cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: More ws-security related refactoring
Date Mon, 16 Mar 2015 17:45:30 GMT
Repository: cxf
Updated Branches:
  refs/heads/master d4f9674ba -> f94861bd6


More ws-security related refactoring


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f94861bd
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f94861bd
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f94861bd

Branch: refs/heads/master
Commit: f94861bd6745e92bc1f69acaa907761f3bcc0613
Parents: d4f9674
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Mar 16 17:43:59 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Mar 16 17:43:59 2015 +0000

----------------------------------------------------------------------
 .../apache/cxf/ws/security/SecurityUtils.java   |  83 ++++++++++++++
 .../KerberosTokenInterceptorProvider.java       |  16 +--
 .../policy/interceptors/NegotiationUtils.java   |  12 +-
 .../policy/interceptors/STSTokenHelper.java     |  15 ++-
 .../SecureConversationInInterceptor.java        |   8 +-
 .../SecureConversationOutInterceptor.java       |   8 +-
 .../SpnegoContextTokenOutInterceptor.java       |   6 +-
 .../tokenstore/EHCacheTokenStoreFactory.java    |   5 +-
 .../security/tokenstore/MemoryTokenStore.java   |   2 +-
 .../security/tokenstore/TokenStoreFactory.java  |  33 ------
 .../ws/security/trust/AbstractSTSClient.java    |  32 ++----
 .../apache/cxf/ws/security/trust/STSClient.java |   2 +-
 .../cxf/ws/security/trust/STSLoginModule.java   |   4 +-
 .../ws/security/trust/STSTokenValidator.java    |  23 +---
 .../wss4j/AbstractWSS4JInterceptor.java         |   2 +-
 .../wss4j/AbstractWSS4JStaxInterceptor.java     |  11 +-
 .../wss4j/PolicyBasedWSS4JInInterceptor.java    |  10 +-
 .../ws/security/wss4j/SamlTokenInterceptor.java |   5 +-
 .../ws/security/wss4j/WSS4JInInterceptor.java   |  12 +-
 .../security/wss4j/WSS4JStaxInInterceptor.java  |   3 +-
 .../cxf/ws/security/wss4j/WSS4JUtils.java       | 112 +------------------
 .../policyhandlers/AbstractBindingBuilder.java  |   8 +-
 .../AbstractCommonBindingHandler.java           |   4 +-
 .../StaxAsymmetricBindingHandler.java           |   6 +-
 .../StaxSymmetricBindingHandler.java            |   9 +-
 .../StaxTransportBindingHandler.java            |   4 +-
 26 files changed, 165 insertions(+), 270 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java
index 7aec398..17f8d57 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityUtils.java
@@ -18,9 +18,20 @@
  */
 package org.apache.cxf.ws.security;
 
+import java.io.IOException;
+import java.net.URL;
+
 import javax.security.auth.callback.CallbackHandler;
 
+import org.apache.cxf.Bus;
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.classloader.ClassLoaderUtils.ClassLoaderHolder;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
 import org.apache.wss4j.common.ext.WSSecurityException;
 
 /**
@@ -47,4 +58,76 @@ public final class SecurityUtils {
         return handler;
     }
     
+    public static URL getConfigFileURL(Message message, String configFileKey, String configFileDefault) {
+        Object o = message.getContextualProperty(configFileKey);
+        if (o == null) {
+            o = configFileDefault;
+        }
+        
+        return loadResource(message, o);
+    }
+    
+    public static URL loadResource(Message message, Object o) {
+        
+        if (o instanceof String) {
+            URL url = ClassLoaderUtils.getResource((String)o, SecurityUtils.class);
+            if (url != null) {
+                return url;
+            }
+            ClassLoaderHolder orig = null;
+            try {
+                ResourceManager manager = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
+                ClassLoader loader = manager.resolveResource((String)o, ClassLoader.class);
+                if (loader != null) {
+                    orig = ClassLoaderUtils.setThreadContextClassloader(loader);
+                }
+                url = manager.resolveResource((String)o, URL.class);
+                if (url == null) {
+                    try {
+                        url = new URL((String)o);
+                    } catch (IOException e) {
+                        // Do nothing
+                    }
+                }
+                return url;
+            } finally {
+                if (orig != null) {
+                    orig.reset();
+                }
+            }
+        } else if (o instanceof URL) {
+            return (URL)o;        
+        }
+        return null;
+    }
+    
+    public static TokenStore getTokenStore(Message message) {
+        EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+        synchronized (info) {
+            TokenStore tokenStore = 
+                (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
+            if (tokenStore == null) {
+                tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
+            }
+            if (tokenStore == null) {
+                TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
+                String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
+                String cacheIdentifier = 
+                    (String)message.getContextualProperty(SecurityConstants.CACHE_IDENTIFIER);
+                if (cacheIdentifier != null) {
+                    cacheKey += "-" + cacheIdentifier;
+                } else if (info.getName() != null) {
+                    int hashcode = info.getName().toString().hashCode();
+                    if (hashcode < 0) {
+                        cacheKey += hashcode;
+                    } else {
+                        cacheKey += "-" + hashcode;
+                    }
+                }
+                tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
+                info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
+            }
+            return tokenStore;
+        }
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
index 6083f66..2c14dd3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
@@ -41,18 +41,17 @@ import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.kerberos.KerberosClient;
 import org.apache.cxf.ws.security.kerberos.KerberosUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.wss4j.KerberosTokenInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxInInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxOutInterceptor;
 import org.apache.cxf.ws.security.wss4j.StaxSecurityContextInInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
-import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.KerberosTokenPolicyValidator;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSConstants;
@@ -99,11 +98,6 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
         this.getInFaultInterceptors().add(PolicyBasedWSS4JStaxInInterceptor.INSTANCE);
     }
     
