cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/6] cxf git commit: Adding initial TokenProvider to issue JWT tokens in the STS
Date Fri, 06 Nov 2015 15:14:22 GMT
Adding initial TokenProvider to issue JWT tokens in the STS


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a493fc41
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a493fc41
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a493fc41

Branch: refs/heads/3.1.x-fixes
Commit: a493fc41c1bdd5d282dac7fec57db9d01987af21
Parents: 52a6c73
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Nov 6 12:19:14 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Nov 6 15:14:06 2015 +0000

----------------------------------------------------------------------
 services/sts/sts-core/pom.xml                   |   6 +
 .../cxf/sts/operation/TokenIssueOperation.java  |   7 +-
 .../token/provider/TokenProviderResponse.java   |   8 +-
 .../provider/jwt/DefaultJWTClaimsProvider.java  | 130 +++++++++++++
 .../token/provider/jwt/JWTClaimsProvider.java   |  33 ++++
 .../jwt/JWTClaimsProviderParameters.java        |  39 ++++
 .../token/provider/jwt/JWTTokenProvider.java    | 195 +++++++++++++++++++
 .../claims/mapper/JexlIssueSamlClaimsTest.java  |   2 +-
 .../cxf/sts/operation/CancelSCTUnitTest.java    |   2 +-
 .../cxf/sts/operation/IssueJWTUnitTest.java     | 193 ++++++++++++++++++
 .../sts/operation/IssueOnbehalfofUnitTest.java  |   2 +-
 .../sts/operation/IssueSamlClaimsUnitTest.java  |   2 +-
 .../cxf/sts/operation/RenewSamlUnitTest.java    |   2 +-
 .../cxf/sts/operation/ValidateSCTUnitTest.java  |   2 +-
 .../cxf/sts/operation/ValidateSamlUnitTest.java |   2 +-
 .../ValidateTokenTransformationUnitTest.java    |   2 +-
 .../token/provider/JWTTokenProviderTest.java    | 124 ++++++++++++
 .../cxf/sts/token/provider/SAMLClaimsTest.java  |  12 +-
 .../token/provider/SAMLProviderActAsTest.java   |  10 +-
 .../token/provider/SAMLProviderCustomTest.java  |  16 +-
 .../token/provider/SAMLProviderKeyTypeTest.java |  34 ++--
 .../provider/SAMLProviderLifetimeTest.java      |  12 +-
 .../provider/SAMLProviderOnBehalfOfTest.java    |  10 +-
 .../token/provider/SAMLProviderRealmTest.java   |   6 +-
 .../cxf/sts/token/provider/SCTProviderTest.java |   6 +-
 .../renewer/SAMLTokenRenewerLifetimeTest.java   |   2 +-
 .../token/renewer/SAMLTokenRenewerPOPTest.java  |   2 +-
 .../renewer/SAMLTokenRenewerRealmTest.java      |   2 +-
 .../sts/token/renewer/SAMLTokenRenewerTest.java |   2 +-
 .../SAMLTokenValidatorCachedRealmTest.java      |   2 +-
 .../validator/SAMLTokenValidatorRealmTest.java  |   2 +-
 .../token/validator/SAMLTokenValidatorTest.java |   8 +-
 32 files changed, 800 insertions(+), 77 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/pom.xml b/services/sts/sts-core/pom.xml
index 046a828..2d29ea1 100644
--- a/services/sts/sts-core/pom.xml
+++ b/services/sts/sts-core/pom.xml
@@ -50,6 +50,12 @@
             <scope>compile</scope>
         </dependency>
         <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-rs-security-jose</artifactId>
+            <version>${project.version}</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
             <groupId>net.sf.ehcache</groupId>
             <artifactId>ehcache</artifactId>
             <version>${cxf.ehcache.version}</version>

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
index 903737e..1d0c378 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
@@ -31,6 +31,8 @@ import javax.xml.bind.JAXBElement;
 import javax.xml.ws.WebServiceContext;
 import javax.xml.ws.handler.MessageContext;
 
+import org.w3c.dom.Element;
+
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.rt.security.claims.ClaimCollection;
@@ -286,9 +288,12 @@ public class TokenIssueOperation extends AbstractOperation implements IssueOpera
         if (!encryptIssuedToken) {
             requestedTokenType.setAny(tokenResponse.getToken());
         } else {
+            if (!(tokenResponse.getToken() instanceof Element)) {
+                throw new STSException("Error in creating the response", STSException.REQUEST_FAILED);
+            }
             requestedTokenType.setAny(
                 encryptToken(
-                    tokenResponse.getToken(), tokenResponse.getTokenId(), 
+                    (Element)tokenResponse.getToken(), tokenResponse.getTokenId(), 
                     encryptionProperties, keyRequirements, webServiceContext
                 )
             );

