDLER);
-        return createAssertion(message, handler);
+        try {
+            CallbackHandler handler = SecurityUtils.getCallbackHandler(
+                message, SAMLUtils.class, SecurityConstants.SAML_CALLBACK_HANDLER);
+            return createAssertion(message, handler);
+        } catch (Exception ex) {
+            StringWriter sw = new StringWriter();
+            ex.printStackTrace(new PrintWriter(sw));
+            LOG.warning(sw.toString());
+            throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
+        }
     }
     
     public static SamlAssertionWrapper createAssertion(Message message,

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
index 34f98ff..29f3b7c 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SamlHeaderOutInterceptor.java
@@ -75,7 +75,7 @@ public class SamlHeaderOutInterceptor extends AbstractSamlOutInterceptor {
         Map<String, List<String>> headers = 
             CastUtils.cast((Map<?, ?>)message.get(Message.PROTOCOL_HEADERS));
         if (headers == null) {
-            headers = new HashMap<String, List<String>>();
+            headers = new HashMap<>();
             message.put(Message.PROTOCOL_HEADERS, headers);
         }
         return headers;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
index 431d05e..31e0431 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
@@ -45,7 +45,6 @@ import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.util.KeyUtils;
-import org.apache.wss4j.dom.WSConstants;
 import org.apache.xml.security.encryption.XMLCipher;
 import org.apache.xml.security.encryption.XMLEncryptionException;
 import org.apache.xml.security.utils.Constants;
@@ -113,7 +112,7 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
             throwFault("Crypto can not be loaded", ex);
         }
         
-        Element encKeyElement = getNode(encDataElement, WSConstants.ENC_NS, "EncryptedKey", 0);
+        Element encKeyElement = getNode(encDataElement, ENC_NS, "EncryptedKey", 0);
         if (encKeyElement == null) {
             //TODO: support EncryptedData/ds:KeyInfo - the encrypted key is passed out of band
             throwFault("EncryptedKey element is not available", null);
@@ -146,8 +145,7 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
         }
         
         
-        Element cipherValue = getNode(encKeyElement, WSConstants.ENC_NS, 
-                                               "CipherValue", 0);
+        Element cipherValue = getNode(encKeyElement, ENC_NS, "CipherValue", 0);
         if (cipherValue == null) {
             throwFault("CipherValue element is not available", null);
         }
@@ -200,7 +198,7 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
     }
     
     private String getEncodingMethodAlgorithm(Element parent) {
-        Element encMethod = getNode(parent, WSConstants.ENC_NS, "EncryptionMethod", 0);
+        Element encMethod = getNode(parent, ENC_NS, "EncryptionMethod", 0);
         if (encMethod == null) {
             throwFault("EncryptionMethod element is not available", null);
         }
@@ -208,9 +206,9 @@ public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
     }
     
     private String getDigestMethodAlgorithm(Element parent) {
-        Element encMethod = getNode(parent, WSConstants.ENC_NS, "EncryptionMethod", 0);
+        Element encMethod = getNode(parent, ENC_NS, "EncryptionMethod", 0);
         if (encMethod != null) {
-            Element digestMethod = getNode(encMethod, WSConstants.SIG_NS, "DigestMethod", 0);
+            Element digestMethod = getNode(encMethod, SIG_NS, "DigestMethod", 0);
             if (digestMethod != null) {
                 return digestMethod.getAttributeNS(null, "Algorithm");
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
index 035e54b..0c5912e 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
@@ -29,22 +29,28 @@ import javax.xml.stream.XMLStreamReader;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
-
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.staxutils.W3CDOMStreamReader;
-import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.common.crypto.WSProviderConfig;
 
 
 public abstract class AbstractXmlSecInHandler {
+    protected static final String SIG_NS = "http://www.w3.org/2000/09/xmldsig#";
+    protected static final String SIG_PREFIX = "ds";
+    protected static final String ENC_NS = "http://www.w3.org/2001/04/xmlenc#";
+    protected static final String ENC_PREFIX = "xenc";
+    protected static final String WSU_NS = 
+        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+    
     private static final Logger LOG = 
         LogUtils.getL7dLogger(AbstractXmlSecInHandler.class);
     
     static {
-        WSSConfig.init();
+        WSProviderConfig.init();
     }
     
     private boolean allowEmptyBody;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java
index 61a30cd..5d5ae7c 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecOutInterceptor.java
@@ -30,7 +30,6 @@ import javax.xml.stream.XMLStreamWriter;
 import javax.xml.transform.dom.DOMSource;
 
 import org.w3c.dom.Document;
-
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.jaxrs.provider.JAXBElementProvider;
@@ -40,15 +39,22 @@ import org.apache.cxf.message.MessageContentsList;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.staxutils.W3CDOMStreamWriter;
-import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.common.crypto.WSProviderConfig;
 
 
 public abstract class AbstractXmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
+    protected static final String SIG_NS = "http://www.w3.org/2000/09/xmldsig#";
+    protected static final String SIG_PREFIX = "ds";
+    protected static final String ENC_NS = "http://www.w3.org/2001/04/xmlenc#";
+    protected static final String ENC_PREFIX = "xenc";
+    protected static final String WSU_NS = 
+        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+    
     private static final Logger LOG = 
         LogUtils.getL7dLogger(AbstractXmlSecOutInterceptor.class);
     