-    
-    static final TokenStore getTokenStore(Message message) {
-        return WSS4JUtils.getTokenStore(message);
-    }
-
     static class KerberosTokenOutInterceptor extends AbstractPhaseInterceptor<Message> {
         public KerberosTokenOutInterceptor() {
             super(Phase.PREPARE_SEND);
@@ -137,11 +131,11 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
                                                                       tok.getId());
                         message.getExchange().put(SecurityConstants.TOKEN_ID, 
                                                   tok.getId());
-                        getTokenStore(message).add(tok);
+                        SecurityUtils.getTokenStore(message).add(tok);
                         
                         // Create another cache entry with the SHA1 Identifier as the key for easy retrieval
                         if (tok.getSHA1() != null) {
-                            getTokenStore(message).add(tok.getSHA1(), tok);
+                            SecurityUtils.getTokenStore(message).add(tok.getSHA1(), tok);
                         }
                     }
                 } else {
@@ -210,7 +204,7 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
                 if (valid) {
                     SecurityToken token = createSecurityToken(kerberosToken);
                     token.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET));
-                    getTokenStore(message).add(token);
+                    SecurityUtils.getTokenStore(message).add(token);
                     message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
                     return;
                 }
@@ -298,7 +292,7 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
                 // Just consume this for now as it isn't critical...
             }
             
-            getTokenStore(message).add(token);
+            SecurityUtils.getTokenStore(message).add(token);
             message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
         }
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
index 5180959..aab8fc3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
@@ -43,11 +43,11 @@ import org.apache.cxf.ws.policy.EndpointPolicy;
 import org.apache.cxf.ws.policy.PolicyEngine;
 import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.trust.STSUtils;
-import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.neethi.Assertion;
 import org.apache.neethi.Policy;
 import org.apache.wss4j.common.derivedKey.ConversationConstants;
@@ -91,10 +91,6 @@ final class NegotiationUtils {
         return (Trust13)ai.getAssertion();
     }
     
-    static TokenStore getTokenStore(Message message) {
-        return WSS4JUtils.getTokenStore(message);
-    }
-    
     static Assertion getAddressingPolicy(AssertionInfoMap aim, boolean optional) {
         Collection<AssertionInfo> lst = aim.get(MetadataConstants.USING_ADDRESSING_2004_QNAME);
         Assertion assertion = null;
@@ -184,7 +180,7 @@ final class NegotiationUtils {
         try {
             Endpoint endpoint = message.getExchange().getEndpoint();
 
-            TokenStore store = getTokenStore(message);
+            TokenStore store = SecurityUtils.getTokenStore(message);
             if (secConv) {
                 endpoint = STSUtils.createSCEndpoint(bus, 
                                                      namespace,
@@ -257,7 +253,7 @@ final class NegotiationUtils {
                         (SecurityContextToken)wser.get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN);
                     message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getIdentifier());
                     
-                    SecurityToken token = getTokenStore(message).getToken(tok.getIdentifier());
+                    SecurityToken token = SecurityUtils.getTokenStore(message).getToken(tok.getIdentifier());
                     if (token == null || token.isExpired()) {
                         byte[] secret = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
                         if (secret != null) {
@@ -265,7 +261,7 @@ final class NegotiationUtils {
                             token.setToken(tok.getElement());
                             token.setSecret(secret);
                             token.setTokenType(tok.getTokenType());
-                            getTokenStore(message).add(token);
+                            SecurityUtils.getTokenStore(message).add(token);
                         }
                     }
                     if (token != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
index a4d3f41..0177d08 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
@@ -26,7 +26,6 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import org.w3c.dom.Element;
-
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.interceptor.Fault;
@@ -36,12 +35,12 @@ import org.apache.cxf.ws.addressing.AddressingProperties;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.trust.STSClient;
 import org.apache.cxf.ws.security.trust.STSUtils;
-import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.dom.WSConstants;
@@ -98,7 +97,7 @@ public final class STSTokenHelper {
             message.put(SecurityConstants.TOKEN_ID, tok.getId());
         }
         // ?
-        WSS4JUtils.getTokenStore(message).add(tok);
+        SecurityUtils.getTokenStore(message).add(tok);
 
