protected void processToken(SoapMessage message) { Header h = findSecurityHeader(message, false); if (h == null) { return; } boolean utWithCallbacks = MessageUtils.getContextualBoolean(message, SecurityConstants.VALIDATE_TOKEN, true); Element el = (Element) h.getObject(); Element child = DOMUtils.getFirstElement(el); while (child != null) { if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName()) && WSConstants.WSSE_NS.equals(child.getNamespaceURI())) { try { Principal principal = null; Subject subject = null; if (utWithCallbacks) { final WSSecurityEngineResult result = validateToken(child, message); principal = (Principal) result.get(WSSecurityEngineResult.TAG_PRINCIPAL); subject = (Subject) result.get(WSSecurityEngineResult.TAG_SUBJECT); } else { boolean bspCompliant = isWsiBSPCompliant(message); principal = parseTokenAndCreatePrincipal(child, bspCompliant); WSS4JTokenConverter.convertToken(message, principal); } SecurityContext sc = message.get(SecurityContext.class); if (sc == null || sc.getUserPrincipal() == null) { if (subject != null && principal != null) { message.put(SecurityContext.class, createSecurityContext(principal, subject)); } else if (principal instanceof UsernameTokenPrincipal) { UsernameTokenPrincipal utPrincipal = (UsernameTokenPrincipal) principal; String nonce = null; if (utPrincipal.getNonce() != null) { nonce = Base64.encode(utPrincipal.getNonce()); } subject = createSubject( utPrincipal.getName(), utPrincipal.getPassword(), utPrincipal.isPasswordDigest(), nonce, utPrincipal.getCreatedTime()); message.put(SecurityContext.class, createSecurityContext(utPrincipal, subject)); } } if (principal instanceof UsernameTokenPrincipal) { storeResults((UsernameTokenPrincipal) principal, message); } } catch (WSSecurityException ex) { throw new Fault(ex); } catch (Base64DecodingException ex) { throw new Fault(ex); } } child = DOMUtils.getNextElement(child); } }