     static {
-        WSSConfig.init();
+        WSProviderConfig.init();
     }
     
     public AbstractXmlSecOutInterceptor() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
index 3875e61..ca092b9 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
@@ -32,7 +32,6 @@ import javax.xml.stream.XMLStreamReader;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-import org.w3c.dom.Node;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.common.CryptoLoader;
@@ -42,7 +41,7 @@ import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.staxutils.W3CDOMStreamReader;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.keys.KeyInfo;
 import org.apache.xml.security.signature.Reference;
@@ -291,86 +290,12 @@ public class AbstractXmlSigInHandler extends AbstractXmlSecInHandler {
         String expectedID = ref.getURI().substring(1);
         
         if (!expectedID.equals(rootId)) {
-            return findElementById(root, expectedID, true);
+            return XMLUtils.findElementById(root, expectedID, true);
         } else {
             return root;
         }
     }
     
-    /**
-     * Returns the single element that contains an Id with value
-     * <code>uri</code> and <code>namespace</code>. The Id can be either a wsu:Id or an Id
-     * with no namespace. This is a replacement for a XPath Id lookup with the given namespace. 
-     * It's somewhat faster than XPath, and we do not deal with prefixes, just with the real
-     * namespace URI
-     * 
-     * If checkMultipleElements is true and there are multiple elements, we log a 
-     * warning and return null as this can be used to get around the signature checking.
-     * 
-     * @param startNode Where to start the search
-     * @param value Value of the Id attribute
-     * @param checkMultipleElements If true then go through the entire tree and return 
-     *        null if there are multiple elements with the same Id
-     * @return The found element if there was exactly one match, or
-     *         <code>null</code> otherwise
-     */
-    private static Element findElementById(
-        Node startNode, String value, boolean checkMultipleElements
-    ) {
-        //
-        // Replace the formerly recursive implementation with a depth-first-loop lookup
-        //
-        Node startParent = startNode.getParentNode();
-        Node processedNode = null;
-        Element foundElement = null;
-        String id = value;
-
-        while (startNode != null) {
-            // start node processing at this point
-            if (startNode.getNodeType() == Node.ELEMENT_NODE) {
-                Element se = (Element) startNode;
-                // Try the wsu:Id first
-                String attributeNS = se.getAttributeNS(WSConstants.WSU_NS, "Id");
-                if ("".equals(attributeNS) || !id.equals(attributeNS)) {
-                    attributeNS = se.getAttributeNS(null, "Id");
-                }
-                if ("".equals(attributeNS) || !id.equals(attributeNS)) {
-                    attributeNS = se.getAttributeNS(null, "ID");
-                }
-                if (!"".equals(attributeNS) && id.equals(attributeNS)) {
-                    if (!checkMultipleElements) {
-                        return se;
-                    } else if (foundElement == null) {
-                        foundElement = se; // Continue searching to find duplicates
-                    } else {
-                        // Multiple elements with the same 'Id' attribute value
-                        return null;
-                    }
-                }
-            }
-
-            processedNode = startNode;
-            startNode = startNode.getFirstChild();
-
-            // no child, this node is done.
-            if (startNode == null) {
-                // close node processing, get sibling
-                startNode = processedNode.getNextSibling();
-            }
-            // no more siblings, get parent, all children
-            // of parent are processed.
-            while (startNode == null) {
-                processedNode = processedNode.getParentNode();
-                if (processedNode == startParent) {
-                    return foundElement;
-                }
-                // close parent node processing (processed node now)
-                startNode = processedNode.getNextSibling();
-            }
-        }
-        return foundElement;
-    }
-    
     public void setSignatureProperties(SignatureProperties properties) {
         this.sigProps = properties;
     }
@@ -385,7 +310,7 @@ public class AbstractXmlSigInHandler extends AbstractXmlSecInHandler {
      */
     public void setSubjectConstraints(List<String> constraints) {
         if (constraints != null) {
-            subjectDNPatterns = new ArrayList<Pattern>();
+            subjectDNPatterns = new ArrayList<>();
             for (String constraint : constraints) {
                 try {
                     subjectDNPatterns.add(Pattern.compile(constraint.trim()));

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
index 94c9590..83951e0 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionUtils.java
@@ -29,7 +29,7 @@ import javax.crypto.spec.OAEPParameterSpec;
 import javax.crypto.spec.PSource;
 
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.encryption.XMLCipher;
 import org.apache.xml.security.encryption.XMLEncryptionException;
@@ -51,7 +51,7 @@ public final class EncryptionUtils {
         int mode, 
         X509Certificate cert
     ) throws WSSecurityException {
-        Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
+        Cipher cipher = KeyUtils.getCipherInstance(keyEncAlgo);
         try {
             OAEPParameterSpec oaepParameters = 
                 constructOAEPParameters(
@@ -81,7 +81,7 @@ public final class EncryptionUtils {
     
     public static Cipher initCipherWithKey(String keyEncAlgo, String digestAlgo, int mode, Key key)
         throws WSSecurityException {
-        Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
+        Cipher cipher = KeyUtils.getCipherInstance(keyEncAlgo);
         try {
             OAEPParameterSpec oaepParameters = 
                 constructOAEPParameters(

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
index 6635c3d..7659519 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
@@ -18,7 +18,6 @@
  */
 package org.apache.cxf.rs.security.xml;
 
