public void handleMessage(Message message) throws Fault {
    SecurityContext context = message.get(SecurityContext.class);
    if (context == null) {
      return;
    }
    Principal principal = context.getUserPrincipal();
    UsernameToken usernameToken = (UsernameToken) message.get(SecurityToken.class);
    if (principal == null
        || usernameToken == null
        || !principal.getName().equals(usernameToken.getName())) {
      return;
    }

    // Read the user from Syncope and get the roles
    WebClient client =
        WebClient.create(address, Collections.singletonList(new JacksonJsonProvider()));

    String authorizationHeader =
        "Basic "
            + Base64Utility.encode(
                (usernameToken.getName() + ":" + usernameToken.getPassword()).getBytes());

    client.header("Authorization", authorizationHeader);

    client = client.path("users/self");
    UserTO user = null;
    try {
      user = client.get(UserTO.class);
      if (user == null) {
        Exception exception = new Exception("Authentication failed");
        throw new Fault(exception);
      }
    } catch (RuntimeException ex) {
      if (log.isDebugEnabled()) {
        log.debug(ex.getMessage(), ex);
      }
      throw new Fault(ex);
    }

    // Now get the roles
    List<MembershipTO> membershipList = user.getMemberships();
    Subject subject = new Subject();
    subject.getPrincipals().add(principal);
    for (MembershipTO membership : membershipList) {
      String roleName = membership.getRoleName();
      subject.getPrincipals().add(new SimpleGroup(roleName, usernameToken.getName()));
    }
    subject.setReadOnly();

    message.put(SecurityContext.class, new DefaultSecurityContext(principal, subject));
  }
  @Override
  public void handleMessage(SoapMessage msg) throws Fault {
    Endpoint ep = msg.getExchange().get(Endpoint.class);
    sdc.set(ep.getSecurityDomainContext());
    try {
      SecurityToken token = msg.get(SecurityToken.class);
      SecurityContext context = msg.get(SecurityContext.class);
      if (token == null || context == null || context.getUserPrincipal() == null) {
        super.handleMessage(msg);
        return;
      }
      UsernameToken ut = (UsernameToken) token;

      Subject subject =
          createSubject(
              ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());

      SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject);
      msg.put(SecurityContext.class, sc);
    } finally {
      if (sdc != null) {
        sdc.remove();
      }
    }
  }