http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
index 396dcad..e68c61f 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
@@ -133,9 +133,8 @@ abstract class STSInvoker implements Invoker {
             } catch (Exception ex) {
                 throw new Fault(ex);
             }
-        } else {
-            throw new Fault("Unknown SecureConversation element: " + 
requestEl.getLocalName(), LOG);
         }
+        throw new Fault("Unknown SecureConversation element: " + 
requestEl.getLocalName(), LOG);
     }
 
     abstract void doIssue(

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
index 14440ff..452f9bd 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
@@ -151,9 +151,8 @@ class SecureConversationOutInterceptor extends 
AbstractPhaseInterceptor<SoapMess
                 if (issueAfterFailedRenew) {
                     // Perhaps the STS does not support renewing, so try to 
issue a new token
                     return issueToken(message, aim, itok);
-                } else {
-                    throw ex;
                 }
+                throw ex;
             } catch (Exception ex) {
                 LOG.log(Level.WARNING, "Error renewing a token", ex);
                 boolean issueAfterFailedRenew =
@@ -163,9 +162,8 @@ class SecureConversationOutInterceptor extends 
AbstractPhaseInterceptor<SoapMess
                 if (issueAfterFailedRenew) {
                     // Perhaps the STS does not support renewing, so try to 
issue a new token
                     return issueToken(message, aim, itok);
-                } else {
-                    throw new Fault(ex);
                 }
+                throw new Fault(ex);
             } finally {
                 client.setTrust((Trust10)null);
                 client.setTrust((Trust13)null);

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
index 830195f..4fc227a 100755
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
@@ -640,11 +640,10 @@ public abstract class AbstractSTSClient implements 
Configurable, InterceptorProv
                 && VersionTransformer.isSupported(el.getNamespaceURI())
                 && "MetadataReference".equals(ref.getLocalName())) {
                 return DOMUtils.getContent(el);
-            } else {
-                String ad = findMEXLocation(el);
-                if (ad != null) {
-                    return ad;
-                }
+            }
+            String ad = findMEXLocation(el);
+            if (ad != null) {
+                return ad;
             }
             el = DOMUtils.getNextElement(el);
         }
@@ -1155,54 +1154,53 @@ public abstract class AbstractSTSClient implements 
Configurable, InterceptorProv
             Object o[] = client.invoke(boi, new 
DOMSource(writer.getDocument().getDocumentElement()));
 
             return new STSResponse((DOMSource)o[0], null);
-        } else {
-            if (enableLifetime) {
-                addLifetime(writer);
-            }
+        }
+        if (enableLifetime) {
+            addLifetime(writer);
+        }
 
-            // Default to Bearer KeyType
-            String keyTypeTemplate = keyType;
-            if (keyTypeTemplate == null) {
-                keyTypeTemplate = namespace + "/Bearer";
-            }
-            keyTypeTemplate = writeKeyType(writer, keyTypeTemplate);
+        // Default to Bearer KeyType
+        String keyTypeTemplate = keyType;
+        if (keyTypeTemplate == null) {
+            keyTypeTemplate = namespace + "/Bearer";
+        }
+        keyTypeTemplate = writeKeyType(writer, keyTypeTemplate);
 
-            byte[] requestorEntropy = null;
-            X509Certificate cert = null;
-            Crypto crypto = null;
+        byte[] requestorEntropy = null;
+        X509Certificate cert = null;
+        Crypto crypto = null;
 
-            if (keySize <= 0) {
-                keySize = 256;
-            }
-            if (keyTypeTemplate != null && 
keyTypeTemplate.endsWith("SymmetricKey")) {
-                requestorEntropy = writeElementsForRSTSymmetricKey(writer, 
false);
-            } else if (keyTypeTemplate != null && 
keyTypeTemplate.endsWith("PublicKey")) {
-                // Use the given cert, or else get it from a Crypto instance
-                if (useKeyCertificate != null) {
-                    cert = useKeyCertificate;
-                } else {
-                    crypto = createCrypto(false);
-                    cert = getCert(crypto);
-                }
-                writeElementsForRSTPublicKey(writer, cert);
+        if (keySize <= 0) {
+            keySize = 256;
+        }
+        if (keyTypeTemplate != null && 
keyTypeTemplate.endsWith("SymmetricKey")) {
+            requestorEntropy = writeElementsForRSTSymmetricKey(writer, false);
+        } else if (keyTypeTemplate != null && 
keyTypeTemplate.endsWith("PublicKey")) {
+            // Use the given cert, or else get it from a Crypto instance
+            if (useKeyCertificate != null) {
+                cert = useKeyCertificate;
+            } else {
+                crypto = createCrypto(false);
+                cert = getCert(crypto);
             }
+            writeElementsForRSTPublicKey(writer, cert);
+        }
 
-            writeRenewalSemantics(writer);
+        writeRenewalSemantics(writer);
 
-            addClaims(writer);
+        addClaims(writer);
 
-            writer.writeStartElement("wst", "ValidateTarget", namespace);
+        writer.writeStartElement("wst", "ValidateTarget", namespace);
 
-            Element el = tok.getToken();
-            StaxUtils.copy(el, writer);
+        Element el = tok.getToken();
+        StaxUtils.copy(el, writer);
 
-            writer.writeEndElement();
-            writer.writeEndElement();
+        writer.writeEndElement();
+        writer.writeEndElement();
 
-            Object o[] = client.invoke(boi, new 
DOMSource(writer.getDocument().getDocumentElement()));
+        Object o[] = client.invoke(boi, new 
DOMSource(writer.getDocument().getDocumentElement()));
 
-            return new STSResponse((DOMSource)o[0], requestorEntropy, cert, 
crypto);
-        }
+        return new STSResponse((DOMSource)o[0], requestorEntropy, cert, 
crypto);
     }
 
     private void writeRenewalSemantics(XMLStreamWriter writer) throws 
XMLStreamException {
@@ -1576,23 +1574,22 @@ public abstract class AbstractSTSClient implements 
Configurable, InterceptorProv
                 throw new 
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noCipher");
             }
             return cipherValue;
-        } else {
-            try {
-                EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
-                WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
-                RequestData data = new RequestData();
-                data.setWssConfig(WSSConfig.getNewInstance());
-                data.setDecCrypto(createCrypto(true));
-                data.setCallbackHandler(createHandler());
-                data.setWsDocInfo(docInfo);
-                List<WSSecurityEngineResult> result = proc.handleToken(child, 
data);
-                return
-                    (byte[])result.get(0).get(
-                        WSSecurityEngineResult.TAG_SECRET
-                    );
-            } catch (IOException e) {
-                throw new TrustException("ENCRYPTED_KEY_ERROR", e, LOG);
-            }
+        }
+        try {
+            EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
+            WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
+            RequestData data = new RequestData();
+            data.setWssConfig(WSSConfig.getNewInstance());
+            data.setDecCrypto(createCrypto(true));
+            data.setCallbackHandler(createHandler());
+            data.setWsDocInfo(docInfo);
+            List<WSSecurityEngineResult> result = proc.handleToken(child, 
data);
+            return
+                (byte[])result.get(0).get(
+                    WSSecurityEngineResult.TAG_SECRET
+                );
+        } catch (IOException e) {
+            throw new TrustException("ENCRYPTED_KEY_ERROR", e, LOG);
         }
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
index 6033c73..af16042 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSTokenRetriever.java
@@ -192,9 +192,8 @@ public final class STSTokenRetriever {
                 if (issueAfterFailedRenew) {
                     // Perhaps the STS does not support renewing, so try to 
issue a new token
                     return getToken(message, params, tokenCacher);
-                } else {
-                    throw ex;
                 }
+                throw ex;
             } catch (Exception ex) {
                 LOG.log(Level.WARNING, "Error renewing a token", ex);
                 boolean issueAfterFailedRenew =
@@ -203,9 +202,8 @@ public final class STSTokenRetriever {
                 if (issueAfterFailedRenew) {
                     // Perhaps the STS does not support renewing, so try to 
issue a new token
                     return getToken(message, params, tokenCacher);
-                } else {
-                    throw new Fault(ex);
                 }
+                throw new Fault(ex);
             } finally {
                 client.setTrust((Trust10)null);
                 client.setTrust((Trust13)null);

