cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf git commit: Large refactor mainly of cxf-rt-rs-security-xml following on from WSS4J trunk changes
Date Mon, 23 Mar 2015 15:44:46 GMT
http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
index ccd8c97..aeafc8f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenInInterceptor.java
@@ -25,6 +25,7 @@ import java.util.Date;
 import javax.security.auth.callback.CallbackHandler;
 
 import org.w3c.dom.Element;
+
 import org.apache.cxf.binding.soap.SoapBindingConstants;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor;
@@ -35,6 +36,7 @@ import org.apache.cxf.message.Exchange;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.staxutils.W3CDOMStreamWriter;
 import org.apache.cxf.ws.addressing.AddressingProperties;
@@ -42,7 +44,6 @@ import org.apache.cxf.ws.addressing.JAXWSAConstants;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider.HttpsTokenInInterceptor;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
index af7b0ac..48cf22c 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SpnegoContextTokenOutInterceptor.java
@@ -28,13 +28,14 @@ import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.ws.addressing.AddressingProperties;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.cxf.ws.security.trust.STSClient;
 import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -62,12 +63,12 @@ class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMess
                 String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
                 SecurityToken tok = null;
                 if (tokId != null) {
-                    tok = SecurityUtils.getTokenStore(message).getToken(tokId);
+                    tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
                     
                     if (tok != null && tok.isExpired()) {
                         message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
                         message.getExchange().remove(SecurityConstants.TOKEN_ID);
-                        SecurityUtils.getTokenStore(message).remove(tokId);
+                        TokenStoreUtils.getTokenStore(message).remove(tokId);
                         tok = null;
                     }
                 }
@@ -81,7 +82,7 @@ class SpnegoContextTokenOutInterceptor extends AbstractPhaseInterceptor<SoapMess
                     }
                     message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, tok.getId());
                     message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
-                    SecurityUtils.getTokenStore(message).add(tok);
+                    TokenStoreUtils.getTokenStore(message).add(tok);
                 }
             } else {
                 // server side should be checked on the way in

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java
index 61b8ded..19e3493 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStoreFactory.java
@@ -22,8 +22,8 @@ package org.apache.cxf.ws.security.tokenstore;
 import java.net.URL;
 
 import org.apache.cxf.message.Message;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 
 
 /**

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
index 1b7cfb6..3183d73 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
@@ -34,9 +34,9 @@ import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.staxutils.W3CDOMStreamWriter;
 import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.message.token.Reference;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
 
 
@@ -161,11 +161,11 @@ public class SecurityToken implements Serializable {
     }
     
     public SecurityToken(String id) {
-        this.id = WSSecurityUtil.getIDFromReference(id);
+        this.id = XMLUtils.getIDFromReference(id);
     }
 
     public SecurityToken(String id, Date created, Date expires) {
-        this.id = WSSecurityUtil.getIDFromReference(id);
+        this.id = XMLUtils.getIDFromReference(id);
         
         if (created != null) {
             this.created = new Date(created.getTime());
@@ -179,7 +179,7 @@ public class SecurityToken implements Serializable {
                  Element tokenElem,
                  Date created,
                  Date expires) {
-        this.id = WSSecurityUtil.getIDFromReference(id);
+        this.id = XMLUtils.getIDFromReference(id);
         
         this.token = cloneElement(tokenElem);
         if (created != null) {
@@ -193,7 +193,7 @@ public class SecurityToken implements Serializable {
     public SecurityToken(String id,
                  Element tokenElem,
                  Element lifetimeElem) {
-        this.id = WSSecurityUtil.getIDFromReference(id);
+        this.id = XMLUtils.getIDFromReference(id);
         
         this.token = cloneElement(tokenElem);
         if (lifetimeElem != null) {
@@ -284,7 +284,7 @@ public class SecurityToken implements Serializable {
      * Set the id
      */
     public void setId(String id) {
-        this.id = WSSecurityUtil.getIDFromReference(id);
+        this.id = XMLUtils.getIDFromReference(id);
     }
     