         return tok;
     }
@@ -115,7 +114,7 @@ public final class STSTokenHelper {
             if (tok == null) {
                 String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
                 if (tokId != null) {
-                    tok = WSS4JUtils.getTokenStore(message).getToken(tokId);
+                    tok = SecurityUtils.getTokenStore(message).getToken(tokId);
                 }
             }
         } else {
@@ -123,7 +122,7 @@ public final class STSTokenHelper {
             if (tok == null) {
                 String tokId = (String)message.get(SecurityConstants.TOKEN_ID);
                 if (tokId != null) {
-                    tok = WSS4JUtils.getTokenStore(message).getToken(tokId);
+                    tok = SecurityUtils.getTokenStore(message).getToken(tokId);
                 }
             }
         }
@@ -213,7 +212,7 @@ public final class STSTokenHelper {
         message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
         message.getExchange().remove(SecurityConstants.TOKEN_ID);
         message.getExchange().remove(SecurityConstants.TOKEN);
-        NegotiationUtils.getTokenStore(message).remove(tok.getId());
+        SecurityUtils.getTokenStore(message).remove(tok.getId());
 
         // If the user has explicitly disabled Renewing then we can't renew a token,
         // so just get a new one
@@ -322,7 +321,7 @@ public final class STSTokenHelper {
                                            Element actAsToken,
                                            String appliesTo,
                                            boolean enableAppliesTo) throws Exception {
-        TokenStore tokenStore = WSS4JUtils.getTokenStore(message);
+        TokenStore tokenStore = SecurityUtils.getTokenStore(message);
         String key = appliesTo;
         if (!enableAppliesTo || key == null || "".equals(key)) {
             key = ASSOCIATED_TOKEN;
@@ -387,7 +386,7 @@ public final class STSTokenHelper {
         if (issuedToken == null) {
             return;
         }
-        TokenStore tokenStore = WSS4JUtils.getTokenStore(message);
+        TokenStore tokenStore = SecurityUtils.getTokenStore(message);
         String key = appliesTo;
         if (!enableAppliesTo || key == null || "".equals(key)) {
             key = ASSOCIATED_TOKEN;

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
index ada01ef..930b8a8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
@@ -47,6 +47,7 @@ import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider.HttpsTokenInInterceptor;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
@@ -57,7 +58,6 @@ import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor;
-import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.neethi.All;
 import org.apache.neethi.Assertion;
 import org.apache.neethi.ExactlyOne;
@@ -445,7 +445,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
             if (st == null) {
                 String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
                 if (id != null) {
-                    st = WSS4JUtils.getTokenStore(message).getToken(id);
+                    st = SecurityUtils.getTokenStore(message).getToken(id);
                 }
             }
             if (st != null && !st.isExpired()) {
@@ -526,7 +526,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
             if (tok == null) {
                 String tokId = (String)m2.getContextualProperty(SecurityConstants.TOKEN_ID);
                 if (tokId != null) {
-                    tok = NegotiationUtils.getTokenStore(m2).getToken(tokId);
+                    tok = SecurityUtils.getTokenStore(m2).getToken(tokId);
                 }
             }
 
@@ -549,7 +549,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
                     }
                     
                     client.cancelSecurityToken(tok);
-                    NegotiationUtils.getTokenStore(m2).remove(tok.getId());
+                    SecurityUtils.getTokenStore(m2).remove(tok.getId());
                     m2.put(SecurityConstants.TOKEN, null);
                 } catch (RuntimeException e) {
                     throw e;

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
index ee84f92..bba1952 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
@@ -36,6 +36,7 @@ import org.apache.cxf.ws.addressing.AddressingProperties;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider.IssuedTokenOutInterceptor;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
@@ -74,8 +75,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
                 if (tok == null) {
                     String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
                     if (tokId != null) {
-                        tok = NegotiationUtils
-                            .getTokenStore(message).getToken(tokId);
+                        tok = SecurityUtils.getTokenStore(message).getToken(tokId);
                     }
                 }
                 if (tok == null) {
@@ -91,7 +91,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
                     message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, tok.getId());
                     message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
                     message.getExchange().put(SecurityConstants.TOKEN, tok);
-                    NegotiationUtils.getTokenStore(message).add(tok);
+                    SecurityUtils.getTokenStore(message).add(tok);
                 }
                 PolicyUtils.assertPolicy(aim, SPConstants.BOOTSTRAP_POLICY);
             } else {
@@ -119,7 +119,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
         message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
         message.getExchange().remove(SecurityConstants.TOKEN_ID);
         message.getExchange().remove(SecurityConstants.TOKEN);
-        NegotiationUtils.getTokenStore(message).remove(tok.getId());
+        SecurityUtils.getTokenStore(message).remove(tok.getId());
         
         STSClient client = STSUtils.getClient(message, "sct");
         AddressingProperties maps =