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
index 06407db..6495067 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
@@ -102,9 +102,8 @@ public final class STSUtils {
     public static STSClient getClient(Message message, String type, 
IssuedToken itok) {
         if (itok != null) {
             return getClientWithIssuer(message, type, itok.getIssuer());
-        } else {
-            return getClientWithIssuer(message, type, null);
         }
+        return getClientWithIssuer(message, type, null);
     }
 
     public static STSClient getClientWithIssuer(Message message, String type, 
Element issuer) {
@@ -241,11 +240,10 @@ public final class STSUtils {
                 && VersionTransformer.isSupported(el.getNamespaceURI())
                 && "MetadataReference".equals(ref.getLocalName())) {
                 return DOMUtils.getContent(el);
-            } else {
-                String ad = findMEXLocation(el);
-                if (ad != null) {
-                    return ad;
-                }
+            }
+            String ad = findMEXLocation(el);
+            if (ad != null) {
+                return ad;
             }
             el = DOMUtils.getNextElement(el);
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
index 3eef3be..68f2ec9 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
@@ -104,15 +104,14 @@ public abstract class AbstractWSS4JStaxInterceptor 
implements SoapInterceptor,
     protected WSSSecurityProperties createSecurityProperties() {
         if (userSecurityProperties != null) {
             return new WSSSecurityProperties(userSecurityProperties);
-        } else {
-            WSSSecurityProperties securityProperties = new 
WSSSecurityProperties();
-            ConfigurationConverter.parseActions(properties, 
securityProperties);
-            ConfigurationConverter.parseUserProperties(properties, 
securityProperties);
-            ConfigurationConverter.parseCallback(properties, 
securityProperties);
-            ConfigurationConverter.parseBooleanProperties(properties, 
securityProperties);
-            ConfigurationConverter.parseNonBooleanProperties(properties, 
securityProperties);
-            return securityProperties;
         }
+        WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+        ConfigurationConverter.parseActions(properties, securityProperties);
+        ConfigurationConverter.parseUserProperties(properties, 
securityProperties);
+        ConfigurationConverter.parseCallback(properties, securityProperties);
+        ConfigurationConverter.parseBooleanProperties(properties, 
securityProperties);
+        ConfigurationConverter.parseNonBooleanProperties(properties, 
securityProperties);
+        return securityProperties;
     }
 
     protected void translateProperties(SoapMessage msg, WSSSecurityProperties 
securityProperties) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
index a6fa8ef..c3721ea 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
@@ -136,9 +136,8 @@ public class DefaultWSS4JSecurityContextCreator implements 
WSS4JSecurityContextC
                     roleClassifierType = "prefix";
                 }
                 return new RolePrefixSecurityContextImpl(subject, 
roleClassifier, roleClassifierType);
-            } else {
-                return new DefaultSecurityContext(p, subject);
             }
+            return new DefaultSecurityContext(p, subject);
         } else if (p != null) {
             boolean utWithCallbacks =
                 MessageUtils.getContextualBoolean(msg, 
SecurityConstants.VALIDATE_TOKEN, true);
@@ -171,9 +170,8 @@ public class DefaultWSS4JSecurityContextCreator implements 
WSS4JSecurityContextC
                 context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
                 
context.setAssertionElement(SAMLUtils.getAssertionElement(receivedAssertion));
                 return context;
-            } else {
-                return createSecurityContext(p);
             }
+            return createSecurityContext(p);
         }
 
         return null;

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
index 8a411d4..e41bea7 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
@@ -442,9 +442,8 @@ public class UsernameTokenInterceptor extends 
AbstractTokenInterceptor {
 
                 utBuilder.setUserInfo(userName, password);
                 return utBuilder;
-            } else {
-                policyNotAsserted(token, "No username available", message);
             }
+            policyNotAsserted(token, "No username available", message);
         } else {
             policyNotAsserted(token, "No username available", message);
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index aa97873..f1ef9da 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -594,9 +594,8 @@ public class WSS4JInInterceptor extends 
AbstractWSS4JInterceptor {
                 // ignore
             }
             return new DelegatingCallbackHandler(pwdCallback);
-        } else {
-            return getCallback(reqData);
         }
+        return getCallback(reqData);
     }
 
     protected CallbackHandler getCallback(RequestData reqData) throws 
WSSecurityException {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 7879025..724d8aa 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -849,10 +849,9 @@ public abstract class AbstractBindingBuilder extends 
AbstractCommonBindingHandle
             }
 
             return utBuilder;
-        } else {
-            unassertPolicy(token, "No username available");
-            return null;
         }
+        unassertPolicy(token, "No username available");
+        return null;
     }
 
     protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, 
boolean useMac) {
@@ -884,10 +883,9 @@ public abstract class AbstractBindingBuilder extends 
AbstractCommonBindingHandle
             }
 
             return utBuilder;
-        } else {
-            unassertPolicy(token, "No username available");
-            return null;
         }
+        unassertPolicy(token, "No username available");
+        return null;
     }
 