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderResponse.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderResponse.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderResponse.java
index 3dda2e5..bf28778 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderResponse.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderResponse.java
@@ -21,14 +21,12 @@ package org.apache.cxf.sts.token.provider;
 
 import java.util.Date;
 
-import org.w3c.dom.Element;
-
 /**
  * This class encapsulates the response from a TokenProvider instance after creating a token.
  */
 public class TokenProviderResponse {
 
-    private Element token;
+    private Object token;
     private String tokenId;
     private byte[] entropy;
     private long keySize;
@@ -70,7 +68,7 @@ public class TokenProviderResponse {
      * Set the token
      * @param token the token to set
      */
-    public void setToken(Element token) {
+    public void setToken(Object token) {
         this.token = token;
     }
     
@@ -78,7 +76,7 @@ public class TokenProviderResponse {
      * Get the token
      * @return the token to set
      */
-    public Element getToken() {
+    public Object getToken() {
         return token;
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
new file mode 100644
index 0000000..5addb95
--- /dev/null
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
@@ -0,0 +1,130 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.provider.jwt;
+
+import java.security.Principal;
+import java.util.Date;
+import java.util.UUID;
+import java.util.logging.Logger;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.ReceivedToken.STATE;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+
+/**
+ * A default implementation to create a JWTClaims object. The Subject name is the name
+ * of the current principal. 
+ */
+public class DefaultJWTClaimsProvider implements JWTClaimsProvider {
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(DefaultJWTClaimsProvider.class);
+    private boolean useX500CN;
+                                                            
+    /**
+     * Get a JwtClaims object.
+     */
+    public JwtClaims getJwtClaims(JWTClaimsProviderParameters jwtClaimsProviderParameters) {
+        
+        JwtClaims claims = new JwtClaims();
+        claims.setSubject(getSubjectName(jwtClaimsProviderParameters));
+        claims.setTokenId(UUID.randomUUID().toString());
+        claims.setIssuer("DoubleItSTSIssuer");
+        
+        Date currentDate = new Date();
+        claims.setIssuedAt(currentDate.getTime() / 1000L);
+        long currentTime = currentDate.getTime() + 300L * 1000L;
+        currentDate.setTime(currentTime);
+        claims.setExpiryTime(currentDate.getTime() / 1000L);
+        
+        return claims;
+    }
+    
+    protected String getSubjectName(JWTClaimsProviderParameters jwtClaimsProviderParameters) {
+        Principal principal = getPrincipal(jwtClaimsProviderParameters);
+        if (principal == null) {
+            LOG.fine("Error in getting principal");
+            throw new STSException("Error in getting principal", STSException.REQUEST_FAILED);
+        }
+        
+        String subjectName = principal.getName();
+        if (principal instanceof X500Principal) {
+            // Just use the "cn" instead of the entire DN
+            try {
+                String principalName = principal.getName();
+                int index = principalName.indexOf('=');
+                principalName = principalName.substring(index + 1, principalName.indexOf(',', index));
+                subjectName = principalName;
+            } catch (Throwable ex) {
+                subjectName = principal.getName();
+                //Ignore, not X500 compliant thus use the whole string as the value
+            }
+        }
+        
+        return subjectName;
+    }
+        
+    /**
+     * Get the Principal (which is used as the Subject). By default, we check the following (in order):
+     *  - A valid OnBehalfOf principal
+     *  - A valid ActAs principal
+     *  - A valid principal associated with a token received as ValidateTarget
+     *  - The principal associated with the request. We don't need to check to see if it is "valid" here, as it
+     *    is not parsed by the STS (but rather the WS-Security layer).
+     */
+    protected Principal getPrincipal(JWTClaimsProviderParameters jwtClaimsProviderParameters) {
+        TokenProviderParameters providerParameters = jwtClaimsProviderParameters.getProviderParameters();
+
+        Principal principal = null;
+        //TokenValidator in IssueOperation has validated the ReceivedToken
+        //if validation was successful, the principal was set in ReceivedToken 
+        if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
+            ReceivedToken receivedToken = providerParameters.getTokenRequirements().getOnBehalfOf();