     /**

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreUtils.java
new file mode 100644
index 0000000..7842c4b
--- /dev/null
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStoreUtils.java
@@ -0,0 +1,64 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.tokenstore;
+
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.ws.security.SecurityConstants;
+
+/**
+ * Some common functionality
+ */
+public final class TokenStoreUtils {
+    
+    private TokenStoreUtils() {
+        // complete
+    }
+
+    public static TokenStore getTokenStore(Message message) {
+        EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+        synchronized (info) {
+            TokenStore tokenStore = 
+                (TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
+            if (tokenStore == null) {
+                tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
+            }
+            if (tokenStore == null) {
+                TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
+                String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
+                String cacheIdentifier = 
+                    (String)message.getContextualProperty(SecurityConstants.CACHE_IDENTIFIER);
+                if (cacheIdentifier != null) {
+                    cacheKey += "-" + cacheIdentifier;
+                } else if (info.getName() != null) {
+                    int hashcode = info.getName().toString().hashCode();
+                    if (hashcode < 0) {
+                        cacheKey += hashcode;
+                    } else {
+                        cacheKey += "-" + hashcode;
+                    }
+                }
+                tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
+                info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
+            }
+            return tokenStore;
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index a9a11dc..9884c94 100755
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -75,6 +75,7 @@ import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.rt.security.claims.ClaimCollection;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.service.Service;
 import org.apache.cxf.service.model.BindingInfo;
 import org.apache.cxf.service.model.BindingOperationInfo;
@@ -98,7 +99,6 @@ import org.apache.cxf.ws.policy.attachment.reference.ReferenceResolver;
 import org.apache.cxf.ws.policy.attachment.reference.RemoteReferenceResolver;
 import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.trust.claims.ClaimsCallback;
 import org.apache.cxf.ws.security.trust.delegation.DelegationCallback;
@@ -115,6 +115,7 @@ import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.crypto.CryptoType;
 import org.apache.wss4j.common.derivedKey.P_SHA1;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDocInfo;
 import org.apache.wss4j.dom.WSSConfig;
@@ -1518,11 +1519,11 @@ public abstract class AbstractSTSClient implements Configurable, InterceptorProv
         if (encryptionAlgorithm != null && encryptionAlgorithm.endsWith("spnego#GSS_Wrap")) {
             // Get the CipherValue
             Element tmpE = 
-                WSSecurityUtil.getDirectChildElement(child, "CipherData", WSConstants.ENC_NS);
+                XMLUtils.getDirectChildElement(child, "CipherData", WSConstants.ENC_NS);
             byte[] cipherValue = null;
             if (tmpE != null) {
                 tmpE = 
-                    WSSecurityUtil.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS);
+                    XMLUtils.getDirectChildElement(tmpE, "CipherValue", WSConstants.ENC_NS);
                 if (tmpE != null) {
                     String content = DOMUtils.getContent(tmpE);
                     cipherValue = Base64.decode(content);

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
index 3db4a43..f6bf716 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenValidator.java
@@ -28,11 +28,12 @@ import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
 import org.w3c.dom.Element;
+
 import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.cxf.ws.security.trust.delegation.DelegationCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl;
@@ -174,7 +175,7 @@ public class STSTokenValidator implements Validator {
             return null;
         }
         
-        return SecurityUtils.getTokenStore(message);
+        return TokenStoreUtils.getTokenStore(message);
     }
     
     protected boolean isValidatedLocally(Credential credential, RequestData data) 

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
index caa9470..7501ce7 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
@@ -29,6 +29,7 @@ import javax.xml.namespace.QName;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
+
 import org.apache.cxf.binding.soap.SoapHeader;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
@@ -40,13 +41,13 @@ import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.Phase;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.PolicyException;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.ext.WSPasswordCallback;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
index 5f77140..fbce336 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
@@ -46,9 +46,9 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.PhaseInterceptor;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
index 2c8648d..7c3e1ef 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java
@@ -24,14 +24,15 @@ import java.util.ArrayList;
 import java.util.List;
 
 import org.w3c.dom.Element;
+
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.headers.Header;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.interceptor.security.DefaultSecurityContext;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.ext.WSSecurityException;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
index dd91cf2..a184732 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
@@ -31,6 +31,7 @@ import javax.security.auth.callback.CallbackHandler;
 import javax.xml.namespace.QName;
 
 import org.w3c.dom.Element;
+
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.util.StringUtils;
@@ -38,12 +39,12 @@ import org.apache.cxf.headers.Header;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.interceptor.security.DefaultSecurityContext;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
index 1788fce..6ff5b9b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
@@ -28,6 +28,7 @@ import java.util.Set;
 import javax.security.auth.Subject;
 
 import org.w3c.dom.Element;
+
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.headers.Header;
@@ -40,11 +41,11 @@ import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.rt.security.saml.SAMLSecurityContext;
 import org.apache.cxf.rt.security.saml.SAMLUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.wss4j.common.cache.ReplayCache;
 import org.apache.wss4j.common.ext.WSPasswordCallback;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index 61a25b3..e749834 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -45,6 +45,7 @@ import javax.xml.transform.dom.DOMSource;
 