     protected SamlAssertionWrapper addSamlToken(SamlToken token) throws 
WSSecurityException {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index ea22b1e..fa6859f 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -698,19 +698,18 @@ public abstract class AbstractStaxBindingHandler extends 
AbstractCommonBindingHa
     ) throws Exception {
         if (endorse) {
             throw new Exception("Endorsing UsernameTokens are not supported in 
the streaming code");
-        } else {
-            SecurePart securePart = addUsernameToken(token);
-            if (securePart != null) {
-                ret.put(token, securePart);
-                //WebLogic and WCF always encrypt these
-                //See:  
http://e-docs.bea.com/wls/docs103/webserv_intro/interop.html
-                //encryptedTokensIdList.add(utBuilder.getId());
-                if (encryptedToken
-                    || MessageUtils.getContextualBoolean(message,
-                                                         
SecurityConstants.ALWAYS_ENCRYPT_UT,
-                                                         true)) {
-                    encryptedTokensList.add(securePart);
-                }
+        }
+        SecurePart securePart = addUsernameToken(token);
+        if (securePart != null) {
+            ret.put(token, securePart);
+            //WebLogic and WCF always encrypt these
+            //See:  
http://e-docs.bea.com/wls/docs103/webserv_intro/interop.html
+            //encryptedTokensIdList.add(utBuilder.getId());
+            if (encryptedToken
+                || MessageUtils.getContextualBoolean(message,
+                                                     
SecurityConstants.ALWAYS_ENCRYPT_UT,
+                                                     true)) {
+                encryptedTokensList.add(securePart);
             }
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index aa898fe..2c678f8 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -449,107 +449,106 @@ public class AsymmetricBindingHandler extends 
AbstractBindingBuilder {
             AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
             if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                 return doEncryptionDerived(recToken, encrToken, encrParts, 
algorithmSuite);
-            } else {
-                try {
-                    WSSecEncrypt encr = new WSSecEncrypt(secHeader);
-                    encr.setEncryptionSerializer(new StaxSerializer());
-                    encr.setIdAllocator(wssConfig.getIdAllocator());
-                    encr.setCallbackLookup(callbackLookup);
-                    encr.setAttachmentCallbackHandler(new 
AttachmentCallbackHandler(message));
-                    encr.setStoreBytesInAttachment(storeBytesInAttachment);
-                    encr.setExpandXopInclude(isExpandXopInclude());
-                    encr.setWsDocInfo(wsDocInfo);
-
-                    Crypto crypto = getEncryptionCrypto();
-
-                    SecurityToken securityToken = getSecurityToken();
-                    if (!isRequestor() && securityToken != null
-                        && recToken.getToken() instanceof SamlToken) {
-                        String tokenType = securityToken.getTokenType();
-                        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
-                            || WSConstants.SAML_NS.equals(tokenType)) {
-                            
encr.setCustomEKTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
-                            
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
-                            encr.setCustomEKTokenId(securityToken.getId());
-                        } else if 
(WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
-                            || WSConstants.SAML2_NS.equals(tokenType)) {
-                            
encr.setCustomEKTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
-                            
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
-                            encr.setCustomEKTokenId(securityToken.getId());
-                        } else {
-                            setKeyIdentifierType(encr, encrToken);
-                        }
+            }
+            try {
+                WSSecEncrypt encr = new WSSecEncrypt(secHeader);
+                encr.setEncryptionSerializer(new StaxSerializer());
+                encr.setIdAllocator(wssConfig.getIdAllocator());
+                encr.setCallbackLookup(callbackLookup);
+                encr.setAttachmentCallbackHandler(new 
AttachmentCallbackHandler(message));
+                encr.setStoreBytesInAttachment(storeBytesInAttachment);
+                encr.setExpandXopInclude(isExpandXopInclude());
+                encr.setWsDocInfo(wsDocInfo);
+
+                Crypto crypto = getEncryptionCrypto();
+
+                SecurityToken securityToken = getSecurityToken();
+                if (!isRequestor() && securityToken != null
+                    && recToken.getToken() instanceof SamlToken) {
+                    String tokenType = securityToken.getTokenType();
+                    if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+                        || WSConstants.SAML_NS.equals(tokenType)) {
+                        
encr.setCustomEKTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+                        
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                        encr.setCustomEKTokenId(securityToken.getId());
+                    } else if 
(WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+                        || WSConstants.SAML2_NS.equals(tokenType)) {
+                        
encr.setCustomEKTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+                        
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                        encr.setCustomEKTokenId(securityToken.getId());
                     } else {
                         setKeyIdentifierType(encr, encrToken);
                     }
-                    //
-                    // Using a stored cert is only suitable for the Issued 
Token case, where
-                    // we're extracting the cert from a SAML Assertion on the 
provider side
-                    //
-                    if (!isRequestor() && securityToken != null
-                        && securityToken.getX509Certificate() != null) {
-                        
encr.setUseThisCert(securityToken.getX509Certificate());
-                    } else if (!isRequestor() && securityToken != null
-                        && securityToken.getKey() instanceof PublicKey) {
-                        
encr.setUseThisPublicKey((PublicKey)securityToken.getKey());
-                    } else {
-                        setEncryptionUser(encr, encrToken, false, crypto);
-                    }
-                    if (!encr.isCertSet() && encr.getUseThisPublicKey() == 
null && crypto == null) {
-                        unassertPolicy(recToken, "Missing security 
configuration. "
-                                + "Make sure jaxws:client element is 
configured "
-                                + "with a " + 
SecurityConstants.ENCRYPT_PROPERTIES + " value.");
+                } else {
+                    setKeyIdentifierType(encr, encrToken);
+                }
+                //
+                // Using a stored cert is only suitable for the Issued Token 
case, where
+                // we're extracting the cert from a SAML Assertion on the 
provider side
+                //
+                if (!isRequestor() && securityToken != null
+                    && securityToken.getX509Certificate() != null) {
+                    encr.setUseThisCert(securityToken.getX509Certificate());
+                } else if (!isRequestor() && securityToken != null
+                    && securityToken.getKey() instanceof PublicKey) {
+                    
encr.setUseThisPublicKey((PublicKey)securityToken.getKey());
+                } else {
+                    setEncryptionUser(encr, encrToken, false, crypto);
+                }
+                if (!encr.isCertSet() && encr.getUseThisPublicKey() == null && 
crypto == null) {
+                    unassertPolicy(recToken, "Missing security configuration. "
+                            + "Make sure jaxws:client element is configured "
+                            + "with a " + SecurityConstants.ENCRYPT_PROPERTIES 
+ " value.");
+                }
+                AlgorithmSuiteType algType = 
algorithmSuite.getAlgorithmSuiteType();
+                encr.setSymmetricEncAlgorithm(algType.getEncryption());
+                encr.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
+                encr.setMGFAlgorithm(algType.getMGFAlgo());
+                encr.setDigestAlgorithm(algType.getEncryptionDigest());
+                encr.prepare(crypto);
+
+                Element encryptedKeyElement = encr.getEncryptedKeyElement();
+                List<Element> attachments = 
encr.getAttachmentEncryptedDataElements();
+                //Encrypt, get hold of the ref list and add it
+                if (externalRef) {
+                    Element refList = encr.encryptForRef(null, encrParts);
+                    if (refList != null) {
+                        insertBeforeBottomUp(refList);
                     }
-                    AlgorithmSuiteType algType = 
algorithmSuite.getAlgorithmSuiteType();
-                    encr.setSymmetricEncAlgorithm(algType.getEncryption());
-                    encr.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
-                    encr.setMGFAlgorithm(algType.getMGFAlgo());
-                    encr.setDigestAlgorithm(algType.getEncryptionDigest());
-                    encr.prepare(crypto);
-
-                    Element encryptedKeyElement = 
encr.getEncryptedKeyElement();
-                    List<Element> attachments = 
encr.getAttachmentEncryptedDataElements();
-                    //Encrypt, get hold of the ref list and add it
-                    if (externalRef) {
-                        Element refList = encr.encryptForRef(null, encrParts);
-                        if (refList != null) {
-                            insertBeforeBottomUp(refList);
-                        }
-                        if (attachments != null) {
-                            for (Element attachment : attachments) {
-                                this.insertBeforeBottomUp(attachment);
-                            }
-                        }
-                        if (refList != null || (attachments != null && 
!attachments.isEmpty())) {
-                            this.addEncryptedKeyElement(encryptedKeyElement);
-                        }
-                    } else {
-                        Element refList = encr.encryptForRef(null, encrParts);
-                        if (refList != null || (attachments != null && 
!attachments.isEmpty())) {
-                            this.addEncryptedKeyElement(encryptedKeyElement);
-                        }
-
-                        // Add internal refs
-                        if (refList != null) {
-                            encryptedKeyElement.appendChild(refList);
-                        }
-                        if (attachments != null) {
-                            for (Element attachment : attachments) {
-                                this.addEncryptedKeyElement(attachment);
-                            }
+                    if (attachments != null) {
+                        for (Element attachment : attachments) {
+                            this.insertBeforeBottomUp(attachment);
                         }
                     }
+                    if (refList != null || (attachments != null && 
!attachments.isEmpty())) {
+                        this.addEncryptedKeyElement(encryptedKeyElement);
+                    }
+                } else {
+                    Element refList = encr.encryptForRef(null, encrParts);
+                    if (refList != null || (attachments != null && 
!attachments.isEmpty())) {
+                        this.addEncryptedKeyElement(encryptedKeyElement);
+                    }
 
-                    // Put BST before EncryptedKey element
-                    if (encr.getBSTTokenId() != null) {
-                        encr.prependBSTElementToHeader();
+                    // Add internal refs
+                    if (refList != null) {
+                        encryptedKeyElement.appendChild(refList);
+                    }
+                    if (attachments != null) {
+                        for (Element attachment : attachments) {
+                            this.addEncryptedKeyElement(attachment);
+                        }
                     }
+                }
 
-                    return encr;
-                } catch (WSSecurityException e) {
-                    LOG.log(Level.FINE, e.getMessage(), e);
-                    unassertPolicy(recToken, e);
+                // Put BST before EncryptedKey element
+                if (encr.getBSTTokenId() != null) {
+                    encr.prependBSTElementToHeader();
                 }
+
+                return encr;
+            } catch (WSSecurityException e) {
+                LOG.log(Level.FINE, e.getMessage(), e);
+                unassertPolicy(recToken, e);
             }
         }
         return null;