+            if (receivedToken.getState().equals(STATE.VALID)) {
+                principal = receivedToken.getPrincipal();
+            }
+        } else if (providerParameters.getTokenRequirements().getActAs() != null) {
+            ReceivedToken receivedToken = providerParameters.getTokenRequirements().getActAs();
+            if (receivedToken.getState().equals(STATE.VALID)) {
+                principal = receivedToken.getPrincipal();
+            }
+        } else if (providerParameters.getTokenRequirements().getValidateTarget() != null) {
+            ReceivedToken receivedToken = providerParameters.getTokenRequirements().getValidateTarget();
+            if (receivedToken.getState().equals(STATE.VALID)) {
+                principal = receivedToken.getPrincipal();
+            }
+        } else {
+            principal = providerParameters.getPrincipal();
+        }
+
+        return principal;
+    }
+    
+    public boolean isUseX500CN() {
+        return useX500CN;
+    }
+
+    public void setUseX500CN(boolean useX500CN) {
+        this.useX500CN = useX500CN;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTClaimsProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTClaimsProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTClaimsProvider.java
new file mode 100644
index 0000000..1505e60
--- /dev/null
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTClaimsProvider.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.provider.jwt;
+
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+
+/**
+ * An interface that allows a pluggable way of creating a JWTClaims object
+ */
+public interface JWTClaimsProvider {
+
+    /**
+     * Get a JwtClaims object.
+     */
+    JwtClaims getJwtClaims(JWTClaimsProviderParameters jwtClaimsProviderParameters);
+        
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTClaimsProviderParameters.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTClaimsProviderParameters.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTClaimsProviderParameters.java
new file mode 100644
index 0000000..24f1ed9
--- /dev/null
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTClaimsProviderParameters.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.provider.jwt;
+
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+
+/**
+ * The parameters that are passed through to a JWTClaimsProvider implementation to create a 
+ * JWTClaims Object.
+ */
+public class JWTClaimsProviderParameters {
+
+    private TokenProviderParameters providerParameters;
+    
+    public TokenProviderParameters getProviderParameters() {
+        return providerParameters;
+    }
+    
+    public void setProviderParameters(TokenProviderParameters providerParameters) {
+        this.providerParameters = providerParameters;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
new file mode 100644
index 0000000..b458281
--- /dev/null
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
@@ -0,0 +1,195 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.provider.jwt;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenProviderResponse;
+import org.apache.cxf.sts.token.realm.SAMLRealm;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+
+/**
+ * A TokenProvider implementation that provides a JWT Token.
+ */
+public class JWTTokenProvider implements TokenProvider {
+    
+    public static final String JWT_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:jwt";
+    private static final Logger LOG = LogUtils.getL7dLogger(JWTTokenProvider.class);
+    
+    private boolean signToken = true;
+    private Map<String, SAMLRealm> realmMap = new HashMap<>();
+    private JWTClaimsProvider jwtClaimsProvider = new DefaultJWTClaimsProvider();
+    
+    /**
+     * Return true if this TokenProvider implementation is capable of providing a token
+     * that corresponds to the given TokenType.
+     */
+    public boolean canHandleToken(String tokenType) {
+        return canHandleToken(tokenType, null);
+    }
+    
+    /**
+     * Return true if this TokenProvider implementation is capable of providing a token
+     * that corresponds to the given TokenType in a given realm.
+     */
+    public boolean canHandleToken(String tokenType, String realm) {
+        if (realm != null && !realmMap.containsKey(realm)) {
+            return false;
+        }
+        return JWT_TOKEN_TYPE.equals(tokenType);
+    }
+    
+    /**
+     * Create a token given a TokenProviderParameters
+     */
+    public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
+        //KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
+        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
+        if (LOG.isLoggable(Level.FINE)) {
+            LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
+        }
+        
+        // Get the claims
+        JWTClaimsProviderParameters jwtClaimsProviderParameters = new JWTClaimsProviderParameters();