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
+
 import org.apache.cxf.binding.soap.SoapFault;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.SoapVersion;
@@ -62,12 +63,13 @@ import org.apache.cxf.phase.Phase;
 import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.rt.security.saml.SAMLSecurityContext;
 import org.apache.cxf.rt.security.saml.SAMLUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.wss4j.common.cache.ReplayCache;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider;
@@ -677,7 +679,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
                 Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class);
                 if (ep != null && ep.getEndpointInfo() != null) {
                     TokenStore store = 
-                        SecurityUtils.getTokenStore((SoapMessage)reqData.getMsgContext());
+                        TokenStoreUtils.getTokenStore((SoapMessage)reqData.getMsgContext());
                     return new TokenStoreCallbackHandler(null, store);
                 }                    
                 throw sec;
@@ -686,7 +688,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
             
         Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class);
         if (ep != null && ep.getEndpointInfo() != null) {
-            TokenStore store = SecurityUtils.getTokenStore((SoapMessage)reqData.getMsgContext());
+            TokenStore store = TokenStoreUtils.getTokenStore((SoapMessage)reqData.getMsgContext());
             return new TokenStoreCallbackHandler(cbHandler, store);
         }
         return cbHandler;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
index 47d30ed..dc9289f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
@@ -40,7 +40,7 @@ import org.apache.cxf.interceptor.StaxInInterceptor;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.WSSPolicyException;
 import org.apache.wss4j.common.cache.ReplayCache;
@@ -121,7 +121,7 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor {
             
             final TokenStoreCallbackHandler callbackHandler = 
                 new TokenStoreCallbackHandler(
-                    secProps.getCallbackHandler(), SecurityUtils.getTokenStore(soapMessage)
+                    secProps.getCallbackHandler(), TokenStoreUtils.getTokenStore(soapMessage)
                 );
             secProps.setCallbackHandler(callbackHandler);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
index f012096..2436e25 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
@@ -37,11 +37,12 @@ import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.cache.CXFEHCacheReplayCache;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.wss4j.common.cache.ReplayCache;
 import org.apache.wss4j.common.cache.ReplayCacheFactory;
 import org.apache.wss4j.common.crypto.Crypto;
@@ -136,7 +137,7 @@ public final class WSS4JUtils {
         if (securityToken == null) {
             return null;
         }
-        SecurityToken existingToken = SecurityUtils.getTokenStore(message).getToken(securityToken.getId());
+        SecurityToken existingToken = TokenStoreUtils.getTokenStore(message).getToken(securityToken.getId());
         if (existingToken == null || existingToken.isExpired()) {
             Date created = new Date();
             Date expires = new Date();
@@ -170,7 +171,7 @@ public final class WSS4JUtils {
                 }
             }
 
-            SecurityUtils.getTokenStore(message).add(cachedTok);
+            TokenStoreUtils.getTokenStore(message).add(cachedTok);
 
             return cachedTok.getId();
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index e753bcc..5b96a07 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -61,15 +61,16 @@ import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.helpers.MapNamespaceContext;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.PolicyConstants;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler;
 import org.apache.cxf.ws.security.wss4j.CXFCallbackLookup;
 import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
@@ -90,6 +91,7 @@ import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.common.saml.bean.Version;
 import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
@@ -300,7 +302,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     }
     
     protected final TokenStore getTokenStore() {
-        return SecurityUtils.getTokenStore(message);
+        return TokenStoreUtils.getTokenStore(message);
     }
     
     protected WSSecTimestamp createTimestamp() {
@@ -432,13 +434,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                 //ws-trust/ws-sc stuff.......
                 SecurityToken secToken = getSecurityToken();
                 if (secToken == null) {
-                    policyNotAsserted(token, "Could not find IssuedToken");
+                    unassertPolicy(token, "Could not find IssuedToken");
                 }
                 Element clone = cloneElement(secToken.getToken());
                 secToken.setToken(clone);
                 addSupportingElement(clone);
                 