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index f705f84..cfdd3f6 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -307,9 +307,8 @@ public class SymmetricBindingHandler extends 
AbstractBindingBuilder {
             if (sigTok == null && StringUtils.isEmpty(sigTokId)) {
                 unassertPolicy(sigAbstractTokenWrapper, "No signature token 
id");
                 return;
-            } else {
-                assertPolicy(sigAbstractTokenWrapper);
             }
+            assertPolicy(sigAbstractTokenWrapper);
             if (sigTok == null) {
                 sigTok = tokenStore.getToken(sigTokId);
             }
@@ -519,100 +518,99 @@ public class SymmetricBindingHandler extends 
AbstractBindingBuilder {
             if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                 return doEncryptionDerived(recToken, encrTok, encrToken,
                                            attached, encrParts, atEnd);
-            } else {
-                try {
-                    WSSecEncrypt encr = new WSSecEncrypt(secHeader);
-                    encr.setEncryptionSerializer(new StaxSerializer());
-                    encr.setIdAllocator(wssConfig.getIdAllocator());
-                    encr.setCallbackLookup(callbackLookup);
-                    encr.setAttachmentCallbackHandler(new 
AttachmentCallbackHandler(message));
-                    encr.setStoreBytesInAttachment(storeBytesInAttachment);
-                    encr.setExpandXopInclude(isExpandXopInclude());
-                    encr.setWsDocInfo(wsDocInfo);
-                    String encrTokId = encrTok.getId();
-                    if (attached) {
-                        encrTokId = encrTok.getWsuId();
-                        if (encrTokId == null
-                            && (encrToken instanceof SecureConversationToken
-                                || encrToken instanceof SecurityContextToken)) 
{
-                            encr.setEncKeyIdDirectId(true);
-                            encrTokId = encrTok.getId();
-                        } else if (encrTokId == null) {
-                            encrTokId = encrTok.getId();
-                        }
-                        if (encrTokId.startsWith("#")) {
-                            encrTokId = encrTokId.substring(1);
-                        }
-                    } else {
+            }
+            try {
+                WSSecEncrypt encr = new WSSecEncrypt(secHeader);
+                encr.setEncryptionSerializer(new StaxSerializer());
+                encr.setIdAllocator(wssConfig.getIdAllocator());
+                encr.setCallbackLookup(callbackLookup);
+                encr.setAttachmentCallbackHandler(new 
AttachmentCallbackHandler(message));
+                encr.setStoreBytesInAttachment(storeBytesInAttachment);
+                encr.setExpandXopInclude(isExpandXopInclude());
+                encr.setWsDocInfo(wsDocInfo);
+                String encrTokId = encrTok.getId();
+                if (attached) {
+                    encrTokId = encrTok.getWsuId();
+                    if (encrTokId == null
+                        && (encrToken instanceof SecureConversationToken
+                            || encrToken instanceof SecurityContextToken)) {
                         encr.setEncKeyIdDirectId(true);
+                        encrTokId = encrTok.getId();
+                    } else if (encrTokId == null) {
+                        encrTokId = encrTok.getId();
                     }
-                    if (encrTok.getTokenType() != null) {
-                        encr.setCustomReferenceValue(encrTok.getTokenType());
-                    }
-                    encr.setEncKeyId(encrTokId);
-                    encr.setEphemeralKey(encrTok.getSecret());
-                    Crypto crypto = getEncryptionCrypto();
-                    if (crypto != null) {
-                        setEncryptionUser(encr, encrToken, false, crypto);
+                    if (encrTokId.startsWith("#")) {
+                        encrTokId = encrTokId.substring(1);
                     }
+                } else {
+                    encr.setEncKeyIdDirectId(true);
+                }
+                if (encrTok.getTokenType() != null) {
+                    encr.setCustomReferenceValue(encrTok.getTokenType());
+                }
+                encr.setEncKeyId(encrTokId);
+                encr.setEphemeralKey(encrTok.getSecret());
+                Crypto crypto = getEncryptionCrypto();
+                if (crypto != null) {
+                    setEncryptionUser(encr, encrToken, false, crypto);
+                }
 
-                    encr.setEncryptSymmKey(false);
-                    
encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
-                    
encr.setMGFAlgorithm(algorithmSuite.getAlgorithmSuiteType().getMGFAlgo());
-                    
encr.setDigestAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryptionDigest());
-
-                    if (encrToken instanceof IssuedToken || encrToken 
instanceof SpnegoContextToken
-                        || encrToken instanceof SecureConversationToken) {
-                        //Setting the AttachedReference or the 
UnattachedReference according to the flag
-                        Element ref;
-                        if (attached) {
-                            ref = encrTok.getAttachedReference();
-                        } else {
-                            ref = encrTok.getUnattachedReference();
-                        }
+                encr.setEncryptSymmKey(false);
+                
encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
+                
encr.setMGFAlgorithm(algorithmSuite.getAlgorithmSuiteType().getMGFAlgo());
+                
encr.setDigestAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryptionDigest());
 
-                        String tokenType = encrTok.getTokenType();
-                        if (ref != null) {
-                            SecurityTokenReference secRef =
-                                new SecurityTokenReference(cloneElement(ref), 
new BSPEnforcer());
-                            encr.setSecurityTokenReference(secRef);
-                        } else if 
(WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
-                            || WSConstants.SAML_NS.equals(tokenType)) {
-                            
encr.setCustomReferenceValue(WSConstants.WSS_SAML_KI_VALUE_TYPE);
-                            
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
-                        } else if 
(WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
-                            || WSConstants.SAML2_NS.equals(tokenType)) {
-                            
encr.setCustomReferenceValue(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
-                            
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
-                        } else {
-                            encr.setCustomReferenceValue(tokenType);
-                            
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
-                        }
-                    } else if (encrToken instanceof UsernameToken) {
-                        
encr.setCustomReferenceValue(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
-                    } else if (encrToken instanceof KerberosToken && 
!isRequestor()) {
-                        
encr.setCustomReferenceValue(WSConstants.WSS_KRB_KI_VALUE_TYPE);
-                        encr.setEncKeyId(encrTok.getSHA1());
-                    } else if (!isRequestor() && encrTok.getSHA1() != null) {
-                        encr.setCustomReferenceValue(encrTok.getSHA1());
-                        
encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+                if (encrToken instanceof IssuedToken || encrToken instanceof 
SpnegoContextToken
+                    || encrToken instanceof SecureConversationToken) {
+                    //Setting the AttachedReference or the UnattachedReference 
according to the flag
+                    Element ref;
+                    if (attached) {
+                        ref = encrTok.getAttachedReference();
+                    } else {
+                        ref = encrTok.getUnattachedReference();
                     }
 
-                    encr.prepare(crypto);
-
-                    if (encr.getBSTTokenId() != null) {
-                        encr.prependBSTElementToHeader();
+                    String tokenType = encrTok.getTokenType();
+                    if (ref != null) {
+                        SecurityTokenReference secRef =
+                            new SecurityTokenReference(cloneElement(ref), new 
BSPEnforcer());
+                        encr.setSecurityTokenReference(secRef);
+                    } else if 
(WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+                        || WSConstants.SAML_NS.equals(tokenType)) {
+                        
encr.setCustomReferenceValue(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+                        
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                    } else if 
(WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+                        || WSConstants.SAML2_NS.equals(tokenType)) {
+                        
encr.setCustomReferenceValue(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+                        
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                    } else {
+                        encr.setCustomReferenceValue(tokenType);
+                        
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                     }
+                } else if (encrToken instanceof UsernameToken) {
+                    
encr.setCustomReferenceValue(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
+                } else if (encrToken instanceof KerberosToken && 
!isRequestor()) {
+                    
encr.setCustomReferenceValue(WSConstants.WSS_KRB_KI_VALUE_TYPE);
+                    encr.setEncKeyId(encrTok.getSHA1());
+                } else if (!isRequestor() && encrTok.getSHA1() != null) {
+                    encr.setCustomReferenceValue(encrTok.getSHA1());
+                    
encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+                }
 