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
index 14b4d62..af7b0ac 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
@@ -62,12 +62,12 @@ class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMess
                 String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
                 SecurityToken tok = null;
                 if (tokId != null) {
-                    tok = NegotiationUtils.getTokenStore(message).getToken(tokId);
+                    tok = SecurityUtils.getTokenStore(message).getToken(tokId);
                     
                     if (tok != null && tok.isExpired()) {
                         message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
                         message.getExchange().remove(SecurityConstants.TOKEN_ID);
-                        NegotiationUtils.getTokenStore(message).remove(tokId);
+                        SecurityUtils.getTokenStore(message).remove(tokId);
                         tok = null;
                     }
                 }
@@ -81,7 +81,7 @@ class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMess
                     }
                     message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, tok.getId());
                     message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
-                    NegotiationUtils.getTokenStore(message).add(tok);
+                    SecurityUtils.getTokenStore(message).add(tok);
                 }
             } else {
                 // server side should be checked on the way in

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java
index 74ee172..61b8ded 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java
@@ -22,6 +22,8 @@ package org.apache.cxf.ws.security.tokenstore;
 import java.net.URL;
 
 import org.apache.cxf.message.Message;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 
 
 /**
@@ -30,7 +32,8 @@ import org.apache.cxf.message.Message;
 public class EHCacheTokenStoreFactory extends TokenStoreFactory {
     
     public TokenStore newTokenStore(String key, Message message) {
-        URL configFileURL = getConfigFileURL(message);
+        URL configFileURL = SecurityUtils.getConfigFileURL(message, SecurityConstants.CACHE_CONFIG_FILE,
+                                                           "cxf-ehcache.xml");
         return new EHCacheTokenStore(key, message.getExchange().getBus(), configFileURL);
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
index ed719a4..ac8d930 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
@@ -33,7 +33,7 @@ public class MemoryTokenStore implements TokenStore {
     public static final long DEFAULT_TTL = 60L * 5L;
     public static final long MAX_TTL = DEFAULT_TTL * 12L;
     
-    private Map<String, CacheEntry> tokens = new ConcurrentHashMap<String, CacheEntry>();
+    private Map<String, CacheEntry> tokens = new ConcurrentHashMap<>();
     private long ttl = DEFAULT_TTL;
     
     public void add(SecurityToken token) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java
index c34d21f..dfb6eb2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreFactory.java
@@ -19,13 +19,7 @@
 
 package org.apache.cxf.ws.security.tokenstore;
 
-import java.io.IOException;
-import java.net.URL;
-
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.resource.ResourceManager;
-import org.apache.cxf.ws.security.SecurityConstants;
 
 /**
  * An abstract factory to return a TokenStore instance. It returns an EHCacheTokenStoreFactory
@@ -60,31 +54,4 @@ public abstract class TokenStoreFactory {
     
     public abstract TokenStore newTokenStore(String key, Message message);
     
-    protected URL getConfigFileURL(Message message) {
-        Object o = message.getContextualProperty(SecurityConstants.CACHE_CONFIG_FILE);
-        if (o == null) {
-            o = "cxf-ehcache.xml";
-        }
-        
-        if (o instanceof String) {
-            URL url = null;
-            ResourceManager rm = message.getExchange().getBus().getExtension(ResourceManager.class);
-            url = rm.resolveResource((String)o, URL.class);
-            try {
-                if (url == null) {
-                    url = ClassLoaderUtils.getResource((String)o, TokenStoreFactory.class);
-                }
-                if (url == null) {
-                    url = new URL((String)o);
-                }
-                return url;
-            } catch (IOException e) {
-                // Do nothing
-            }
-        } else if (o instanceof URL) {
-            return (URL)o;        
-        }
-        return null;
-    }
-    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index 0e757c6..a9a11dc 100755
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -54,7 +54,6 @@ import org.apache.cxf.Bus;
 import org.apache.cxf.BusException;
 import org.apache.cxf.binding.soap.SoapBindingConstants;
 import org.apache.cxf.binding.soap.model.SoapOperationInfo;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
 //import org.apache.cxf.common.i18n.Message;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.ModCountCopyOnWriteArrayList;
@@ -75,7 +74,6 @@ import org.apache.cxf.interceptor.InterceptorProvider;
 import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.PhaseInterceptorChain;
-import org.apache.cxf.resource.ResourceManager;
 import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.service.Service;
 import org.apache.cxf.service.model.BindingInfo;
@@ -100,6 +98,7 @@ import org.apache.cxf.ws.policy.attachment.reference.ReferenceResolver;
 import org.apache.cxf.ws.policy.attachment.reference.RemoteReferenceResolver;
 import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.trust.claims.ClaimsCallback;
 import org.apache.cxf.ws.security.trust.delegation.DelegationCallback;
@@ -191,16 +190,12 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
     protected String context;
     protected X509Certificate useKeyCertificate;
 
-    protected Map<String, Object> ctx = new HashMap<String, Object>();
+    protected Map<String, Object> ctx = new HashMap<>();
     