-                String id = WSSecurityUtil.getIDFromReference(secToken.getId());
+                String id = XMLUtils.getIDFromReference(secToken.getId());
 
                 if (suppTokens.isEncryptedToken()) {
                     WSEncryptionPart part = new WSEncryptionPart(id, "Element");
@@ -651,13 +653,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                     part.setId(secRef.getID());
                     part.setElement(clone);
                 } else {
-                    String id = WSSecurityUtil.getIDFromReference(token.getId());
+                    String id = XMLUtils.getIDFromReference(token.getId());
 
                     part = new WSEncryptionPart(id);
                     part.setElement(token.getToken());
                 }
             } else {
-                policyNotAsserted(supportingToken.getToken(), 
+                unassertPolicy(supportingToken.getToken(), 
                                   "UnsupportedTokenInSupportingToken: " + tempTok);  
             }
             if (part != null) {
@@ -743,7 +745,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                     }
                     utBuilder.setUserInfo(userName, password);
                 } else {
-                    policyNotAsserted(token, "No password available");
+                    unassertPolicy(token, "No password available");
                     return null;
                 }
             }
@@ -757,7 +759,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             
             return utBuilder;
         } else {
-            policyNotAsserted(token, "No username available");
+            unassertPolicy(token, "No username available");
             return null;
         }
     }
@@ -783,13 +785,13 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                 utBuilder.addDerivedKey(useMac, null, 1000);
                 utBuilder.prepare(saaj.getSOAPPart());
             } else {
-                policyNotAsserted(token, "No password available");
+                unassertPolicy(token, "No password available");
                 return null;
             }
             
             return utBuilder;
         } else {
-            policyNotAsserted(token, "No username available");
+            unassertPolicy(token, "No username available");
             return null;
         }
     }
@@ -824,7 +826,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         
         CallbackHandler handler = SecurityUtils.getCallbackHandler(o);
         if (handler == null) {
-            policyNotAsserted(token, "No SAML CallbackHandler available");
+            unassertPolicy(token, "No SAML CallbackHandler available");
             return null;
         }
         
@@ -910,11 +912,11 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         try {
             handler = SecurityUtils.getCallbackHandler(o);
             if (handler == null) {
-                policyNotAsserted(info, "No callback handler and no password available");
+                unassertPolicy(info, "No callback handler and no password available");
                 return null;
             }
         } catch (WSSecurityException ex) {
-            policyNotAsserted(info, "No callback handler and no password available");
+            unassertPolicy(info, "No callback handler and no password available");
             return null;
         }
         
@@ -922,7 +924,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         try {
             handler.handle(cb);
         } catch (Exception e) {
-            policyNotAsserted(info, e);
+            unassertPolicy(info, e);
         }
         
         //get the password
@@ -1550,7 +1552,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             }
         }
         if (encrUser == null || "".equals(encrUser)) {
-            policyNotAsserted(token, "A " + (sign ? "signature" : "encryption") + " username needs to be declared.");
+            unassertPolicy(token, "A " + (sign ? "signature" : "encryption") + " username needs to be declared.");
         }
         if (WSHandlerConstants.USE_REQ_SIG_CERT.equals(encrUser)) {
             List<WSHandlerResult> results = 
@@ -1564,7 +1566,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                     encrKeyBuilder.setUserInfo(getUsername(results));
                 }
             } else {
-                policyNotAsserted(token, "No security results in incoming message");
+                unassertPolicy(token, "No security results in incoming message");
             }
         } else {
             encrKeyBuilder.setUserInfo(encrUser);
@@ -1757,7 +1759,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                 try {
                     user = crypto.getDefaultX509Identifier();
                     if (StringUtils.isEmpty(user)) {
-                        policyNotAsserted(token, "No configured " + type + " username detected");
+                        unassertPolicy(token, "No configured " + type + " username detected");
                         return null;
                     }
                 } catch (WSSecurityException e1) {
@@ -1765,7 +1767,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                     throw new Fault(e1);
                 }
             } else {
-                policyNotAsserted(token, "Security configuration could not be detected. "
+                unassertPolicy(token, "Security configuration could not be detected. "
                     + "Potential cause: Make sure jaxws:client element with name " 
                     + "attribute value matching endpoint port is defined as well as a " 
                     + SecurityConstants.SIGNATURE_PROPERTIES + " element within it.");
@@ -1784,7 +1786,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
         } catch (WSSecurityException e) {
             LOG.log(Level.FINE, e.getMessage(), e);
-            policyNotAsserted(token, e);
+            unassertPolicy(token, e);
         }
         
         return sig;
@@ -1826,7 +1828,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                         encryptedTokensList.add(part);
                     }
                 } catch (WSSecurityException e) {
-                    policyNotAsserted(supportingToken.getToken(), e);
+                    unassertPolicy(supportingToken.getToken(), e);
                 }
                 