-                    Element refList = encr.encryptForRef(null, encrParts);
-                    List<Element> attachments = 
encr.getAttachmentEncryptedDataElements();
-                    addAttachmentsForEncryption(atEnd, refList, attachments);
+                encr.prepare(crypto);
 
-                    return encr;
-                } catch (WSSecurityException e) {
-                    LOG.log(Level.FINE, e.getMessage(), e);
-                    unassertPolicy(recToken, e);
+                if (encr.getBSTTokenId() != null) {
+                    encr.prependBSTElementToHeader();
                 }
+
+                Element refList = encr.encryptForRef(null, encrParts);
+                List<Element> attachments = 
encr.getAttachmentEncryptedDataElements();
+                addAttachmentsForEncryption(atEnd, refList, attachments);
+
+                return encr;
+            } catch (WSSecurityException e) {
+                LOG.log(Level.FINE, e.getMessage(), e);
+                unassertPolicy(recToken, e);
             }
         }
         return null;
@@ -787,131 +785,130 @@ public class SymmetricBindingHandler extends 
AbstractBindingBuilder {
                              boolean included) throws WSSecurityException {
         if (policyToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
             return doSignatureDK(sigs, policyAbstractTokenWrapper, 
policyToken, tok, included);
-        } else {
-            WSSecSignature sig = new WSSecSignature(secHeader);
-            sig.setIdAllocator(wssConfig.getIdAllocator());
-            sig.setCallbackLookup(callbackLookup);
-            sig.setAttachmentCallbackHandler(new 
AttachmentCallbackHandler(message));
-            sig.setStoreBytesInAttachment(storeBytesInAttachment);
-            sig.setExpandXopInclude(isExpandXopInclude());
-            sig.setWsDocInfo(wsDocInfo);
-            // If a EncryptedKeyToken is used, set the correct value type to
-            // be used in the wsse:Reference in ds:KeyInfo
-            int type = included ? WSConstants.CUSTOM_SYMM_SIGNING
-                : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT;
-            String sigTokId = tok.getId();
-            if (policyToken instanceof X509Token) {
-                if (isRequestor()) {
-                    sig.setCustomTokenValueType(
-                        WSConstants.SOAPMESSAGE_NS11 + "#" + 
WSConstants.ENC_KEY_VALUE_TYPE
-                    );
-                    sig.setKeyIdentifierType(type);
-                } else {
-                    //the tok has to be an EncryptedKey token
-                    sig.setEncrKeySha1value(tok.getSHA1());
-                    
sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
-                }
-            } else if (policyToken instanceof UsernameToken) {
-                
sig.setCustomTokenValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
+        }
+        WSSecSignature sig = new WSSecSignature(secHeader);
+        sig.setIdAllocator(wssConfig.getIdAllocator());
+        sig.setCallbackLookup(callbackLookup);
+        sig.setAttachmentCallbackHandler(new 
AttachmentCallbackHandler(message));
+        sig.setStoreBytesInAttachment(storeBytesInAttachment);
+        sig.setExpandXopInclude(isExpandXopInclude());
+        sig.setWsDocInfo(wsDocInfo);
+        // If a EncryptedKeyToken is used, set the correct value type to
+        // be used in the wsse:Reference in ds:KeyInfo
+        int type = included ? WSConstants.CUSTOM_SYMM_SIGNING
+            : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT;
+        String sigTokId = tok.getId();
+        if (policyToken instanceof X509Token) {
+            if (isRequestor()) {
+                sig.setCustomTokenValueType(
+                    WSConstants.SOAPMESSAGE_NS11 + "#" + 
WSConstants.ENC_KEY_VALUE_TYPE
+                );
                 sig.setKeyIdentifierType(type);
-            } else if (policyToken instanceof KerberosToken) {
-                if (isRequestor()) {
-                    sig.setCustomTokenValueType(tok.getTokenType());
-                    sig.setKeyIdentifierType(type);
-                } else {
-                    
sig.setCustomTokenValueType(WSConstants.WSS_KRB_KI_VALUE_TYPE);
-                    
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
-                    sigTokId = tok.getSHA1();
-                }
             } else {
-                //Setting the AttachedReference or the UnattachedReference 
according to the flag
-                Element ref;
-                if (included) {
-                    ref = tok.getAttachedReference();
-                } else {
-                    ref = tok.getUnattachedReference();
-                }
+                //the tok has to be an EncryptedKey token
+                sig.setEncrKeySha1value(tok.getSHA1());
+                
sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+            }
+        } else if (policyToken instanceof UsernameToken) {
+            
sig.setCustomTokenValueType(WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
+            sig.setKeyIdentifierType(type);
+        } else if (policyToken instanceof KerberosToken) {
+            if (isRequestor()) {
+                sig.setCustomTokenValueType(tok.getTokenType());
+                sig.setKeyIdentifierType(type);
+            } else {
+                sig.setCustomTokenValueType(WSConstants.WSS_KRB_KI_VALUE_TYPE);
+                sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                sigTokId = tok.getSHA1();
+            }
+        } else {
+            //Setting the AttachedReference or the UnattachedReference 
according to the flag
+            Element ref;
+            if (included) {
+                ref = tok.getAttachedReference();
+            } else {
+                ref = tok.getUnattachedReference();
+            }
 
-                if (ref != null) {
-                    SecurityTokenReference secRef =
-                        new SecurityTokenReference(cloneElement(ref), new 
BSPEnforcer());
-                    sig.setSecurityTokenReference(secRef);
+            if (ref != null) {
+                SecurityTokenReference secRef =
+                    new SecurityTokenReference(cloneElement(ref), new 
BSPEnforcer());
+                sig.setSecurityTokenReference(secRef);
+                sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+            } else {
+                String tokenType = tok.getTokenType();
+                if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+                    || WSConstants.SAML_NS.equals(tokenType)) {
+                    
sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+                    
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+                    || WSConstants.SAML2_NS.equals(tokenType)) {
+                    
sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
                     
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
                 } else {
-                    String tokenType = tok.getTokenType();
-                    if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
-                        || WSConstants.SAML_NS.equals(tokenType)) {
-                        
sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
-                        
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
-                    } else if 
(WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
-                        || WSConstants.SAML2_NS.equals(tokenType)) {
-                        
sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
-                        
sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
-                    } else {
-                        sig.setCustomTokenValueType(tokenType);
-                        sig.setKeyIdentifierType(type);
-                    }
+                    sig.setCustomTokenValueType(tokenType);
+                    sig.setKeyIdentifierType(type);
                 }
             }
+        }
 
-            if (included) {
-                sigTokId = tok.getWsuId();
-                if (sigTokId == null) {
-                    if (policyToken instanceof SecureConversationToken
-                        || policyToken instanceof SecurityContextToken) {
-                        
sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
-                    }
-                    sigTokId = tok.getId();
-                }
-                if (sigTokId.startsWith("#")) {
-                    sigTokId = sigTokId.substring(1);
+        if (included) {
+            sigTokId = tok.getWsuId();
+            if (sigTokId == null) {
+                if (policyToken instanceof SecureConversationToken
+                    || policyToken instanceof SecurityContextToken) {
+                    
sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING_DIRECT);
                 }
+                sigTokId = tok.getId();
+            }
+            if (sigTokId.startsWith("#")) {
+                sigTokId = sigTokId.substring(1);
             }
+        }
 