-    protected List<Interceptor<? extends Message>> in 
-        = new ModCountCopyOnWriteArrayList<Interceptor<? extends Message>>();
-    protected List<Interceptor<? extends Message>> out 
-        = new ModCountCopyOnWriteArrayList<Interceptor<? extends Message>>();
-    protected List<Interceptor<? extends Message>> outFault  
-        = new ModCountCopyOnWriteArrayList<Interceptor<? extends Message>>();
-    protected List<Interceptor<? extends Message>> inFault 
-        = new ModCountCopyOnWriteArrayList<Interceptor<? extends Message>>();
+    protected List<Interceptor<? extends Message>> in = new ModCountCopyOnWriteArrayList<>();
+    protected List<Interceptor<? extends Message>> out = new ModCountCopyOnWriteArrayList<>();
+    protected List<Interceptor<? extends Message>> outFault = new ModCountCopyOnWriteArrayList<>();
+    protected List<Interceptor<? extends Message>> inFault = new ModCountCopyOnWriteArrayList<>();
     protected List<Feature> features;
 
     public AbstractSTSClient(Bus b) {
@@ -1559,15 +1554,11 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
 
     protected CallbackHandler createHandler() {
         Object o = getProperty(SecurityConstants.CALLBACK_HANDLER);
-        if (o instanceof String) {
-            try {
-                Class<?> cls = ClassLoaderUtils.loadClass((String)o, this.getClass());
-                o = cls.newInstance();
-            } catch (Exception e) {
-                throw new Fault(e);
-            }
+        try {
+            return SecurityUtils.getCallbackHandler(o);
+        } catch (Exception e) {
+            throw new Fault(e);
         }
-        return (CallbackHandler)o;
     }
 
     protected Object getProperty(String s) {
@@ -1592,8 +1583,7 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
 
         Object o = getProperty(SecurityConstants.STS_TOKEN_PROPERTIES + (decrypt ? ".decrypt" : ""));
         
-        ResourceManager manager = bus.getExtension(ResourceManager.class);
-        URL propsURL = WSS4JUtils.getPropertiesFileURL(o, manager, this.getClass());
+        URL propsURL = SecurityUtils.loadResource(message, o);
         Properties properties = WSS4JUtils.getProps(o, propsURL);
         
         if (properties != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
index afdaaea..899f509 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
@@ -114,7 +114,7 @@ public class STSClient extends AbstractSTSClient {
         el = DOMUtils.getFirstElement(el);
         String reason = null;
         boolean valid = false;
-        List<SecurityToken> tokens = new LinkedList<SecurityToken>();
+        List<SecurityToken> tokens = new LinkedList<>();
         while (el != null) {
             if ("Status".equals(el.getLocalName())) {
                 Element e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Code");

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java
index 465a4c9..ec4e816 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSLoginModule.java
@@ -147,7 +147,7 @@ public class STSLoginModule implements LoginModule {
     private static final Logger LOG = LogUtils.getL7dLogger(STSLoginModule.class);
     private static final String TOKEN_STORE_KEY = "sts.login.module.tokenstore";
     
-    private Set<Principal> roles = new HashSet<Principal>();
+    private Set<Principal> roles = new HashSet<>();
     private Principal userPrincipal;
     private Subject subject;
     private CallbackHandler callbackHandler;
@@ -162,7 +162,7 @@ public class STSLoginModule implements LoginModule {
     private String keyType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
     private String tokenType = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
     private String namespace;
-    private Map<String, Object> stsClientProperties = new HashMap<String, Object>();
+    private Map<String, Object> stsClientProperties = new HashMap<>();
     
     @Override
     public void initialize(Subject subj, CallbackHandler cbHandler, Map<String, ?> sharedState,

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
index 2a76672..3db4a43 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
@@ -28,13 +28,11 @@ import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
 import org.w3c.dom.Element;
-import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
-import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
 import org.apache.cxf.ws.security.trust.delegation.DelegationCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
@@ -176,24 +174,7 @@ public class STSTokenValidator implements Validator {
             return null;
         }
         
-        EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
-        synchronized (info) {
-            TokenStore tokenStore = 
-                (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
-            if (tokenStore == null) {
-                tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
-            }
-            if (tokenStore == null) {
-                TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
-                String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
-                if (info.getName() != null) {
-                    cacheKey += "-" + info.getName().toString().hashCode();
-                }
-                tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
-                info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
-            }
-            return tokenStore;
-        }
+        return SecurityUtils.getTokenStore(message);
     }
     
     protected boolean isValidatedLocally(Credential credential, RequestData data) 

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
index 0c62232..d520907 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
@@ -202,7 +202,7 @@ public abstract class AbstractWSS4JInterceptor extends WSHandler implements Soap
         PasswordEncryptor passwordEncryptor = getPasswordEncryptor(reqData);
         return 
             WSS4JUtils.loadCryptoFromPropertiesFile(
-                message, propFilename, this.getClass(), classLoader, passwordEncryptor
+                message, propFilename, classLoader, passwordEncryptor
             );
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
index 97a96ce..d7b27a1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
@@ -47,7 +47,6 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.PhaseInterceptor;
-import org.apache.cxf.resource.ResourceManager;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
@@ -382,7 +381,7 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor,
         PasswordEncryptor passwordEncryptor = getPasswordEncryptor(soapMessage, securityProperties);
         return 
             WSS4JUtils.loadCryptoFromPropertiesFile(
-                soapMessage, propFilename, this.getClass(), getClassLoader(), passwordEncryptor
+                soapMessage, propFilename, getClassLoader(), passwordEncryptor
             );
     }
     