+        jwtClaimsProviderParameters.setProviderParameters(tokenParameters);
+        
+        JwtClaims claims = jwtClaimsProvider.getJwtClaims(jwtClaimsProviderParameters);
+        
+        /*
+        if (signToken) {
+            STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
+            signToken(assertion, samlRealm, stsProperties, tokenParameters.getKeyRequirements());
+        }
+        */
+        
+        try {
+            /*
+            Document doc = DOMUtils.createDocument();
+            SamlAssertionWrapper assertion = createSamlToken(tokenParameters, secret, doc);
+            Element token = assertion.toDOM(doc);
+            
+            // set the token in cache (only if the token is signed)
+            byte[] signatureValue = assertion.getSignatureValue();
+            if (tokenParameters.getTokenStore() != null && signatureValue != null
+                && signatureValue.length > 0) {
+                DateTime validTill = null;
+                if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
+                    validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
+                } else {
+                    validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
+                }
+                
+                SecurityToken securityToken = 
+                    CacheUtils.createSecurityTokenForStorage(token, assertion.getId(), 
+                        validTill.toDate(), tokenParameters.getPrincipal(), tokenParameters.getRealm(),
+                        tokenParameters.getTokenRequirements().getRenewing());
+                CacheUtils.storeTokenInCache(
+                    securityToken, tokenParameters.getTokenStore(), signatureValue);
+            }
+            */
+            
+            JwtToken token = new JwtToken(claims);
+            
+            Properties signingProperties = new Properties();
+            signingProperties.put(JoseConstants.RSSEC_SIGNATURE_ALGORITHM, "none");
+            
+            JwsJwtCompactProducer jws = new JwsJwtCompactProducer(token);
+            jws.setSignatureProperties(signingProperties);
+            String tokenData = jws.getSignedEncodedJws();
+            
+            TokenProviderResponse response = new TokenProviderResponse();
+            response.setToken(tokenData);
+            
+            response.setTokenId(claims.getTokenId());
+            
+            if (claims.getIssuedAt() > 0) {
+                response.setCreated(new Date(claims.getIssuedAt() * 1000L));
+            }
+            if (claims.getExpiryTime() > 0) {
+                response.setExpires(new Date(claims.getExpiryTime() * 1000L));
+            }
+            
+            /*response.setEntropy(entropyBytes);
+            if (keySize > 0) {
+                response.setKeySize(keySize);
+            }
+            response.setComputedKey(computedKey);
+            */
+            LOG.fine("JWT Token successfully created");
+            return response;
+        } catch (Exception e) {
+            e.printStackTrace();
+            LOG.log(Level.WARNING, "", e);
+            throw new STSException("Can't serialize JWT token", e, STSException.REQUEST_FAILED);
+        }
+    }
+    
+    /**
+     * Return whether the provided token will be signed or not. Default is true.
+     */
+    public boolean isSignToken() {
+        return signToken;
+    }
+
+    /**
+     * Set whether the provided token will be signed or not. Default is true.
+     */
+    public void setSignToken(boolean signToken) {
+        this.signToken = signToken;
+    }
+    
+    /**
+     * Set the map of realm->SAMLRealm for this token provider
+     * @param realms the map of realm->SAMLRealm for this token provider
+     */
+    public void setRealmMap(Map<String, SAMLRealm> realms) {
+        this.realmMap = realms;
+    }
+    
+    /**
+     * Get the map of realm->SAMLRealm for this token provider
+     * @return the map of realm->SAMLRealm for this token provider
+     */
+    public Map<String, SAMLRealm> getRealmMap() {
+        return realmMap;
+    }
+
+    public JWTClaimsProvider getJwtClaimsProvider() {
+        return jwtClaimsProvider;
+    }
+
+    public void setJwtClaimsProvider(JWTClaimsProvider jwtClaimsProvider) {
+        this.jwtClaimsProvider = jwtClaimsProvider;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlIssueSamlClaimsTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlIssueSamlClaimsTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlIssueSamlClaimsTest.java
index 50cb9fd..f43ba17 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlIssueSamlClaimsTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlIssueSamlClaimsTest.java
@@ -358,7 +358,7 @@ public class JexlIssueSamlClaimsTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        return providerResponse.getToken();
+        return (Element)providerResponse.getToken();
     }
 