-import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.logging.Logger;
@@ -34,7 +33,6 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.Text;
-
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.common.util.StringUtils;
@@ -46,11 +44,10 @@ import org.apache.cxf.rs.security.common.SecurityUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.message.token.DOMX509Data;
-import org.apache.wss4j.dom.message.token.DOMX509IssuerSerial;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.xml.security.algorithms.JCEMapper;
+import org.apache.wss4j.common.token.DOMX509Data;
+import org.apache.wss4j.common.token.DOMX509IssuerSerial;
+import org.apache.wss4j.common.util.KeyUtils;
+import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.xml.security.encryption.XMLCipher;
 import org.apache.xml.security.signature.XMLSignature;
 import org.apache.xml.security.stax.impl.util.IDGenerator;
@@ -153,7 +150,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
             EncryptionUtils.initXMLCipher(symEncAlgo, XMLCipher.ENCRYPT_MODE, symmetricKey);
         
         Document result = xmlCipher.doFinal(payloadDoc, payloadDoc.getDocumentElement(), false);
-        NodeList list = result.getElementsByTagNameNS(WSConstants.ENC_NS, "CipherValue");
+        NodeList list = result.getElementsByTagNameNS(ENC_NS, "CipherValue");
         if (list.getLength() != 1) {
             throw new Exception("Payload CipherData is missing");
         }
@@ -169,7 +166,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
     private byte[] getSymmetricKey(String symEncAlgo) throws Exception {
         synchronized (this) {
             if (symmetricKey == null) {
-                KeyGenerator keyGen = getKeyGenerator(symEncAlgo);
+                KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgo);
                 symmetricKey = keyGen.generateKey();
             } 
             return symmetricKey.getEncoded();
@@ -181,29 +178,6 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
         return certs[0];
     }
     
-    private KeyGenerator getKeyGenerator(String symEncAlgo) throws WSSecurityException {
-        try {
-            //
-            // Assume AES as default, so initialize it
-            //
-            String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
-            KeyGenerator keyGen = KeyGenerator.getInstance(keyAlgorithm);
-            if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)
-                || symEncAlgo.equalsIgnoreCase(WSConstants.AES_128_GCM)) {
-                keyGen.init(128);
-            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)
-                || symEncAlgo.equalsIgnoreCase(WSConstants.AES_192_GCM)) {
-                keyGen.init(192);
-            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)
-                || symEncAlgo.equalsIgnoreCase(WSConstants.AES_256_GCM)) {
-                keyGen.init(256);
-            }
-            return keyGen;
-        } catch (NoSuchAlgorithmException e) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e);
-        }
-    }
-    
     // Apache Security XMLCipher does not support 
     // Certificates for encrypting the keys
     protected byte[] encryptSymmetricKey(byte[] keyBytes, 
@@ -265,13 +239,10 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
         xencCipherValue.appendChild(doc.createTextNode(encodedKey));
         
         Element topKeyInfoElement = 
-            doc.createElementNS(
-                WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN
-            );
+            doc.createElementNS(SIG_NS, SIG_PREFIX + ":KeyInfo");
         Element retrievalMethodElement = 
-            doc.createElementNS(
-                WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":RetrievalMethod"
-            );
+            doc.createElementNS(SIG_NS, SIG_PREFIX + ":RetrievalMethod");
+        
         retrievalMethodElement.setAttribute("Type", DEFAULT_RETRIEVAL_METHOD_TYPE);
         topKeyInfoElement.appendChild(retrievalMethodElement);
         
@@ -282,9 +253,9 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
     
     protected Element createCipherValue(Document doc, Element encryptedKey) {
         Element cipherData = 
-            doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":CipherData");
+            doc.createElementNS(ENC_NS, ENC_PREFIX + ":CipherData");
         Element cipherValue = 
-            doc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":CipherValue");
+            doc.createElementNS(ENC_NS, ENC_PREFIX + ":CipherValue");
         cipherData.appendChild(cipherValue);
         encryptedKey.appendChild(cipherData);
         return cipherValue;
@@ -293,9 +264,7 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
     private Element createKeyInfoElement(Document encryptedDataDoc,
                                          X509Certificate remoteCert) throws Exception {
         Element keyInfoElement = 
-            encryptedDataDoc.createElementNS(
-                WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN
-            );
+            encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":KeyInfo");
         
         String keyIdType = encProps.getEncryptionKeyIdType() == null
             ? SecurityUtils.X509_CERT : encProps.getEncryptionKeyIdType();
@@ -311,11 +280,9 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
                 );
             }
             Text text = encryptedDataDoc.createTextNode(Base64.encode(data));
-            Element cert = encryptedDataDoc.createElementNS(
-                WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.X509_CERT_LN);
+            Element cert = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":X509Certificate");
             cert.appendChild(text);
-            Element x509Data = encryptedDataDoc.createElementNS(
-                WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.X509_DATA_LN);
+            Element x509Data = encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":X509Data");
             
             x509Data.appendChild(cert);
             keyIdentifierNode = x509Data;
@@ -341,16 +308,15 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
                                                 String keyEncAlgo,
                                                 String digestAlgo) {
         Element encryptedKey = 
-            encryptedDataDoc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":EncryptedKey");
+            encryptedDataDoc.createElementNS(ENC_NS, ENC_PREFIX + ":EncryptedKey");
 