@@ -433,9 +432,7 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor,
         } else if (e instanceof Crypto) {
             return (Crypto)e;
         } else {
-            ResourceManager manager = 
-                message.getExchange().getBus().getExtension(ResourceManager.class);
-            URL propsURL = WSS4JUtils.getPropertiesFileURL(e, manager, this.getClass());
+            URL propsURL = SecurityUtils.loadResource(message, e);
             Properties props = WSS4JUtils.getProps(e, propsURL);
             if (props == null) {
                 LOG.fine("Cannot find Crypto Encryption properties: " + e);
@@ -463,9 +460,7 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor,
         } else if (s instanceof Crypto) {
             return (Crypto)s;
         } else {
-            ResourceManager manager = 
-                message.getExchange().getBus().getExtension(ResourceManager.class);
-            URL propsURL = WSS4JUtils.getPropertiesFileURL(s, manager, this.getClass());
+            URL propsURL = SecurityUtils.loadResource(message, s);
             Properties props = WSS4JUtils.getProps(s, propsURL);
             if (props == null) {
                 LOG.fine("Cannot find Crypto Signature properties: " + s);

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index abeb41c..12aebb9 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -49,12 +49,12 @@ import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.helpers.MapNamespaceContext;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.resource.ResourceManager;
 import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
@@ -407,9 +407,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
         if (e instanceof Crypto) {
             encrCrypto = (Crypto)e;
         } else if (e != null) {
-            ResourceManager manager = 
-                message.getExchange().getBus().getExtension(ResourceManager.class);
-            URL propsURL = WSS4JUtils.getPropertiesFileURL(e, manager, this.getClass());
+            URL propsURL = SecurityUtils.loadResource(message, e);
             Properties props = WSS4JUtils.getProps(e, propsURL);
             if (props == null) {
                 LOG.fine("Cannot find Crypto Encryption properties: " + e);
@@ -456,9 +454,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
         if (s instanceof Crypto) {
             signCrypto = (Crypto)s;
         } else if (s != null) {
-            ResourceManager manager = 
-                message.getExchange().getBus().getExtension(ResourceManager.class);
-            URL propsURL = WSS4JUtils.getPropertiesFileURL(s, manager, this.getClass());
+            URL propsURL = SecurityUtils.loadResource(message, s);
             Properties props = WSS4JUtils.getProps(s, propsURL);
             if (props == null) {
                 LOG.fine("Cannot find Crypto Signature properties: " + s);

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
index eb5ab1f..dd91cf2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
@@ -38,7 +38,6 @@ import org.apache.cxf.headers.Header;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.interceptor.security.DefaultSecurityContext;
-import org.apache.cxf.resource.ResourceManager;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.ws.policy.AssertionInfo;
@@ -300,9 +299,7 @@ public class SamlTokenInterceptor extends AbstractTokenInterceptor {
             return null;
         }
 
-        ResourceManager manager = 
-            message.getExchange().getBus().getExtension(ResourceManager.class);
-        URL propsURL = WSS4JUtils.getPropertiesFileURL(o, manager, this.getClass());
+        URL propsURL = SecurityUtils.loadResource(message, o);
         Properties properties = WSS4JUtils.getProps(o, propsURL);
 
         if (properties != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index 5e49194..c175b58 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -712,10 +712,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
                 Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class);
                 if (ep != null && ep.getEndpointInfo() != null) {
                     TokenStore store = 
-                        WSS4JUtils.getTokenStore((SoapMessage)reqData.getMsgContext(), false);
-                    if (store != null) {
-                        return new TokenStoreCallbackHandler(null, store);
-                    }
+                        SecurityUtils.getTokenStore((SoapMessage)reqData.getMsgContext());
+                    return new TokenStoreCallbackHandler(null, store);
                 }                    
                 throw sec;
             }
@@ -723,10 +721,8 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
             
         Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class);
         if (ep != null && ep.getEndpointInfo() != null) {
-            TokenStore store = WSS4JUtils.getTokenStore((SoapMessage)reqData.getMsgContext(), false);
-            if (store != null) {
-                return new TokenStoreCallbackHandler(cbHandler, store);
-            }
+            TokenStore store = SecurityUtils.getTokenStore((SoapMessage)reqData.getMsgContext());
+            return new TokenStoreCallbackHandler(cbHandler, store);
         }
         return cbHandler;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
index 0c82445..112d333 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
@@ -44,6 +44,7 @@ import org.apache.cxf.interceptor.StaxInInterceptor;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.ConfigurationConstants;
@@ -127,7 +128,7 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor {
             