     private TokenProviderParameters createProviderParameters(String tokenType, String keyType, Crypto crypto,

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CancelSCTUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CancelSCTUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CancelSCTUnitTest.java
index bc0990f..f8dc0cf 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CancelSCTUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/CancelSCTUnitTest.java
@@ -98,7 +98,7 @@ public class CancelSCTUnitTest extends org.junit.Assert {
         
         // Get a SecurityContextToken via the SCTProvider
         TokenProviderResponse providerResponse = createSCT();
-        Element sct = providerResponse.getToken();
+        Element sct = (Element)providerResponse.getToken();
         Document doc = sct.getOwnerDocument();
         sct = (Element)doc.appendChild(sct);
         CancelTargetType cancelTarget = new CancelTargetType();

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueJWTUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueJWTUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueJWTUnitTest.java
new file mode 100644
index 0000000..6112d2f
--- /dev/null
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueJWTUnitTest.java
@@ -0,0 +1,193 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.operation;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Properties;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.namespace.QName;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.jaxws.context.WebServiceContextImpl;
+import org.apache.cxf.jaxws.context.WrappedMessageContext;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.sts.QNameConstants;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.cache.DefaultInMemoryTokenStore;
+import org.apache.cxf.sts.common.PasswordCallbackHandler;
+import org.apache.cxf.sts.service.ServiceMBean;
+import org.apache.cxf.sts.service.StaticService;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.principal.CustomTokenPrincipal;
+import org.apache.wss4j.dom.WSConstants;
+import org.junit.Assert;
+
+/**
+ * Some unit tests for the issue operation to issue JWT Tokens.
+ */
+public class IssueJWTUnitTest extends org.junit.Assert {
+    
+    public static final QName REQUESTED_SECURITY_TOKEN = 
+        QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityToken(null).getName();
+    public static final QName ATTACHED_REFERENCE = 
+        QNameConstants.WS_TRUST_FACTORY.createRequestedAttachedReference(null).getName();
+    public static final QName UNATTACHED_REFERENCE = 
+        QNameConstants.WS_TRUST_FACTORY.createRequestedUnattachedReference(null).getName();
+    
+    private static TokenStore tokenStore = new DefaultInMemoryTokenStore();
+    
+    /**
+     * Test to successfully issue a JWT Token
+     */
+    @org.junit.Test
+    public void testIssueJWTToken() throws Exception {
+        TokenIssueOperation issueOperation = new TokenIssueOperation();
+        issueOperation.setTokenStore(tokenStore);
+        
+        // Add Token Provider
+        List<TokenProvider> providerList = new ArrayList<TokenProvider>();
+        providerList.add(new JWTTokenProvider());
+        issueOperation.setTokenProviders(providerList);
+        
+        // Add Service
+        ServiceMBean service = new StaticService();
+        service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
+        issueOperation.setServices(Collections.singletonList(service));
+        
+        // Add STSProperties object
+        STSPropertiesMBean stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setEncryptionCrypto(crypto);
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setEncryptionUsername("myservicekey");
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        issueOperation.setStsProperties(stsProperties);
+        
+        // Mock up a request
+        RequestSecurityTokenType request = new RequestSecurityTokenType();
+        JAXBElement<String> tokenType = 
+            new JAXBElement<String>(
+                QNameConstants.TOKEN_TYPE, String.class, JWTTokenProvider.JWT_TOKEN_TYPE
+            );
+        request.getAny().add(tokenType);
+        request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
+        
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        msgCtx.put(
+            SecurityContext.class.getName(), 
+            createSecurityContext(new CustomTokenPrincipal("alice"))
+        );
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        
+        // Issue a token
+        RequestSecurityTokenResponseCollectionType response = 
+            issueOperation.issue(request, webServiceContext);
+        List<RequestSecurityTokenResponseType> securityTokenResponse = 
+            response.getRequestSecurityTokenResponse();
+        assertTrue(!securityTokenResponse.isEmpty());
+        
+        // Test the generated token.
+        String jwtToken = null;
+        for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
+            if (tokenObject instanceof JAXBElement<?>
+                && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>)tokenObject).getName())) {
+                RequestedSecurityTokenType rstType = 
+                    (RequestedSecurityTokenType)((JAXBElement<?>)tokenObject).getValue();
+                jwtToken = (String)rstType.getAny();
+                break;
+            }
+        }
+        
+        assertNotNull(jwtToken);
+        
+        // Validate the token
+        JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(jwtToken);
+        JwtToken jwt = jwtConsumer.getJwtToken();
+        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+    }
+    
+    /*
+     * Create a security context object
+     */
+    private SecurityContext createSecurityContext(final Principal p) {
+        return new SecurityContext() {
+            public Principal getUserPrincipal() {
+                return p;
+            }
+            public boolean isUserInRole(String role) {
+                return false;
+            }
+        };
+    }
+    
+    /*
+     * Mock up an AppliesTo element using the supplied address
+     */
+    private Element createAppliesToElement(String addressUrl) {
+        Document doc = DOMUtils.createDocument();
+        Element appliesTo = doc.createElementNS(STSConstants.WSP_NS, "wsp:AppliesTo");
+        appliesTo.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:wsp", STSConstants.WSP_NS);
+        Element endpointRef = doc.createElementNS(STSConstants.WSA_NS_05, "wsa:EndpointReference");
+        endpointRef.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:wsa", STSConstants.WSA_NS_05);
+        Element address = doc.createElementNS(STSConstants.WSA_NS_05, "wsa:Address");
+        address.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:wsa", STSConstants.WSA_NS_05);
+        address.setTextContent(addressUrl);
+        endpointRef.appendChild(address);
+        appliesTo.appendChild(endpointRef);
+        return appliesTo;
+    }
+    
+    private Properties getEncryptionProperties() {
+        Properties properties = new Properties();
+        properties.put(
+            "org.apache.wss4j.crypto.provider", "org.apache.wss4j.common.crypto.Merlin"
+        );
+        properties.put("org.apache.wss4j.crypto.merlin.keystore.password", "stsspass");
+        properties.put("org.apache.wss4j.crypto.merlin.keystore.file", "stsstore.jks");
+        
+        return properties;
+    }
+    
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java
index f77e4c8..6a2354d 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueOnbehalfofUnitTest.java
@@ -1240,7 +1240,7 @@ public class IssueOnbehalfofUnitTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        return providerResponse.getToken();
+        return (Element)providerResponse.getToken();
     }
 
