protected WSSecurityEngineResult validateToken(Element tokenElement, final SoapMessage message) throws WSSecurityException, Base64DecodingException { boolean bspCompliant = isWsiBSPCompliant(message); boolean allowNoPassword = isAllowNoPassword(message.get(AssertionInfoMap.class)); UsernameTokenProcessor p = new UsernameTokenProcessor(); WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument()); RequestData data = new RequestData() { public CallbackHandler getCallbackHandler() { return getCallback(message); } public Validator getValidator(QName qName) throws WSSecurityException { Object validator = message.getContextualProperty(SecurityConstants.USERNAME_TOKEN_VALIDATOR); if (validator == null) { return super.getValidator(qName); } return (Validator) validator; } }; // Configure replay caching ReplayCache nonceCache = WSS4JUtils.getReplayCache( message, SecurityConstants.ENABLE_NONCE_CACHE, SecurityConstants.NONCE_CACHE_INSTANCE); data.setNonceReplayCache(nonceCache); WSSConfig config = WSSConfig.getNewInstance(); config.setAllowUsernameTokenNoPassword(allowNoPassword); data.setWssConfig(config); if (!bspCompliant) { data.setDisableBSPEnforcement(true); } List<WSSecurityEngineResult> results = p.handleToken(tokenElement, data, wsDocInfo); return results.get(0); }