-            if (sbinding.isProtectTokens()) {
-                assertPolicy(new QName(sbinding.getName().getNamespaceURI(), 
SPConstants.PROTECT_TOKENS));
-                if (included) {
-                    sigs.add(new WSEncryptionPart(sigTokId));
-                }
+        if (sbinding.isProtectTokens()) {
+            assertPolicy(new QName(sbinding.getName().getNamespaceURI(), 
SPConstants.PROTECT_TOKENS));
+            if (included) {
+                sigs.add(new WSEncryptionPart(sigTokId));
             }
+        }
 
-            sig.setCustomTokenId(sigTokId);
-            sig.setSecretKey(tok.getSecret());
-            
sig.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
+        sig.setCustomTokenId(sigTokId);
+        sig.setSecretKey(tok.getSecret());
+        
sig.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
 
-            boolean includePrefixes =
-                MessageUtils.getContextualBoolean(
-                    message, SecurityConstants.ADD_INCLUSIVE_PREFIXES, true
-                );
-            sig.setAddInclusivePrefixes(includePrefixes);
+        boolean includePrefixes =
+            MessageUtils.getContextualBoolean(
+                message, SecurityConstants.ADD_INCLUSIVE_PREFIXES, true
+            );
+        sig.setAddInclusivePrefixes(includePrefixes);
 
-            AlgorithmSuiteType algType = 
sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
-            sig.setDigestAlgo(algType.getDigest());
-            
sig.setSigCanonicalization(sbinding.getAlgorithmSuite().getC14n().getValue());
-            Crypto crypto = null;
-            if (sbinding.getProtectionToken() != null) {
-                crypto = getEncryptionCrypto();
+        AlgorithmSuiteType algType = 
sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
+        sig.setDigestAlgo(algType.getDigest());
+        
sig.setSigCanonicalization(sbinding.getAlgorithmSuite().getC14n().getValue());
+        Crypto crypto = null;
+        if (sbinding.getProtectionToken() != null) {
+            crypto = getEncryptionCrypto();
+        } else {
+            crypto = getSignatureCrypto();
+        }
+        this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, 
crypto);
+        sig.prepare(crypto);
+        sig.getParts().addAll(sigs);
+        List<Reference> referenceList = sig.addReferencesToSign(sigs);
+        if (!referenceList.isEmpty()) {
+            //Do signature
+            if (bottomUpElement == null) {
+                sig.computeSignature(referenceList, false, null);
             } else {
-                crypto = getSignatureCrypto();
+                sig.computeSignature(referenceList, true, bottomUpElement);
             }
-            this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, 
crypto);
-            sig.prepare(crypto);
-            sig.getParts().addAll(sigs);
-            List<Reference> referenceList = sig.addReferencesToSign(sigs);
-            if (!referenceList.isEmpty()) {
-                //Do signature
-                if (bottomUpElement == null) {
-                    sig.computeSignature(referenceList, false, null);
-                } else {
-                    sig.computeSignature(referenceList, true, bottomUpElement);
-                }
-                bottomUpElement = sig.getSignatureElement();
+            bottomUpElement = sig.getSignatureElement();
 
-                this.mainSigId = sig.getId();
-                return sig.getSignatureValue();
-            }
-            return null;
+            this.mainSigId = sig.getId();
+            return sig.getSignatureValue();
         }
+        return null;
     }
 
     private String setupEncryptedKey(AbstractTokenWrapper wrapper, 
AbstractToken sigToken) throws WSSecurityException {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index da56b64..937cb22 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -145,9 +145,8 @@ public class TransportBindingHandler extends 
AbstractBindingBuilder {
                         if (secToken == null) {
                             unassertPolicy(transportToken, "No transport token 
id");
                             return;
-                        } else {
-                            assertPolicy(transportToken);
                         }
+                        assertPolicy(transportToken);
                         if 
(isTokenRequired(transportToken.getIncludeTokenType())) {
                             Element el = secToken.getToken();
                             addEncryptedKeyElement(cloneElement(el));
@@ -393,31 +392,29 @@ public class TransportBindingHandler extends 
AbstractBindingBuilder {
             dkSig.computeSignature(referenceList, false, null);
 
             return dkSig.getSignatureValue();
-        } else {
-            WSSecSignature sig = getSignatureBuilder(token, false, false);
-            assertPolicy(wrapper);
-            if (sig != null) {
-                sig.prependBSTElementToHeader();
-
-                List<Reference> referenceList = 
sig.addReferencesToSign(sigParts);
+        }
+        WSSecSignature sig = getSignatureBuilder(token, false, false);
+        assertPolicy(wrapper);
+        if (sig != null) {
+            sig.prependBSTElementToHeader();
 
-                if (bottomUpElement == null) {
-                    sig.computeSignature(referenceList, false, null);
-                } else {
-                    sig.computeSignature(referenceList, true, bottomUpElement);
-                }
-                bottomUpElement = sig.getSignatureElement();
-                mainSigId = sig.getId();
+            List<Reference> referenceList = sig.addReferencesToSign(sigParts);
 
-                return sig.getSignatureValue();
+            if (bottomUpElement == null) {
+                sig.computeSignature(referenceList, false, null);
             } else {
-                return new byte[0];
+                sig.computeSignature(referenceList, true, bottomUpElement);
             }
+            bottomUpElement = sig.getSignatureElement();
+            mainSigId = sig.getId();
+
+            return sig.getSignatureValue();
         }
+        return new byte[0];
     }
 
     private byte[] doIssuedTokenSignature(
-        AbstractToken token, SupportingTokens wrapper
+        final AbstractToken token, final SupportingTokens wrapper
     ) throws Exception {
         boolean tokenIncluded = false;
         // Get the issued token
@@ -448,9 +445,8 @@ public class TransportBindingHandler extends 
AbstractBindingBuilder {
 
         if (token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
             return doDerivedKeySignature(tokenIncluded, secTok, token, 
sigParts);
-        } else {
-            return doSignature(tokenIncluded, secTok, token, wrapper, 
sigParts);
         }
+        return doSignature(tokenIncluded, secTok, token, wrapper, sigParts);
     }
 
     private byte[] doDerivedKeySignature(

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecuredPartsPolicyValidator.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecuredPartsPolicyValidator.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecuredPartsPolicyValidator.java
index 353a22a..c786b45 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecuredPartsPolicyValidator.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecuredPartsPolicyValidator.java
@@ -57,11 +57,10 @@ public class SecuredPartsPolicyValidator implements 
SecurityPolicyValidator {
             return assertionInfo.getAssertion() != null
                 && 
(SP12Constants.SIGNED_PARTS.equals(assertionInfo.getAssertion().getName())
                     || 
SP11Constants.SIGNED_PARTS.equals(assertionInfo.getAssertion().getName()));
-        } else {
-            return assertionInfo.getAssertion() != null
-                && 
(SP12Constants.ENCRYPTED_PARTS.equals(assertionInfo.getAssertion().getName())
-                    || 
SP11Constants.ENCRYPTED_PARTS.equals(assertionInfo.getAssertion().getName()));
         }
+        return assertionInfo.getAssertion() != null
+            && 
(SP12Constants.ENCRYPTED_PARTS.equals(assertionInfo.getAssertion().getName())
+                || 
SP11Constants.ENCRYPTED_PARTS.equals(assertionInfo.getAssertion().getName()));
     }
 
     /**

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/FragmentDialect.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/FragmentDialect.java
 
b/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/FragmentDialect.java
index 576f5a7..6cc9184 100644
--- 
a/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/FragmentDialect.java
+++ 
b/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/FragmentDialect.java
@@ -97,9 +97,8 @@ public class FragmentDialect implements Dialect {
                 if (languages.containsKey(languageIRI)) {
                     FragmentDialectLanguage language = 
languages.get(languageIRI);
                     return 
generateGetResponse(language.getResourceFragment(representation, expression));
-                } else {
-                    throw new UnsupportedLanguage();
                 }
+                throw new UnsupportedLanguage();
             }
         }
         throw new SoapFault("wsf:Expression is not present.", 
getSoapVersion().getSender());
@@ -132,9 +131,8 @@ public class FragmentDialect implements Dialect {
                         mode = FragmentDialectConstants.FRAGMENT_MODE_ADD;
                     }
                     return modifyRepresentation(resourceFragment, mode, value);
-                } else {
-                    throw new UnsupportedLanguage();
                 }
+                throw new UnsupportedLanguage();
             }
         }
         throw new SoapFault("wsf:Fragment is not present.", 
getSoapVersion().getSender());
@@ -270,9 +268,8 @@ public class FragmentDialect implements Dialect {
             }
             expression.getContent().add(expr);
             return expression;
-        } else {
-            throw new InvalidExpression();
         }
+        throw new InvalidExpression();
     }
 