     private TokenProviderParameters createProviderParameters(

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java
index 7c4ae20..acd061a 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlClaimsUnitTest.java
@@ -878,7 +878,7 @@ public class IssueSamlClaimsUnitTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        return providerResponse.getToken();
+        return (Element)providerResponse.getToken();
     }
     
     private TokenProviderParameters createProviderParameters(

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/RenewSamlUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/RenewSamlUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/RenewSamlUnitTest.java
index b60099e..1d50ff8 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/RenewSamlUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/RenewSamlUnitTest.java
@@ -516,7 +516,7 @@ public class RenewSamlUnitTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        return providerResponse.getToken();
+        return (Element)providerResponse.getToken();
     }
 
     private TokenProviderParameters createProviderParameters(

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java
index 55d142d..d17404b 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSCTUnitTest.java
@@ -105,7 +105,7 @@ public class ValidateSCTUnitTest extends org.junit.Assert {
         
         // Get a SecurityContextToken via the SCTProvider
         TokenProviderResponse providerResponse = createSCT();
-        Element sct = providerResponse.getToken();
+        Element sct = (Element)providerResponse.getToken();
         Document doc = sct.getOwnerDocument();
         sct = (Element)doc.appendChild(sct);
         ValidateTargetType validateTarget = new ValidateTargetType();

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSamlUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSamlUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSamlUnitTest.java
index eb9be37..53ade10 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSamlUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateSamlUnitTest.java
@@ -247,7 +247,7 @@ public class ValidateSamlUnitTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        return providerResponse.getToken();
+        return (Element)providerResponse.getToken();
     }
 
     private TokenProviderParameters createProviderParameters(

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java
index c0d4f3d..857ea55 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/ValidateTokenTransformationUnitTest.java
@@ -871,7 +871,7 @@ public class ValidateTokenTransformationUnitTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        return providerResponse.getToken();
+        return (Element)providerResponse.getToken();
     }
     
     private TokenProviderParameters createProviderParameters(

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
new file mode 100644
index 0000000..19d41f2
--- /dev/null
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
@@ -0,0 +1,124 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.provider;
+
+import java.util.Properties;
+
+import org.apache.cxf.jaxws.context.WebServiceContextImpl;
+import org.apache.cxf.jaxws.context.WrappedMessageContext;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.cache.DefaultInMemoryTokenStore;
+import org.apache.cxf.sts.common.PasswordCallbackHandler;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.service.EncryptionProperties;
+import org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.principal.CustomTokenPrincipal;
+import org.junit.Assert;
+
+/**
+ * Some unit tests for creating JWTTokens.
+ */
+public class JWTTokenProviderTest extends org.junit.Assert {
+    
+    private static TokenStore tokenStore = new DefaultInMemoryTokenStore();
+    
+    @org.junit.Test
+    public void testCreateUnsignedJWT() throws Exception {
+        TokenProvider jwtTokenProvider = new JWTTokenProvider();
+        
+        TokenProviderParameters providerParameters = createProviderParameters();
+        
+        assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
+        TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+
+        String token = (String)providerResponse.getToken();
+        assertNotNull(token);
+        assertTrue(token.split("\\.").length == 2);
+        
+        // Validate the token
+        JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
+        JwtToken jwt = jwtConsumer.getJwtToken();
+        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+        Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
+        Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L, 
+                            jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
+        Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L, 
+                            jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+    }
+    
+    private TokenProviderParameters createProviderParameters() throws WSSecurityException {
+        TokenProviderParameters parameters = new TokenProviderParameters();
+        
+        TokenRequirements tokenRequirements = new TokenRequirements();
+        tokenRequirements.setTokenType(JWTTokenProvider.JWT_TOKEN_TYPE);
+        parameters.setTokenRequirements(tokenRequirements);
+        
+        KeyRequirements keyRequirements = new KeyRequirements();
+        parameters.setKeyRequirements(keyRequirements);
+
+        parameters.setTokenStore(tokenStore);
+        
+        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        parameters.setWebServiceContext(webServiceContext);
+        
+        parameters.setAppliesToAddress("http://dummy-service.com/dummy");
+        
+        // Add STSProperties object
+        StaticSTSProperties stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        parameters.setStsProperties(stsProperties);
+        
+        parameters.setEncryptionProperties(new EncryptionProperties());
+        
+        return parameters;
+    }
+    
+    private Properties getEncryptionProperties() {
+        Properties properties = new Properties();
+        properties.put(
+            "org.apache.wss4j.crypto.provider", "org.apache.wss4j.common.crypto.Merlin"
+        );
+        properties.put("org.apache.wss4j.crypto.merlin.keystore.password", "stsspass");
+        properties.put("org.apache.wss4j.crypto.merlin.keystore.file", "stsstore.jks");
+        
+        return properties;
+    }
+    
+  
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
index 9aa376b..f4d292b 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLClaimsTest.java
@@ -100,7 +100,7 @@ public class SAMLClaimsTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -145,7 +145,7 @@ public class SAMLClaimsTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -194,7 +194,7 @@ public class SAMLClaimsTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -238,7 +238,7 @@ public class SAMLClaimsTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -295,7 +295,7 @@ public class SAMLClaimsTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -387,7 +387,7 @@ public class SAMLClaimsTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
index 48a4263..b032602 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderActAsTest.java
@@ -81,7 +81,7 @@ public class SAMLProviderActAsTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -112,7 +112,7 @@ public class SAMLProviderActAsTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -149,7 +149,7 @@ public class SAMLProviderActAsTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -170,7 +170,7 @@ public class SAMLProviderActAsTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        token = providerResponse.getToken();
+        token = (Element)providerResponse.getToken();
         tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains("CustomActAs"));
     }
@@ -184,7 +184,7 @@ public class SAMLProviderActAsTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        return providerResponse.getToken();
+        return (Element)providerResponse.getToken();
     }
     