             } else if (tempTok instanceof WSSecurityTokenHolder) {
@@ -1938,7 +1940,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         dkSign.prepare(doc, secHeader);
         
         if (isTokenProtection) {
-            String sigTokId = WSSecurityUtil.getIDFromReference(tok.getId());
+            String sigTokId = XMLUtils.getIDFromReference(tok.getId());
             sigParts.add(new WSEncryptionPart(sigTokId));
         }
         
@@ -2001,7 +2003,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             sigTokId = tok.getId();
         }
                        
-        sigTokId = WSSecurityUtil.getIDFromReference(sigTokId);
+        sigTokId = XMLUtils.getIDFromReference(sigTokId);
         sig.setCustomTokenId(sigTokId);
         sig.setSecretKey(tok.getSecret());
         sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
index 7614198..06d4529 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
@@ -33,9 +33,9 @@ import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.PolicyException;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.neethi.Assertion;
 import org.apache.wss4j.policy.SP13Constants;
 import org.apache.wss4j.policy.SPConstants;
@@ -72,7 +72,7 @@ public abstract class AbstractCommonBindingHandler {
         this.message = msg;
     }
 
-    protected void policyNotAsserted(Assertion assertion, String reason) {
+    protected void unassertPolicy(Assertion assertion, String reason) {
         if (assertion == null) {
             return;
         }
@@ -91,7 +91,7 @@ public abstract class AbstractCommonBindingHandler {
         }
     }
     
-    protected void policyNotAsserted(Assertion assertion, Exception reason) {
+    protected void unassertPolicy(Assertion assertion, Exception reason) {
         if (assertion == null) {
             return;
         }
@@ -450,7 +450,7 @@ public abstract class AbstractCommonBindingHandler {
         if (st == null) {
             String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
             if (id != null) {
-                st = SecurityUtils.getTokenStore(message).getToken(id);
+                st = TokenStoreUtils.getTokenStore(message).getToken(id);
             }
         }
         return st;

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index ec40234..56cf6a8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -39,12 +39,13 @@ import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPException;
 
 import org.w3c.dom.Element;
+
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
@@ -208,7 +209,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
 
         final SecurityToken secToken = getSecurityToken();
         if (secToken == null) {
-            policyNotAsserted(token, "Could not find KerberosToken");
+            unassertPolicy(token, "Could not find KerberosToken");
         }
         
         // Convert to WSS4J token
@@ -287,7 +288,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
         Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
         CallbackHandler handler = SecurityUtils.getCallbackHandler(o);
         if (handler == null) {
-            policyNotAsserted(token, "No SAML CallbackHandler available");
+            unassertPolicy(token, "No SAML CallbackHandler available");
             return null;
         }
         properties.setSamlCallbackHandler(handler);

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index ee7bdad..e3a7b37 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -133,7 +133,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                 if (initiatorToken instanceof IssuedToken) {
                     SecurityToken secToken = getSecurityToken();
                     if (secToken == null) {
-                        policyNotAsserted(initiatorToken, "Security token is not found or expired");
+                        unassertPolicy(initiatorToken, "Security token is not found or expired");
                         return;
                     } else {
                         assertPolicy(initiatorToken);
@@ -156,7 +156,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                 } else if (initiatorToken instanceof SamlToken) {
                     String tokenId = getSAMLToken();
                     if (tokenId == null) {
-                        policyNotAsserted(initiatorToken, "Security token is not found or expired");
+                        unassertPolicy(initiatorToken, "Security token is not found or expired");
                         return;
                     }
                 }
@@ -272,7 +272,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
             if (initiatorToken instanceof IssuedToken) {
                 SecurityToken secToken = getSecurityToken();
                 if (secToken == null) {
-                    policyNotAsserted(initiatorToken, "Security token is not found or expired");
+                    unassertPolicy(initiatorToken, "Security token is not found or expired");
                     return;
                 } else {
                     assertPolicy(initiatorToken);
@@ -302,7 +302,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
             } else if (initiatorToken instanceof SamlToken) {
                 String tokenId = getSAMLToken();
                 if (tokenId == null) {
-                    policyNotAsserted(initiatorToken, "Security token is not found or expired");
+                    unassertPolicy(initiatorToken, "Security token is not found or expired");
                     return;
                 }
             }
@@ -320,7 +320,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
             addSupportingTokens(sigParts);
         } catch (WSSecurityException ex) {
             LOG.log(Level.FINE, ex.getMessage(), ex);
-            policyNotAsserted(encryptionToken, ex);
+            unassertPolicy(encryptionToken, ex);
         }
         