         Element encryptionMethod = 
-            encryptedDataDoc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX 
+            encryptedDataDoc.createElementNS(ENC_NS, ENC_PREFIX 
                                              + ":EncryptionMethod");
         encryptionMethod.setAttributeNS(null, "Algorithm", keyEncAlgo);
         if (digestAlgo != null) {
             Element digestMethod = 
-                encryptedDataDoc.createElementNS(WSConstants.SIG_NS, WSConstants.SIG_PREFIX 
-                                                 + ":DigestMethod");
+                encryptedDataDoc.createElementNS(SIG_NS, SIG_PREFIX + ":DigestMethod");
             digestMethod.setAttributeNS(null, "Algorithm", digestAlgo);
             encryptionMethod.appendChild(digestMethod);
         }
@@ -360,13 +326,12 @@ public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
     
     protected Element createEncryptedDataElement(Document encryptedDataDoc, String symEncAlgo) {
         Element encryptedData = 
-            encryptedDataDoc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":EncryptedData");
+            encryptedDataDoc.createElementNS(ENC_NS, ENC_PREFIX + ":EncryptedData");
 
-        WSSecurityUtil.setNamespace(encryptedData, WSConstants.ENC_NS, WSConstants.ENC_PREFIX);
+        XMLUtils.setNamespace(encryptedData, ENC_NS, ENC_PREFIX);
         
         Element encryptionMethod = 
-            encryptedDataDoc.createElementNS(WSConstants.ENC_NS, WSConstants.ENC_PREFIX 
-                                             + ":EncryptionMethod");
+            encryptedDataDoc.createElementNS(ENC_NS, ENC_PREFIX + ":EncryptionMethod");
         encryptionMethod.setAttributeNS(null, "Algorithm", symEncAlgo);
         encryptedData.appendChild(encryptionMethod);
         encryptedDataDoc.appendChild(encryptedData);

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
index 03c4dd9..9576bb9 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
@@ -85,7 +85,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> {
     /**
      * a collection of compiled regular expression patterns for the subject DN
      */
-    private Collection<Pattern> subjectDNPatterns = new ArrayList<Pattern>();
+    private Collection<Pattern> subjectDNPatterns = new ArrayList<>();
 
     public XmlSecInInterceptor() {
         super(Phase.POST_STREAM);
@@ -211,7 +211,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> {
     protected SecurityEventListener configureSecurityEventListener(
         final Crypto sigCrypto, final Message msg, XMLSecurityProperties securityProperties
     ) {
-        final List<SecurityEvent> incomingSecurityEventList = new LinkedList<SecurityEvent>();
+        final List<SecurityEvent> incomingSecurityEventList = new LinkedList<>();
         SecurityEventListener securityEventListener = new SecurityEventListener() {
             @Override
             public void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
@@ -365,7 +365,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> {
      */
     public void setSubjectConstraints(List<String> constraints) {
         if (constraints != null) {
-            subjectDNPatterns = new ArrayList<Pattern>();
+            subjectDNPatterns = new ArrayList<>();
             for (String constraint : constraints) {
                 try {
                     subjectDNPatterns.add(Pattern.compile(constraint.trim()));

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
index 602f5bc..41be15a 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
@@ -19,7 +19,6 @@
 package org.apache.cxf.rs.security.xml;
 
 import java.io.OutputStream;
-import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
@@ -51,9 +50,8 @@ import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.xml.security.Init;
-import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.encryption.XMLCipher;
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.stax.ext.OutboundXMLSec;
@@ -84,8 +82,8 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
     private SecretKey symmetricKey;
     private boolean signRequest;
     private boolean encryptRequest;
-    private List<QName> elementsToSign = new ArrayList<QName>();
-    private List<QName> elementsToEncrypt = new ArrayList<QName>();
+    private List<QName> elementsToSign = new ArrayList<>();
+    private List<QName> elementsToEncrypt = new ArrayList<>();
     private boolean keyInfoMustBeAvailable = true;
     
     static {
@@ -259,36 +257,13 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
     private SecretKey getSymmetricKey(String symEncAlgo) throws Exception {
         synchronized (this) {
             if (symmetricKey == null) {
-                KeyGenerator keyGen = getKeyGenerator(symEncAlgo);
+                KeyGenerator keyGen = KeyUtils.getKeyGenerator(symEncAlgo);
                 symmetricKey = keyGen.generateKey();
             } 
             return symmetricKey;
         }
     }
     
-    private KeyGenerator getKeyGenerator(String symEncAlgo) throws WSSecurityException {
-        try {
-            //
-            // Assume AES as default, so initialize it
-            //
-            String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
-            KeyGenerator keyGen = KeyGenerator.getInstance(keyAlgorithm);
-            if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)
-                || symEncAlgo.equalsIgnoreCase(WSConstants.AES_128_GCM)) {
-                keyGen.init(128);
-            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)
-                || symEncAlgo.equalsIgnoreCase(WSConstants.AES_192_GCM)) {
-                keyGen.init(192);
-            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)
-                || symEncAlgo.equalsIgnoreCase(WSConstants.AES_256_GCM)) {
-                keyGen.init(256);
-            }
-            return keyGen;
-        } catch (NoSuchAlgorithmException e) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e);
-        }
-    }
-    
     private void configureSignature(
         Message message, XMLSecurityProperties properties
     ) throws Exception {