             final TokenStoreCallbackHandler callbackHandler = 
                 new TokenStoreCallbackHandler(
-                    secProps.getCallbackHandler(), WSS4JUtils.getTokenStore(soapMessage)
+                    secProps.getCallbackHandler(), SecurityUtils.getTokenStore(soapMessage)
                 );
             secProps.setCallbackHandler(callbackHandler);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
index d69e94d..accc4df 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
@@ -32,18 +32,14 @@ import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapFault;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.SoapVersion;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.common.classloader.ClassLoaderUtils.ClassLoaderHolder;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.resource.ResourceManager;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.cache.CXFEHCacheReplayCache;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.tokenstore.TokenStore;
-import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
 import org.apache.wss4j.common.cache.ReplayCache;
 import org.apache.wss4j.common.cache.ReplayCacheFactory;
 import org.apache.wss4j.common.crypto.Crypto;
@@ -109,7 +105,8 @@ public final class WSS4JUtils {
                             cacheKey += "-" + hashcode;
                         }
                     }
-                    URL configFile = getConfigFileURL(message);
+                    URL configFile = SecurityUtils.getConfigFileURL(message, SecurityConstants.CACHE_CONFIG_FILE,
+                                                                    "cxf-ehcache.xml");
 
                     if (ReplayCacheFactory.isEhCacheInstalled()) {
                         Bus bus = message.getExchange().getBus();
@@ -127,67 +124,6 @@ public final class WSS4JUtils {
         return null;
     }
     
-    private static URL getConfigFileURL(Message message) {
-        Object o = message.getContextualProperty(SecurityConstants.CACHE_CONFIG_FILE);
-        if (o == null) {
-            o = "/cxf-ehcache.xml";
-        }
-        
-        if (o instanceof String) {
-            URL url = null;
-            ResourceManager rm = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
-            url = rm.resolveResource((String)o, URL.class);
-            try {
-                if (url == null) {
-                    url = ClassLoaderUtils.getResource((String)o, ReplayCacheFactory.class);
-                }
-                if (url == null) {
-                    url = new URL((String)o);
-                }
-                return url;
-            } catch (IOException e) {
-                // Do nothing
-            }
-        } else if (o instanceof URL) {
-            return (URL)o;        
-        }
-        return null;
-    }
-    
-    public static TokenStore getTokenStore(Message message) {
-        return getTokenStore(message, true);
-    }
-    
-    public static TokenStore getTokenStore(Message message, boolean create) {
-        EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
-        synchronized (info) {
-            TokenStore tokenStore = 
-                (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
-            if (tokenStore == null) {
-                tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
-            }
-            if (create && tokenStore == null) {
-                TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
-                String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
-                String cacheIdentifier = 
-                    (String)message.getContextualProperty(SecurityConstants.CACHE_IDENTIFIER);
-                if (cacheIdentifier != null) {
-                    cacheKey += "-" + cacheIdentifier;
-                } else if (info.getName() != null) {
-                    int hashcode = info.getName().toString().hashCode();
-                    if (hashcode < 0) {
-                        cacheKey += hashcode;
-                    } else {
-                        cacheKey += "-" + hashcode;
-                    }
-                }
-                tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
-                info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
-            }
-            return tokenStore;
-        }
-    }
-    
     public static String parseAndStoreStreamingSecurityToken(
         org.apache.xml.security.stax.securityToken.SecurityToken securityToken,
         Message message
@@ -195,7 +131,7 @@ public final class WSS4JUtils {
         if (securityToken == null) {
             return null;
         }
-        SecurityToken existingToken = getTokenStore(message).getToken(securityToken.getId());
+        SecurityToken existingToken = SecurityUtils.getTokenStore(message).getToken(securityToken.getId());
         if (existingToken == null || existingToken.isExpired()) {
             Date created = new Date();
             Date expires = new Date();
@@ -229,7 +165,7 @@ public final class WSS4JUtils {
                 }
             }
 
-            getTokenStore(message).add(cachedTok);
+            SecurityUtils.getTokenStore(message).add(cachedTok);
 
             return cachedTok.getId();
         }
@@ -294,50 +230,14 @@ public final class WSS4JUtils {
         return properties;
     }
     
-    public static URL getPropertiesFileURL(
-        Object o, ResourceManager manager, Class<?> callingClass
-    ) {
-        if (o instanceof String) {
-            ClassLoaderHolder orig = null;
-            try {
-                URL url = ClassLoaderUtils.getResource((String)o, callingClass);
-                if (url == null) {
-                    ClassLoader loader = manager.resolveResource((String)o, ClassLoader.class);
-                    if (loader != null) {
-                        orig = ClassLoaderUtils.setThreadContextClassloader(loader);
-                    }
-                    url = manager.resolveResource((String)o, URL.class);
-                }
-                if (url == null) {
-                    try {
-                        url = new URL((String)o);
-                    } catch (IOException e) {
-                        // Do nothing
-                    }
-                }
-                return url;
-            } finally {
-                if (orig != null) {
-                    orig.reset();
-                }
-            }
-        } else if (o instanceof URL) {
-            return (URL)o;        
-        }
-        return null;
-    }
-    
     public static Crypto loadCryptoFromPropertiesFile(
         Message message,
         String propFilename, 
-        Class<?> callingClass,
         ClassLoader classLoader,
         PasswordEncryptor passwordEncryptor
     ) throws WSSecurityException {
         try {
-            ResourceManager manager = 
-                message.getExchange().getBus().getExtension(ResourceManager.class);
-            URL url = getPropertiesFileURL(propFilename, manager, callingClass);
+            URL url = SecurityUtils.loadResource(message, propFilename);
             if (url != null) {
                 Properties props = new Properties();
                 try (InputStream in = url.openStream()) { 