         List<WSEncryptionPart> encrParts = null;
@@ -476,7 +476,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                     return dkEncr;
                 } catch (Exception e) {
                     LOG.log(Level.FINE, e.getMessage(), e);
-                    policyNotAsserted(recToken, e);
+                    unassertPolicy(recToken, e);
                 }
             } else {
                 try {
@@ -518,7 +518,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                         setEncryptionUser(encr, recToken, false, crypto);
                     }
                     if (!encr.isCertSet() && crypto == null) {
-                        policyNotAsserted(recToken, "Missing security configuration. "
+                        unassertPolicy(recToken, "Missing security configuration. "
                                 + "Make sure jaxws:client element is configured " 
                                 + "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value.");
                     }
@@ -560,7 +560,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                     return encr;
                 } catch (WSSecurityException e) {
                     LOG.log(Level.FINE, e.getMessage(), e);
-                    policyNotAsserted(recToken, e);
+                    unassertPolicy(recToken, e);
                 }    
             }
         }
@@ -737,7 +737,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                     createEncryptedKey(wrapper, token);
                 }
             } else {
-                policyNotAsserted(token, "No security results found");
+                unassertPolicy(token, "No security results found");
             }
         } else {
             createEncryptedKey(wrapper, token);

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
index 441943c..f610239 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
@@ -32,8 +32,8 @@ import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler;
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -135,7 +135,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler {
                     WSSSecurityProperties properties = getProperties();
                     TokenStoreCallbackHandler callbackHandler = 
                         new TokenStoreCallbackHandler(
-                            properties.getCallbackHandler(), SecurityUtils.getTokenStore(message)
+                            properties.getCallbackHandler(), TokenStoreUtils.getTokenStore(message)
                         );
                     properties.setCallbackHandler(callbackHandler);
                 } else if (initiatorToken instanceof SamlToken) {
@@ -262,7 +262,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler {
                     WSSSecurityProperties properties = getProperties();
                     TokenStoreCallbackHandler callbackHandler = 
                         new TokenStoreCallbackHandler(
-                            properties.getCallbackHandler(), SecurityUtils.getTokenStore(message)
+                            properties.getCallbackHandler(), TokenStoreUtils.getTokenStore(message)
                         );
                     properties.setCallbackHandler(callbackHandler);
                 } else if (initiatorToken instanceof SamlToken) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
index a678aef..b4dce04 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
@@ -19,7 +19,6 @@
 
 package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
-import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
@@ -35,15 +34,14 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler;
 import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSConfig;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.common.util.KeyUtils;
+import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
 import org.apache.wss4j.policy.model.AbstractToken;
@@ -63,7 +61,6 @@ import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
-import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.stax.ext.OutboundSecurityContext;
 import org.apache.xml.security.stax.ext.SecurePart;
@@ -120,7 +117,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
         WSSSecurityProperties properties = getProperties();
         TokenStoreCallbackHandler callbackHandler = 
             new TokenStoreCallbackHandler(
-                properties.getCallbackHandler(), SecurityUtils.getTokenStore(message)
+                properties.getCallbackHandler(), TokenStoreUtils.getTokenStore(message)
             );
         properties.setCallbackHandler(callbackHandler);
         
@@ -195,15 +192,15 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
                     tokenId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
                 }
             } else if (encryptionToken instanceof UsernameToken) {
-                policyNotAsserted(sbinding, "UsernameTokens not supported with Symmetric binding");
+                unassertPolicy(sbinding, "UsernameTokens not supported with Symmetric binding");
                 return;
             }
             assertToken(encryptionToken);
             if (tok == null) {
-                tokenId = WSSecurityUtil.getIDFromReference(tokenId);
+                tokenId = XMLUtils.getIDFromReference(tokenId);
 
                 // Get hold of the token from the token storage
-                tok = SecurityUtils.getTokenStore(message).getToken(tokenId);
+                tok = TokenStoreUtils.getTokenStore(message).getToken(tokenId);
             }
             
             // Store key
@@ -321,21 +318,21 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
                         sigTokId = WSS4JUtils.parseAndStoreStreamingSecurityToken(securityToken, message);
                     }
                 } else if (sigToken instanceof UsernameToken) {
-                    policyNotAsserted(sbinding, "UsernameTokens not supported with Symmetric binding");
+                    unassertPolicy(sbinding, "UsernameTokens not supported with Symmetric binding");
                     return;
                 }
                 assertToken(sigToken);
             } else {
-                policyNotAsserted(sbinding, "No signature token");
+                unassertPolicy(sbinding, "No signature token");
                 return;
             }
             
             if (sigTok == null && StringUtils.isEmpty(sigTokId)) {
-                policyNotAsserted(sigAbstractTokenWrapper, "No signature token id");
+                unassertPolicy(sigAbstractTokenWrapper, "No signature token id");
                 return;
             }
             if (sigTok == null) {
-                sigTok = SecurityUtils.getTokenStore(message).getToken(sigTokId);
+                sigTok = TokenStoreUtils.getTokenStore(message).getToken(sigTokId);
             }
             