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
index 9c415ee..05800c6 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
@@ -61,7 +61,7 @@ public class XmlSigOutInterceptor extends AbstractXmlSecOutInterceptor {
     private static final Logger LOG = 
         LogUtils.getL7dLogger(XmlSigOutInterceptor.class);
     private static final Set<String> SUPPORTED_STYLES = 
-        new HashSet<String>(Arrays.asList(ENVELOPED_SIG, ENVELOPING_SIG, DETACHED_SIG));
+        new HashSet<>(Arrays.asList(ENVELOPED_SIG, ENVELOPING_SIG, DETACHED_SIG));
     
     private QName envelopeQName = DEFAULT_ENV_QNAME;
     private String sigStyle = ENVELOPED_SIG;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/pom.xml
----------------------------------------------------------------------
diff --git a/rt/security/pom.xml b/rt/security/pom.xml
index 1d487f2..1a1ca60 100644
--- a/rt/security/pom.xml
+++ b/rt/security/pom.xml
@@ -47,28 +47,6 @@
             <version>${cxf.wss4j.version}</version>
         </dependency>
         <dependency>
-            <groupId>org.opensaml</groupId>
-            <artifactId>opensaml-xacml-impl</artifactId>
-            <version>${cxf.opensaml.version}</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>com.google.code.findbugs</groupId>
-                    <artifactId>jsr305</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.opensaml</groupId>
-            <artifactId>opensaml-xacml-saml-impl</artifactId>
-            <version>${cxf.opensaml.version}</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>com.google.code.findbugs</groupId>
-                    <artifactId>jsr305</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-jdk14</artifactId>
             <scope>test</scope>

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
index 668efc1..1e58575 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/Claim.java
@@ -41,7 +41,7 @@ public class Claim implements Serializable, Cloneable {
 
     private URI claimType;
     private boolean optional;
-    private List<Object> values = new ArrayList<Object>(1);
+    private List<Object> values = new ArrayList<>(1);
 
     public Claim() {
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java
index 284b6ea..22d61cf 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/claims/ClaimsAuthorizingInterceptor.java
@@ -52,13 +52,13 @@ public class ClaimsAuthorizingInterceptor extends AbstractPhaseInterceptor<Messa
     
     private static final Set<String> SKIP_METHODS;
     static {
-        SKIP_METHODS = new HashSet<String>();
+        SKIP_METHODS = new HashSet<>();
         SKIP_METHODS.addAll(Arrays.asList(
             new String[] {"wait", "notify", "notifyAll", 
                           "equals", "toString", "hashCode"}));
     }
     
-    private Map<String, List<ClaimBean>> claims = new HashMap<String, List<ClaimBean>>();
+    private Map<String, List<ClaimBean>> claims = new HashMap<>();
     private Map<String, String> nameAliases = Collections.emptyMap();
     private Map<String, String> formatAliases = Collections.emptyMap();
     
@@ -163,7 +163,7 @@ public class ClaimsAuthorizingInterceptor extends AbstractPhaseInterceptor<Messa
             List<ClaimBean> methodClaims = 
                 getClaims(m.getAnnotation(Claims.class), m.getAnnotation(Claim.class));
             
-            List<ClaimBean> allClaims = new ArrayList<ClaimBean>(methodClaims);
+            List<ClaimBean> allClaims = new ArrayList<>(methodClaims);
             for (ClaimBean bean : clsClaims) {
                 if (isClaimOverridden(bean, methodClaims)) {
                     continue;
@@ -200,9 +200,9 @@ public class ClaimsAuthorizingInterceptor extends AbstractPhaseInterceptor<Messa
     
     private List<ClaimBean> getClaims(
             Claims claimsAnn, Claim claimAnn) {
-        List<ClaimBean> claimsList = new ArrayList<ClaimBean>();
+        List<ClaimBean> claimsList = new ArrayList<>();
         
-        List<Claim> annClaims = new ArrayList<Claim>();
+        List<Claim> annClaims = new ArrayList<>();
         if (claimsAnn != null) {
             annClaims.addAll(Arrays.asList(claimsAnn.value()));
         } else if (claimAnn != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
index bec5702..8229a07 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/saml/SAMLUtils.java
@@ -109,7 +109,7 @@ public final class SAMLUtils {
             roleAttributeName = SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
         }
         
-        Set<Principal> roles = new HashSet<Principal>();
+        Set<Principal> roles = new HashSet<>();
         
         for (Claim claim : claims) {
             if (claim instanceof SAMLClaim && ((SAMLClaim)claim).getName().equals(name)