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 4f2574e..38edb3e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -51,7 +51,6 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
-import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.saaj.SAAJUtils;
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
@@ -63,7 +62,6 @@ import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.helpers.MapNamespaceContext;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.resource.ResourceManager;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
@@ -303,7 +301,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     }
     
     protected final TokenStore getTokenStore() {
-        return WSS4JUtils.getTokenStore(message);
+        return SecurityUtils.getTokenStore(message);
     }
     
     protected WSSecTimestamp createTimestamp() {
@@ -1472,9 +1470,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             return crypto;
         }
         
-        ResourceManager manager = 
-            message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
-        URL propsURL = WSS4JUtils.getPropertiesFileURL(o, manager, this.getClass());
+        URL propsURL = SecurityUtils.loadResource(message, o);
         Properties properties = WSS4JUtils.getProps(o, propsURL);
         
         if (properties != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
index e175f67..ae36dcc 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
@@ -33,9 +33,9 @@ import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.PolicyException;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.neethi.Assertion;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
@@ -470,7 +470,7 @@ public abstract class AbstractCommonBindingHandler {
         if (st == null) {
             String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
             if (id != null) {
-                st = WSS4JUtils.getTokenStore(message).getToken(id);
+                st = SecurityUtils.getTokenStore(message).getToken(id);
             }
         }
         return st;

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
index 2d1ebb1..c515749 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
@@ -32,8 +32,8 @@ import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.policy.SPConstants;
@@ -134,7 +134,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler {
                     WSSSecurityProperties properties = getProperties();
                     TokenStoreCallbackHandler callbackHandler = 
                         new TokenStoreCallbackHandler(
-                            properties.getCallbackHandler(), WSS4JUtils.getTokenStore(message)
+                            properties.getCallbackHandler(), SecurityUtils.getTokenStore(message)
                         );
                     properties.setCallbackHandler(callbackHandler);
                 } else if (initiatorToken instanceof SamlToken) {
@@ -261,7 +261,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler {
                     WSSSecurityProperties properties = getProperties();
                     TokenStoreCallbackHandler callbackHandler = 
                         new TokenStoreCallbackHandler(
-                            properties.getCallbackHandler(), WSS4JUtils.getTokenStore(message)
+                            properties.getCallbackHandler(), SecurityUtils.getTokenStore(message)
                         );
                     properties.setCallbackHandler(callbackHandler);
                 } else if (initiatorToken instanceof SamlToken) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
index 15c106b..139f233 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
@@ -35,6 +35,7 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.wss4j.common.ConfigurationConstants;
@@ -117,7 +118,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
         WSSSecurityProperties properties = getProperties();
         TokenStoreCallbackHandler callbackHandler = 
             new TokenStoreCallbackHandler(
-                properties.getCallbackHandler(), WSS4JUtils.getTokenStore(message)
+                properties.getCallbackHandler(), SecurityUtils.getTokenStore(message)
             );
         properties.setCallbackHandler(callbackHandler);
         
@@ -202,7 +203,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
                 }
 
                 // Get hold of the token from the token storage
-                tok = WSS4JUtils.getTokenStore(message).getToken(tokenId);
+                tok = SecurityUtils.getTokenStore(message).getToken(tokenId);
             }
             
             // Store key
@@ -334,7 +335,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
                 return;
             }
             if (sigTok == null) {
-                sigTok = WSS4JUtils.getTokenStore(message).getToken(sigTokId);
+                sigTok = SecurityUtils.getTokenStore(message).getToken(sigTokId);
             }
             
             // Store key
@@ -603,7 +604,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
         tempTok.setKey(symmetricKey);
         tempTok.setSecret(symmetricKey.getEncoded());
         
-        WSS4JUtils.getTokenStore(message).add(tempTok);
+        SecurityUtils.getTokenStore(message).add(tempTok);
         
         return tempTok.getId();
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f94861bd/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
index 1beb200..f07412e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
@@ -33,9 +33,9 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
@@ -315,7 +315,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
                 // Set up CallbackHandler which wraps the configured Handler
                 TokenStoreCallbackHandler callbackHandler = 
                     new TokenStoreCallbackHandler(
-                        properties.getCallbackHandler(), WSS4JUtils.getTokenStore(message)
+                        properties.getCallbackHandler(), SecurityUtils.getTokenStore(message)
                     );
                 
                 properties.setCallbackHandler(callbackHandler);


Mime
View raw message