             // Store key
@@ -599,12 +596,12 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
             new SecurityToken(IDGenerator.generateID(null), created, expires);
         
         KeyGenerator keyGenerator = 
-            getKeyGenerator(sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption());
+            KeyUtils.getKeyGenerator(sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption());
         SecretKey symmetricKey = keyGenerator.generateKey();
         tempTok.setKey(symmetricKey);
         tempTok.setSecret(symmetricKey.getEncoded());
         
-        SecurityUtils.getTokenStore(message).add(tempTok);
+        TokenStoreUtils.getTokenStore(message).add(tempTok);
         
         return tempTok.getId();
     }
@@ -651,33 +648,4 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
         return null;
     }
     
-    private KeyGenerator getKeyGenerator(String symEncAlgo) throws WSSecurityException {
-        try {
-            //
-            // Assume AES as default, so initialize it
-            //
-            WSSConfig.init();
-            String keyAlgorithm = JCEMapper.getJCEKeyAlgorithmFromURI(symEncAlgo);
-            if (keyAlgorithm == null || "".equals(keyAlgorithm)) {
-                keyAlgorithm = JCEMapper.translateURItoJCEID(symEncAlgo);
-            }
-            KeyGenerator keyGen = KeyGenerator.getInstance(keyAlgorithm);
-            if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_128)
-                || symEncAlgo.equalsIgnoreCase(WSConstants.AES_128_GCM)) {
-                keyGen.init(128);
-            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_192)
-                || symEncAlgo.equalsIgnoreCase(WSConstants.AES_192_GCM)) {
-                keyGen.init(192);
-            } else if (symEncAlgo.equalsIgnoreCase(WSConstants.AES_256)
-                || symEncAlgo.equalsIgnoreCase(WSConstants.AES_256_GCM)) {
-                keyGen.init(256);
-            }
-            return keyGen;
-        } catch (NoSuchAlgorithmException e) {
-            throw new WSSecurityException(
-                WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e
-            );
-        }
-    }
-    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
index 8f093fc..4294c97 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
@@ -33,9 +33,9 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
@@ -100,7 +100,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
                 if (token.getToken() instanceof IssuedToken) {
                     SecurityToken secToken = getSecurityToken();
                     if (secToken == null) {
-                        policyNotAsserted(token.getToken(), "No transport token id");
+                        unassertPolicy(token.getToken(), "No transport token id");
                         return;
                     }
                     addIssuedToken((IssuedToken)token.getToken(), secToken, false, false);
@@ -316,7 +316,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
                 // Set up CallbackHandler which wraps the configured Handler
                 TokenStoreCallbackHandler callbackHandler = 
                     new TokenStoreCallbackHandler(
-                        properties.getCallbackHandler(), SecurityUtils.getTokenStore(message)
+                        properties.getCallbackHandler(), TokenStoreUtils.getTokenStore(message)
                     );
                 
                 properties.setCallbackHandler(callbackHandler);

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 7c4c745..ca64d18 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -298,12 +298,12 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                 }
                 assertToken(sigToken);
             } else {
-                policyNotAsserted(sbinding, "No signature token");
+                unassertPolicy(sbinding, "No signature token");
                 return;
             }
             
             if (sigTok == null && StringUtils.isEmpty(sigTokId)) {
-                policyNotAsserted(sigAbstractTokenWrapper, "No signature token id");
+                unassertPolicy(sigAbstractTokenWrapper, "No signature token id");
                 return;
             } else {
                 assertPolicy(sigAbstractTokenWrapper);
@@ -359,7 +359,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                 //Use the same token
                 encrTok = sigTok;
             } else {
-                policyNotAsserted(sbinding, "Encryption token does not equal signature token");
+                unassertPolicy(sbinding, "Encryption token does not equal signature token");
                 return;
             }
             