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
new file mode 100644
index 0000000..c62acf8
--- /dev/null
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
@@ -0,0 +1,119 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.utils;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URL;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.classloader.ClassLoaderUtils.ClassLoaderHolder;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.resource.ResourceManager;
+import org.apache.wss4j.common.ext.WSSecurityException;
+
+/**
+ * Some common functionality
+ */
+public final class SecurityUtils {
+    
+    private SecurityUtils() {
+        // complete
+    }
+
+    public static CallbackHandler getCallbackHandler(Object o) throws WSSecurityException {
+        CallbackHandler handler = null;
+        if (o instanceof CallbackHandler) {
+            handler = (CallbackHandler)o;
+        } else if (o instanceof String) {
+            try {
+                handler = (CallbackHandler)ClassLoaderUtils.loadClass((String)o, 
+                                                                      SecurityUtils.class).newInstance();
+            } catch (Exception e) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+            }
+        }
+        return handler;
+    }
+    
+    public static URL getConfigFileURL(Message message, String configFileKey, String configFileDefault) {
+        Object o = message.getContextualProperty(configFileKey);
+        if (o == null) {
+            o = configFileDefault;
+        }
+        
+        return loadResource(message, o);
+    }
+    
+    public static URL loadResource(Message message, Object o) {
+        
+        if (o instanceof String) {
+            URL url = ClassLoaderUtils.getResource((String)o, SecurityUtils.class);
+            if (url != null) {
+                return url;
+            }
+            ClassLoaderHolder orig = null;
+            try {
+                if (message != null) {
+                    ResourceManager manager = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
+                    ClassLoader loader = manager.resolveResource((String)o, ClassLoader.class);
+                    if (loader != null) {
+                        orig = ClassLoaderUtils.setThreadContextClassloader(loader);
+                    }
+                    url = manager.resolveResource((String)o, URL.class);
+                }
+                if (url == null) {
+                    try {
+                        url = new URL((String)o);
+                    } catch (IOException e) {
+                        // Do nothing
+                    }
+                }
+                if (url == null) {
+                    try {
+                        URI propResourceUri = URI.create((String)o);
+                        if (propResourceUri.getScheme() != null) {
+                            url = propResourceUri.toURL();
+                        } else {
+                            File f = new File(propResourceUri.toString());
+                            if (f.exists()) { 
+                                url = f.toURI().toURL();
+                            }
+                        }
+                    } catch (IOException ex) {
+                        // Do nothing
+                    }   
+                }
+                return url;
+            } finally {
+                if (orig != null) {
+                    orig.reset();
+                }
+            }
+        } else if (o instanceof URL) {
+            return (URL)o;        
+        }
+        return null;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
index c0e6da0..fe109e5 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
@@ -77,7 +77,7 @@ public abstract class AbstractXACMLAuthorizingInterceptor extends AbstractPhaseI
             
             LoginSecurityContext loginSecurityContext = (LoginSecurityContext)sc;
             Set<Principal> principalRoles = loginSecurityContext.getUserRoles();
-            List<String> roles = new ArrayList<String>();
+            List<String> roles = new ArrayList<>();
             if (principalRoles != null) {
                 for (Principal p : principalRoles) {
                     if (p != principal) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
index cfb8793..c2bb40b 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
@@ -81,7 +81,7 @@ public class DefaultXACMLRequestBuilder implements XACMLRequestBuilder {
     }
 
     private ResourceType createResourceType(CXFMessageParser messageParser) {
-        List<AttributeType> attributes = new ArrayList<AttributeType>();
+        List<AttributeType> attributes = new ArrayList<>();
         
         // Resource-id
         String resourceId = null;
@@ -131,23 +131,26 @@ public class DefaultXACMLRequestBuilder implements XACMLRequestBuilder {
     }
 
     private EnvironmentType createEnvironmentType() {
-        List<AttributeType> attributes = new ArrayList<AttributeType>();
         if (sendDateTime) {
+            List<AttributeType> attributes = new ArrayList<>();
             AttributeType environmentAttribute = createAttribute(XACMLConstants.CURRENT_DATETIME,
                                                                  XACMLConstants.XS_DATETIME, null,
                                                                  new DateTime().toString());
             attributes.add(environmentAttribute);
+            return RequestComponentBuilder.createEnvironmentType(attributes);
         }
+        
+        List<AttributeType> attributes = Collections.emptyList();
         return RequestComponentBuilder.createEnvironmentType(attributes);
     }
 
     private SubjectType createSubjectType(Principal principal, List<String> roles, String issuer) {
-        List<AttributeType> attributes = new ArrayList<AttributeType>();
+        List<AttributeType> attributes = new ArrayList<>();
         attributes.add(createAttribute(XACMLConstants.SUBJECT_ID, XACMLConstants.XS_STRING, issuer,
                                        principal.getName()));
 
         if (roles != null) {
-            List<AttributeValueType> roleAttributes = new ArrayList<AttributeValueType>();
+            List<AttributeValueType> roleAttributes = new ArrayList<>();
             for (String role : roles) {
                 if (role != null) {
                     AttributeValueType subjectRoleAttributeValue = 