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderCustomTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderCustomTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderCustomTest.java
index 07fa676..9ead280 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderCustomTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderCustomTest.java
@@ -66,7 +66,7 @@ public class SAMLProviderCustomTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -94,7 +94,7 @@ public class SAMLProviderCustomTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertFalse(tokenString.contains("AttributeStatement"));
@@ -122,7 +122,7 @@ public class SAMLProviderCustomTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertFalse(tokenString.contains("AttributeStatement"));
@@ -155,7 +155,7 @@ public class SAMLProviderCustomTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -182,7 +182,7 @@ public class SAMLProviderCustomTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -210,7 +210,7 @@ public class SAMLProviderCustomTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertFalse(tokenString.contains("AttributeStatement"));
@@ -235,7 +235,7 @@ public class SAMLProviderCustomTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -262,7 +262,7 @@ public class SAMLProviderCustomTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java
index 25c2305..ec90777 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java
@@ -69,7 +69,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -92,7 +92,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -133,7 +133,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -173,7 +173,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -221,7 +221,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -268,7 +268,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -320,7 +320,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -389,7 +389,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -417,7 +417,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -446,7 +446,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -473,7 +473,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertFalse(tokenString.contains(WSConstants.C14N_EXCL_WITH_COMMENTS));
         assertTrue(tokenString.contains(WSConstants.C14N_EXCL_OMIT_COMMENTS));
@@ -491,7 +491,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        token = providerResponse.getToken();
+        token = (Element)providerResponse.getToken();
         tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(WSConstants.C14N_EXCL_WITH_COMMENTS));
     }
@@ -515,7 +515,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"));
         
@@ -528,7 +528,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        token = providerResponse.getToken();
+        token = (Element)providerResponse.getToken();
         tokenString = DOM2Writer.nodeToString(token);
         assertFalse(tokenString.contains(signatureAlgorithm));
         assertTrue(tokenString.contains("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"));
@@ -542,7 +542,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        token = providerResponse.getToken();
+        token = (Element)providerResponse.getToken();
         tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(signatureAlgorithm));
     }
@@ -561,7 +561,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(WSConstants.SHA256));
         