     /**

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/language/FragmentDialectLanguageQName.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/language/FragmentDialectLanguageQName.java
 
b/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/language/FragmentDialectLanguageQName.java
index 16d6c9a..494b7c2 100644
--- 
a/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/language/FragmentDialectLanguageQName.java
+++ 
b/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/language/FragmentDialectLanguageQName.java
@@ -79,9 +79,8 @@ public class FragmentDialectLanguageQName implements 
FragmentDialectLanguage {
                 if (prefix != null && !prefix.isEmpty()) {
                     Element resource = (Element) representation.getAny();
                     return resource.getAttribute("xmlns:" + prefix);
-                } else {
-                    return null;
                 }
+                return null;
             }
 
             @Override
@@ -123,12 +122,10 @@ public class FragmentDialectLanguageQName implements 
FragmentDialectLanguage {
             Matcher m = qNamePattern.matcher(expressionValue);
             if (m.matches()) {
                 return "/node()/" + expressionValue;
-            } else {
-                throw new InvalidExpression();
             }
-        } else {
             throw new InvalidExpression();
         }
+        throw new InvalidExpression();
     }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/language/FragmentDialectLanguageXPath10.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/language/FragmentDialectLanguageXPath10.java
 
b/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/language/FragmentDialectLanguageXPath10.java
index 57a7e0a..ad7271a 100644
--- 
a/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/language/FragmentDialectLanguageXPath10.java
+++ 
b/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/dialect/fragment/language/FragmentDialectLanguageXPath10.java
@@ -51,9 +51,8 @@ public class FragmentDialectLanguageXPath10 implements 
FragmentDialectLanguage {
                 if (prefix != null && !prefix.isEmpty()) {
                     Element resource = (Element) representation.getAny();
                     return resource.getAttribute("xmlns:" + prefix);
-                } else {
-                    return null;
                 }
+                return null;
             }
 
             @Override
@@ -76,12 +75,10 @@ public class FragmentDialectLanguageXPath10 implements 
FragmentDialectLanguage {
             if (checkResultConstraints(result)) {
                 if (result.getLength() == 0) {
                     return null;
-                } else {
-                    return result;
                 }
-            } else {
-                return result.item(0);
+                return result;
             }
+            return result.item(0);
         } catch (XPathException ex) {
             // See https://www.java.net/node/681793
         }
@@ -102,9 +99,8 @@ public class FragmentDialectLanguageXPath10 implements 
FragmentDialectLanguage {
     private String getXPathFromExpression(ExpressionType expression) {
         if (expression.getContent().size() == 1) {
             return (String) expression.getContent().get(0);
-        } else {
-            throw new InvalidExpression();
         }
+        throw new InvalidExpression();
     }
 
     /**

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/manager/MemoryResourceManager.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/manager/MemoryResourceManager.java
 
b/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/manager/MemoryResourceManager.java
index 70d54b8..5c059dc 100644
--- 
a/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/manager/MemoryResourceManager.java
+++ 
b/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/manager/MemoryResourceManager.java
@@ -73,18 +73,17 @@ public class MemoryResourceManager implements 
ResourceManager {
         String resource = storage.get(uuid);
         if (resource.isEmpty()) {
             return new Representation();
-        } else {
-            Document doc = null;
-            try {
-                doc = StaxUtils.read(new StringReader(storage.get(uuid)));
-            } catch (XMLStreamException e) {
-                LOG.severe(e.getLocalizedMessage());
-                throw new SoapFault("Internal Error", 
getSoapVersion().getReceiver());
-            }
-            Representation representation = new Representation();
-            representation.setAny(doc.getDocumentElement());
-            return representation;
         }
+        Document doc = null;
+        try {
+            doc = StaxUtils.read(new StringReader(storage.get(uuid)));
+        } catch (XMLStreamException e) {
+            LOG.severe(e.getLocalizedMessage());
+            throw new SoapFault("Internal Error", 
getSoapVersion().getReceiver());
+        }
+        Representation representation = new Representation();
+        representation.setAny(doc.getDocumentElement());
+        return representation;
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/resourcefactory/ResourceFactoryImpl.java
----------------------------------------------------------------------
diff --git 
a/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/resourcefactory/ResourceFactoryImpl.java
 
b/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/resourcefactory/ResourceFactoryImpl.java
index ba0e812..dc0163b 100644
--- 
a/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/resourcefactory/ResourceFactoryImpl.java
+++ 
b/rt/ws/transfer/src/main/java/org/apache/cxf/ws/transfer/resourcefactory/ResourceFactoryImpl.java
@@ -70,9 +70,8 @@ public class ResourceFactoryImpl implements ResourceFactory {
         ResourceReference resourceReference = resourceResolver.resolve(body);
         if (resourceReference.getResourceManager() != null) {
             return createLocally(body, resourceReference);
-        } else {
-            return createRemotely(body, resourceReference);
         }
+        return createRemotely(body, resourceReference);
     }
 
     public ResourceResolver getResourceResolver() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/wsdl/src/main/java/org/apache/cxf/wsdl/interceptors/DocLiteralInInterceptor.java
----------------------------------------------------------------------
diff --git 
a/rt/wsdl/src/main/java/org/apache/cxf/wsdl/interceptors/DocLiteralInInterceptor.java
 
b/rt/wsdl/src/main/java/org/apache/cxf/wsdl/interceptors/DocLiteralInInterceptor.java
index d186ff5..60f406f 100644
--- 
a/rt/wsdl/src/main/java/org/apache/cxf/wsdl/interceptors/DocLiteralInInterceptor.java
+++ 
b/rt/wsdl/src/main/java/org/apache/cxf/wsdl/interceptors/DocLiteralInInterceptor.java
@@ -354,8 +354,7 @@ public class DocLiteralInInterceptor extends 
AbstractInDatabindingInterceptor {
         Object keepParametersWrapperFlag = 
message.get(KEEP_PARAMETERS_WRAPPER);
         if (keepParametersWrapperFlag == null) {
             return msgInfo.getFirstMessagePart().getTypeClass() != null;
-        } else {
-            return Boolean.parseBoolean(keepParametersWrapperFlag.toString());
         }
+        return Boolean.parseBoolean(keepParametersWrapperFlag.toString());
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/DefaultServiceConfiguration.java
----------------------------------------------------------------------
diff --git 
a/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/DefaultServiceConfiguration.java
 
b/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/DefaultServiceConfiguration.java
index fd161e2..41c800e 100644
--- 
a/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/DefaultServiceConfiguration.java
+++ 
b/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/DefaultServiceConfiguration.java
@@ -66,9 +66,8 @@ public class DefaultServiceConfiguration extends 
AbstractServiceConfiguration {
             name = new QName(ns, local + i);
             if (service.getOperation(name) == null) {
                 return name;
-            } else {
-                i++;
             }
+            i++;
         }
     }
 
@@ -298,9 +297,8 @@ public class DefaultServiceConfiguration extends 
AbstractServiceConfiguration {
         if (miString != null) {
             if ("unbounded".equals(miString)) {
                 return Long.MAX_VALUE;
-            } else {
-                return Long.valueOf(miString, 10);
             }
+            return Long.valueOf(miString, 10);
         }
         // If no explicit spec and an array of bytes, default to unbounded.
         if (mpi.getTypeClass() != null && mpi.getTypeClass().isArray()