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java
deleted file mode 100644
index 17f8d57..0000000
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.ws.security;
-
-import java.io.IOException;
-import java.net.URL;
-
-import javax.security.auth.callback.CallbackHandler;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.common.classloader.ClassLoaderUtils.ClassLoaderHolder;
-import org.apache.cxf.endpoint.Endpoint;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.resource.ResourceManager;
-import org.apache.cxf.service.model.EndpointInfo;
-import org.apache.cxf.ws.security.tokenstore.TokenStore;
-import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
-import org.apache.wss4j.common.ext.WSSecurityException;
-
-/**
- * Some common functionality
- */
-public final class SecurityUtils {
-    
-    private SecurityUtils() {
-        // complete
-    }
-
-    public static CallbackHandler getCallbackHandler(Object o) throws WSSecurityException {
-        CallbackHandler handler = null;
-        if (o instanceof CallbackHandler) {
-            handler = (CallbackHandler)o;
-        } else if (o instanceof String) {
-            try {
-                handler = (CallbackHandler)ClassLoaderUtils.loadClass((String)o, 
-                                                                      SecurityUtils.class).newInstance();
-            } catch (Exception e) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
-            }
-        }
-        return handler;
-    }
-    
-    public static URL getConfigFileURL(Message message, String configFileKey, String configFileDefault) {
-        Object o = message.getContextualProperty(configFileKey);
-        if (o == null) {
-            o = configFileDefault;
-        }
-        
-        return loadResource(message, o);
-    }
-    
-    public static URL loadResource(Message message, Object o) {
-        
-        if (o instanceof String) {
-            URL url = ClassLoaderUtils.getResource((String)o, SecurityUtils.class);
-            if (url != null) {
-                return url;
-            }
-            ClassLoaderHolder orig = null;
-            try {
-                ResourceManager manager = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
-                ClassLoader loader = manager.resolveResource((String)o, ClassLoader.class);
-                if (loader != null) {
-                    orig = ClassLoaderUtils.setThreadContextClassloader(loader);
-                }
-                url = manager.resolveResource((String)o, URL.class);
-                if (url == null) {
-                    try {
-                        url = new URL((String)o);
-                    } catch (IOException e) {
-                        // Do nothing
-                    }
-                }
-                return url;
-            } finally {
-                if (orig != null) {
-                    orig.reset();
-                }
-            }
-        } else if (o instanceof URL) {
-            return (URL)o;        
-        }
-        return null;
-    }
-    
-    public static TokenStore getTokenStore(Message message) {
-        EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
-        synchronized (info) {
-            TokenStore tokenStore = 
-                (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
-            if (tokenStore == null) {
-                tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
-            }
-            if (tokenStore == null) {
-                TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
-                String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
-                String cacheIdentifier = 
-                    (String)message.getContextualProperty(SecurityConstants.CACHE_IDENTIFIER);
-                if (cacheIdentifier != null) {
-                    cacheKey += "-" + cacheIdentifier;
-                } else if (info.getName() != null) {
-                    int hashcode = info.getName().toString().hashCode();
-                    if (hashcode < 0) {
-                        cacheKey += hashcode;
-                    } else {
-                        cacheKey += "-" + hashcode;
-                    }
-                }
-                tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
-                info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
-            }
-            return tokenStore;
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
index e67938d..62c4dd3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosUtils.java
@@ -23,8 +23,8 @@ import javax.security.auth.callback.CallbackHandler;
 
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.wss4j.common.ext.WSSecurityException;
 
 /**

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
index 7c03bb2..de9d1c6 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
@@ -40,11 +40,11 @@ import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.kerberos.KerberosClient;
 import org.apache.cxf.ws.security.kerberos.KerberosUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.cxf.ws.security.wss4j.KerberosTokenInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxInInterceptor;
@@ -128,11 +128,11 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
                                                                       tok.getId());
                         message.getExchange().put(SecurityConstants.TOKEN_ID, 
                                                   tok.getId());
-                        SecurityUtils.getTokenStore(message).add(tok);
+                        TokenStoreUtils.getTokenStore(message).add(tok);
                         
                         // Create another cache entry with the SHA1 Identifier as the key for easy retrieval
                         if (tok.getSHA1() != null) {
-                            SecurityUtils.getTokenStore(message).add(tok.getSHA1(), tok);
+                            TokenStoreUtils.getTokenStore(message).add(tok.getSHA1(), tok);
                         }
                     }
                 } else {
@@ -267,7 +267,7 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
                 // Just consume this for now as it isn't critical...
             }
             
-            SecurityUtils.getTokenStore(message).add(token);
+            TokenStoreUtils.getTokenStore(message).add(token);
             message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
         }
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
index 3ac9fb9..6690523 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
@@ -43,10 +43,10 @@ import org.apache.cxf.ws.policy.EndpointPolicy;
 import org.apache.cxf.ws.policy.PolicyEngine;
 import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.neethi.Assertion;
 import org.apache.neethi.Policy;
@@ -159,7 +159,7 @@ final class NegotiationUtils {
         try {
             Endpoint endpoint = message.getExchange().getEndpoint();
 
-            TokenStore store = SecurityUtils.getTokenStore(message);
+            TokenStore store = TokenStoreUtils.getTokenStore(message);
             if (secConv) {
                 endpoint = STSUtils.createSCEndpoint(bus, 
                                                      namespace,
@@ -230,7 +230,7 @@ final class NegotiationUtils {
                         (SecurityContextToken)wser.get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN);
                     message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getIdentifier());
                     
-                    SecurityToken token = SecurityUtils.getTokenStore(message).getToken(tok.getIdentifier());
+                    SecurityToken token = TokenStoreUtils.getTokenStore(message).getToken(tok.getIdentifier());
                     if (token == null || token.isExpired()) {
                         byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
                         if (secret != null) {
@@ -238,7 +238,7 @@ final class NegotiationUtils {
                             token.setToken(tok.getElement());
                             token.setSecret(secret);
                             token.setTokenType(tok.getTokenType());
-                            SecurityUtils.getTokenStore(message).add(token);
+                            TokenStoreUtils.getTokenStore(message).add(token);
                         }
                     }
                     if (token != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
index 2771883..57e9c6d 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
@@ -25,6 +25,7 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import org.w3c.dom.Element;
+
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.interceptor.Fault;
@@ -33,9 +34,9 @@ import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.ws.addressing.AddressingProperties;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.cxf.ws.security.trust.STSClient;
 import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -93,7 +94,7 @@ public final class STSTokenHelper {
             message.put(SecurityConstants.TOKEN_ID, tok.getId());
         }
         // ?
-        SecurityUtils.getTokenStore(message).add(tok);
+        TokenStoreUtils.getTokenStore(message).add(tok);
 