@@ -574,7 +574,7 @@ public class SAMLProviderKeyTypeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        token = providerResponse.getToken();
+        token = (Element)providerResponse.getToken();
         tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(WSConstants.SHA1));
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java
index 1a9d38e..e186afa 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderLifetimeTest.java
@@ -81,7 +81,7 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert {
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         assertEquals(requestedLifetime * 1000L, providerResponse.getExpires().getTime() 
                      - providerResponse.getCreated().getTime());
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
     }
@@ -112,7 +112,7 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert {
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         assertEquals(providerLifetime * 1000L, providerResponse.getExpires().getTime() 
                      - providerResponse.getCreated().getTime());
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
     }
@@ -234,7 +234,7 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert {
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         assertEquals(maxLifetime * 1000L, providerResponse.getExpires().getTime() 
                      - providerResponse.getCreated().getTime());
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
     }
@@ -274,7 +274,7 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert {
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         assertEquals(50L * 1000L, providerResponse.getExpires().getTime() 
                      - providerResponse.getCreated().getTime());
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
     }
@@ -322,7 +322,7 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert {
         TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
     }
@@ -359,7 +359,7 @@ public class SAMLProviderLifetimeTest extends org.junit.Assert {
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         assertEquals(conditionsProvider.getLifetime() * 1000L, providerResponse.getExpires().getTime() 
                      - providerResponse.getCreated().getTime());
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java
index 9158fc1..20a690c 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderOnBehalfOfTest.java
@@ -82,7 +82,7 @@ public class SAMLProviderOnBehalfOfTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -112,7 +112,7 @@ public class SAMLProviderOnBehalfOfTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -149,7 +149,7 @@ public class SAMLProviderOnBehalfOfTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("AttributeStatement"));
@@ -170,7 +170,7 @@ public class SAMLProviderOnBehalfOfTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        token = providerResponse.getToken();
+        token = (Element)providerResponse.getToken();
         tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains("CustomOnBehalfOf"));
     }
@@ -186,7 +186,7 @@ public class SAMLProviderOnBehalfOfTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        return providerResponse.getToken();
+        return (Element)providerResponse.getToken();
     }
     
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java
index 1072e14..2ef1669 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderRealmTest.java
@@ -72,7 +72,7 @@ public class SAMLProviderRealmTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertTrue(tokenString.contains("A-Issuer"));
@@ -86,7 +86,7 @@ public class SAMLProviderRealmTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        token = providerResponse.getToken();
+        token = (Element)providerResponse.getToken();
         tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertFalse(tokenString.contains("A-Issuer"));
@@ -100,7 +100,7 @@ public class SAMLProviderRealmTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        token = providerResponse.getToken();
+        token = (Element)providerResponse.getToken();
         tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(providerResponse.getTokenId()));
         assertFalse(tokenString.contains("A-Issuer"));

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SCTProviderTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SCTProviderTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SCTProviderTest.java
index b0ed248..658d24b 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SCTProviderTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SCTProviderTest.java
@@ -63,7 +63,7 @@ public class SCTProviderTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(ConversationConstants.WSC_NS_05_12));
         assertFalse(tokenString.contains(ConversationConstants.WSC_NS_05_02));
@@ -84,7 +84,7 @@ public class SCTProviderTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         String tokenString = DOM2Writer.nodeToString(token);
         assertTrue(tokenString.contains(ConversationConstants.WSC_NS_05_02));
         assertFalse(tokenString.contains(ConversationConstants.WSC_NS_05_12));
@@ -129,7 +129,7 @@ public class SCTProviderTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        Element token = providerResponse.getToken();
+        Element token = (Element)providerResponse.getToken();
         SecurityContextToken sctToken = new SecurityContextToken(token);
         String identifier = sctToken.getIdentifier();
         assertNotNull(tokenStore.getToken(identifier));

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java
index 2a13451..34a419b 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerLifetimeTest.java
@@ -387,7 +387,7 @@ public class SAMLTokenRenewerLifetimeTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        return providerResponse.getToken();
+        return (Element)providerResponse.getToken();
     }    
 
     private TokenProviderParameters createProviderParameters(

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java
index 130e9fc..00d7211 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerPOPTest.java
@@ -301,7 +301,7 @@ public class SAMLTokenRenewerPOPTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        return providerResponse.getToken();
+        return (Element)providerResponse.getToken();
     }    
     
     private TokenProviderParameters createProviderParameters(

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java
index 27f487c..afee371 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java
@@ -294,7 +294,7 @@ public class SAMLTokenRenewerRealmTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        return providerResponse.getToken();
+        return (Element)providerResponse.getToken();
     }
     
     private Map<String, SAMLRealm> getSamlRealms() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java
index 646d2ed..3b56bf5 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerTest.java
@@ -594,7 +594,7 @@ public class SAMLTokenRenewerTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
 
-        return providerResponse.getToken();
+        return (Element)providerResponse.getToken();
     }    
     
     private TokenProviderParameters createProviderParameters(

http://git-wip-us.apache.org/repos/asf/cxf/blob/a493fc41/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorCachedRealmTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorCachedRealmTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorCachedRealmTest.java
index 9e47b64..c12f1c7 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorCachedRealmTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorCachedRealmTest.java
@@ -186,7 +186,7 @@ public class SAMLTokenValidatorCachedRealmTest extends org.junit.Assert {
         assertTrue(providerResponse != null);
         assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
         
-        return providerResponse.getToken();
+        return (Element)providerResponse.getToken();
     }
     
     private Map<String, SAMLRealm> getSamlRealms() {


Mime
View raw message