@@ -493,7 +493,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
             return dkEncr;
         } catch (Exception e) {
             LOG.log(Level.FINE, e.getMessage(), e);
-            policyNotAsserted(recToken, e);
+            unassertPolicy(recToken, e);
         }
         return null;
     }
@@ -613,7 +613,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                     return encr;
                 } catch (WSSecurityException e) {
                     LOG.log(Level.FINE, e.getMessage(), e);
-                    policyNotAsserted(recToken, e);
+                    unassertPolicy(recToken, e);
                 }    
             }
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index d9eaa2c..a3b65aa 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -138,7 +138,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
                     if (transportToken instanceof IssuedToken) {
                         SecurityToken secToken = getSecurityToken();
                         if (secToken == null) {
-                            policyNotAsserted(transportToken, "No transport token id");
+                            unassertPolicy(transportToken, "No transport token id");
                             return;
                         } else {
                             assertPolicy(transportToken);

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
index b35a49b..6ca27a1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
@@ -21,7 +21,6 @@ package org.apache.cxf.ws.security.wss4j.policyvalidators;
 
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
-import java.util.Collection;
 import java.util.List;
 
 import javax.xml.namespace.QName;
@@ -33,7 +32,6 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
-import org.apache.neethi.Assertion;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.dom.WSConstants;
@@ -445,24 +443,4 @@ public abstract class AbstractBindingPolicyValidator implements SecurityPolicyVa
         return false;
     }
     
-    protected void notAssertPolicy(AssertionInfoMap aim, Assertion token, String msg) {
-        Collection<AssertionInfo> ais = aim.get(token.getName());
-        if (ais != null && !ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                if (ai.getAssertion() == token) {
-                    ai.setNotAsserted(msg);
-                }
-            }    
-        }
-    }
-    
-    protected void notAssertPolicy(AssertionInfoMap aim, QName q, String msg) {
-        Collection<AssertionInfo> ais = aim.get(q);
-        if (ais != null && !ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                ai.setNotAsserted(msg);
-            }    
-        }
-    }
-    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
index 6c86faf..3bd9eac 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
@@ -155,7 +155,7 @@ public class AsymmetricBindingPolicyValidator extends AbstractBindingPolicyValid
             }
             if (!foundCert && !signedResults.isEmpty()) {
                 String error = "An X.509 certificate was not used for the " + wrapper.getName();
-                notAssertPolicy(aim, wrapper.getName(), error);
+                unassertPolicy(aim, wrapper.getName(), error);
                 ai.setNotAsserted(error);
                 return false;
             }
@@ -169,6 +169,15 @@ public class AsymmetricBindingPolicyValidator extends AbstractBindingPolicyValid
 
         return true;
     }
+    
+    private void unassertPolicy(AssertionInfoMap aim, QName q, String msg) {
+        Collection<AssertionInfo> ais = aim.get(q);
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setNotAsserted(msg);
+            }    
+        }
+    }
 
     private boolean checkRecipientTokens(
         AbstractTokenWrapper wrapper, 

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
index 351e94b..0cc5a64 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
@@ -28,9 +28,9 @@ import javax.xml.namespace.QName;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
@@ -104,7 +104,7 @@ public class KerberosTokenPolicyValidator extends AbstractSecurityPolicyValidato
             if (asserted) {
                 SecurityToken token = createSecurityToken(kerberosToken);
                 token.setSecret((byte[])kerberosResult.get(WSSecurityEngineResult.TAG_SECRET));
-                SecurityUtils.getTokenStore(parameters.getMessage()).add(token);
+                TokenStoreUtils.getTokenStore(parameters.getMessage()).add(token);
                 parameters.getMessage().getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
                 return;
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/35063023/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
index 7f032f5..123cad8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
@@ -33,6 +33,7 @@ import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.bsp.BSPEnforcer;
@@ -201,17 +202,17 @@ public class X509TokenPolicyValidator extends AbstractSecurityPolicyValidator {
     private Element getKeyIdentifier(Element signatureElement) {
         if (signatureElement != null) {
             Element keyInfoElement = 
-                WSSecurityUtil.getDirectChildElement(
+                XMLUtils.getDirectChildElement(
                     signatureElement, "KeyInfo", WSConstants.SIG_NS
                 );
             if (keyInfoElement != null) {
                 Element strElement = 
-                    WSSecurityUtil.getDirectChildElement(
+                    XMLUtils.getDirectChildElement(
                         keyInfoElement, "SecurityTokenReference", WSConstants.WSSE_NS
                     );
                 if (strElement != null) {
                     Element kiElement = 
-                        WSSecurityUtil.getDirectChildElement(
+                        XMLUtils.getDirectChildElement(
                             strElement, "KeyIdentifier", WSConstants.WSSE_NS
                         );
                     return kiElement;


Mime
View raw message