         return tok;
     }
@@ -110,7 +111,7 @@ public final class STSTokenHelper {
             if (tok == null) {
                 String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
                 if (tokId != null) {
-                    tok = SecurityUtils.getTokenStore(message).getToken(tokId);
+                    tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
                 }
             }
         } else {
@@ -118,7 +119,7 @@ public final class STSTokenHelper {
             if (tok == null) {
                 String tokId = (String)message.get(SecurityConstants.TOKEN_ID);
                 if (tokId != null) {
-                    tok = SecurityUtils.getTokenStore(message).getToken(tokId);
+                    tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
                 }
             }
         }
@@ -208,7 +209,7 @@ public final class STSTokenHelper {
         message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
         message.getExchange().remove(SecurityConstants.TOKEN_ID);
         message.getExchange().remove(SecurityConstants.TOKEN);
-        SecurityUtils.getTokenStore(message).remove(tok.getId());
+        TokenStoreUtils.getTokenStore(message).remove(tok.getId());
 
         // If the user has explicitly disabled Renewing then we can't renew a token,
         // so just get a new one
@@ -317,7 +318,7 @@ public final class STSTokenHelper {
                                            Element actAsToken,
                                            String appliesTo,
                                            boolean enableAppliesTo) throws Exception {
-        TokenStore tokenStore = SecurityUtils.getTokenStore(message);
+        TokenStore tokenStore = TokenStoreUtils.getTokenStore(message);
         String key = appliesTo;
         if (!enableAppliesTo || key == null || "".equals(key)) {
             key = ASSOCIATED_TOKEN;
@@ -382,7 +383,7 @@ public final class STSTokenHelper {
         if (issuedToken == null) {
             return;
         }
-        TokenStore tokenStore = SecurityUtils.getTokenStore(message);
+        TokenStore tokenStore = TokenStoreUtils.getTokenStore(message);
         String key = appliesTo;
         if (!enableAppliesTo || key == null || "".equals(key)) {
             key = ASSOCIATED_TOKEN;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
index c869f57..5bdab96 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
@@ -28,6 +28,7 @@ import java.util.Properties;
 import javax.xml.namespace.QName;
 
 import org.w3c.dom.Element;
+
 import org.apache.cxf.binding.soap.SoapBindingConstants;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor;
@@ -47,11 +48,11 @@ import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider.HttpsTokenInInterceptor;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.cxf.ws.security.trust.DefaultSymmetricBinding;
 import org.apache.cxf.ws.security.trust.STSClient;
 import org.apache.cxf.ws.security.trust.STSUtils;
@@ -429,7 +430,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
             if (st == null) {
                 String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
                 if (id != null) {
-                    st = SecurityUtils.getTokenStore(message).getToken(id);
+                    st = TokenStoreUtils.getTokenStore(message).getToken(id);
                 }
             }
             if (st != null && !st.isExpired()) {
@@ -506,7 +507,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
             if (tok == null) {
                 String tokId = (String)m2.getContextualProperty(SecurityConstants.TOKEN_ID);
                 if (tokId != null) {
-                    tok = SecurityUtils.getTokenStore(m2).getToken(tokId);
+                    tok = TokenStoreUtils.getTokenStore(m2).getToken(tokId);
                 }
             }
 
@@ -529,7 +530,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
                     }
                     
                     client.cancelSecurityToken(tok);
-                    SecurityUtils.getTokenStore(m2).remove(tok.getId());
+                    TokenStoreUtils.getTokenStore(m2).remove(tok.getId());
                     m2.put(SecurityConstants.TOKEN, null);
                 } catch (RuntimeException e) {
                     throw e;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
index 083b1f9..5f92311 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
@@ -36,10 +36,10 @@ import org.apache.cxf.ws.addressing.AddressingProperties;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider.IssuedTokenOutInterceptor;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.cxf.ws.security.trust.STSClient;
 import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.wss4j.dom.WSConstants;
@@ -75,7 +75,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
                 if (tok == null) {
                     String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
                     if (tokId != null) {
-                        tok = SecurityUtils.getTokenStore(message).getToken(tokId);
+                        tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
                     }
                 }
                 if (tok == null) {
@@ -91,7 +91,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
                     message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, tok.getId());
                     message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
                     message.getExchange().put(SecurityConstants.TOKEN, tok);
-                    SecurityUtils.getTokenStore(message).add(tok);
+                    TokenStoreUtils.getTokenStore(message).add(tok);
                 }
                 PolicyUtils.assertPolicy(aim, SPConstants.BOOTSTRAP_POLICY);
             } else {
@@ -118,7 +118,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
         message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
         message.getExchange().remove(SecurityConstants.TOKEN_ID);
         message.getExchange().remove(SecurityConstants.TOKEN);
-        SecurityUtils.getTokenStore(message).remove(tok.getId());
+        TokenStoreUtils.getTokenStore(message).remove(tok.getId());
         
         STSClient client = STSUtils.getClient(message, "sct");
         AddressingProperties maps =


Mime
View raw message