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/ParamReader.java
----------------------------------------------------------------------
diff --git 
a/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/ParamReader.java 
b/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/ParamReader.java
index 1a2c61c..12de29f 100644
--- a/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/ParamReader.java
+++ b/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/ParamReader.java
@@ -208,12 +208,10 @@ class ParamReader extends ClassReader {
 
             if (found) {
                 return paramNames;
-            } else {
-                return null;
             }
-        } else {
             return null;
         }
+        return null;
     }
 
     private static class MethodInfo {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/ReflectionServiceFactoryBean.java
----------------------------------------------------------------------
diff --git 
a/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/ReflectionServiceFactoryBean.java
 
b/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/ReflectionServiceFactoryBean.java
index 398477d..643efce 100644
--- 
a/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/ReflectionServiceFactoryBean.java
+++ 
b/rt/wsdl/src/main/java/org/apache/cxf/wsdl/service/factory/ReflectionServiceFactoryBean.java
@@ -1259,23 +1259,22 @@ public class ReflectionServiceFactoryBean extends 
org.apache.cxf.service.factory
                 mpi.setElementQName(qname);
                 mpi.setConcreteName(qname);
                 continue;
+            }
+            if (null == mpi.getTypeQName() && mpi.getXmlSchema() == null) {
+                throw new ServiceConstructionException(new 
Message("UNMAPPABLE_PORT_TYPE", LOG,
+                                                                   
method.getDeclaringClass().getName(),
+                                                                   
method.getName(),
+                                                                   
mpi.getName()));
+            }
+            if (mpi.getTypeQName() != null) {
+                el.setSchemaTypeName(mpi.getTypeQName());
             } else {
-                if (null == mpi.getTypeQName() && mpi.getXmlSchema() == null) {
-                    throw new ServiceConstructionException(new 
Message("UNMAPPABLE_PORT_TYPE", LOG,
-                                                                       
method.getDeclaringClass().getName(),
-                                                                       
method.getName(),
-                                                                       
mpi.getName()));
-                }
-                if (mpi.getTypeQName() != null) {
-                    el.setSchemaTypeName(mpi.getTypeQName());
-                } else {
-                    el.setSchemaType((XmlSchemaType)mpi.getXmlSchema());
-                }
-                mpi.setXmlSchema(el);
-                mpi.setConcreteName(qname);
-                if (mpi.getTypeQName() != null) {
-                    addImport(schema, mpi.getTypeQName().getNamespaceURI());
-                }
+                el.setSchemaType((XmlSchemaType)mpi.getXmlSchema());
+            }
+            mpi.setXmlSchema(el);
+            mpi.setConcreteName(qname);
+            if (mpi.getTypeQName() != null) {
+                addImport(schema, mpi.getTypeQName().getNamespaceURI());
             }
 
             mpi.setElement(true);

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLServiceFactory.java
----------------------------------------------------------------------
diff --git 
a/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLServiceFactory.java 
b/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLServiceFactory.java
index c1b5629..992cc9b 100644
--- a/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLServiceFactory.java
+++ b/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLServiceFactory.java
@@ -115,15 +115,14 @@ public class WSDLServiceFactory extends 
AbstractServiceFactoryBean {
             }
             if (services.size() == 0) {
                 throw new ServiceConstructionException(new 
Message("NO_SERVICE_EXC", LOG));
-            } else {
-                //@@TODO  - this isn't good, need to return all the services
-                serviceName = services.get(0).getName();
-                //get all the service info's that match that first one.
-                Iterator<ServiceInfo> it = services.iterator();
-                while (it.hasNext()) {
-                    if (!it.next().getName().equals(serviceName)) {
-                        it.remove();
-                    }
+            }
+            //@@TODO  - this isn't good, need to return all the services
+            serviceName = services.get(0).getName();
+            //get all the service info's that match that first one.
+            Iterator<ServiceInfo> it = services.iterator();
+            while (it.hasNext()) {
+                if (!it.next().getName().equals(serviceName)) {
+                    it.remove();
                 }
             }
         } else {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/rt/wsdl/src/test/java/org/apache/cxf/wsdl11/WSDLServiceBuilderTest.java
----------------------------------------------------------------------
diff --git 
a/rt/wsdl/src/test/java/org/apache/cxf/wsdl11/WSDLServiceBuilderTest.java 
b/rt/wsdl/src/test/java/org/apache/cxf/wsdl11/WSDLServiceBuilderTest.java
index 0594e2e..4f3c699 100644
--- a/rt/wsdl/src/test/java/org/apache/cxf/wsdl11/WSDLServiceBuilderTest.java
+++ b/rt/wsdl/src/test/java/org/apache/cxf/wsdl11/WSDLServiceBuilderTest.java
@@ -127,9 +127,8 @@ public class WSDLServiceBuilderTest extends Assert {
                 service = serv;
                 if (seq == serviceSeq) {
                     break;
-                } else {
-                    seq++;
                 }
+                seq++;
             }
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
----------------------------------------------------------------------
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
index 4fa41fb..9df1bc8 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
@@ -117,19 +117,18 @@ public class ClaimsManager {
             // Matching dialects - so we must merge them
             ClaimCollection mergedClaims = mergeClaims(primaryClaims, 
secondaryClaims);
             return retrieveClaimValues(mergedClaims, parameters);
-        } else {
-            // If the dialects don't match then just return all Claims
-            ProcessedClaimCollection claims = 
retrieveClaimValues(primaryClaims, parameters);
-            ProcessedClaimCollection claims2 = 
retrieveClaimValues(secondaryClaims, parameters);
-            ProcessedClaimCollection returnedClaims = new 
ProcessedClaimCollection();
-            if (claims != null) {
-                returnedClaims.addAll(claims);
-            }
-            if (claims2 != null) {
-                returnedClaims.addAll(claims2);
-            }
-            return returnedClaims;
         }
+        // If the dialects don't match then just return all Claims
+        ProcessedClaimCollection claims = retrieveClaimValues(primaryClaims, 
parameters);
+        ProcessedClaimCollection claims2 = 
retrieveClaimValues(secondaryClaims, parameters);
+        ProcessedClaimCollection returnedClaims = new 
ProcessedClaimCollection();
+        if (claims != null) {
+            returnedClaims.addAll(claims);
+        }
+        if (claims2 != null) {
+            returnedClaims.addAll(claims2);
+        }
+        return returnedClaims;
     }
 
     public ProcessedClaimCollection retrieveClaimValues(ClaimCollection 
claims, ClaimsParameters parameters) {
@@ -150,33 +149,32 @@ public class ClaimsManager {
             validateClaimValues(claims, returnCollection);
             return returnCollection;
 
-        } else {
-            // Federate claims
-            ClaimsMapper claimsMapper = relationship.getClaimsMapper();
-            if (claimsMapper == null) {
-                LOG.log(Level.SEVERE, "ClaimsMapper required to federate 
claims but not configured.");
-                throw new STSException("ClaimsMapper required to federate 
claims but not configured",
-                                       STSException.BAD_REQUEST);
-            }
-
-            // Get the claims of the received token (only SAML supported)
-            // Consider refactoring to use a CallbackHandler and keep 
ClaimsManager token independent
-            SamlAssertionWrapper assertion =
-                
(SamlAssertionWrapper)parameters.getAdditionalProperties().get(SamlAssertionWrapper.class.getName());
-            List<ProcessedClaim> claimList = null;
-            if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
-                claimList = this.parseClaimsInAssertion(assertion.getSaml2());
-            } else {
-                claimList = this.parseClaimsInAssertion(assertion.getSaml1());
-            }
-            ProcessedClaimCollection sourceClaims = new 
ProcessedClaimCollection();
-            sourceClaims.addAll(claimList);
+        }
+        // Federate claims
+        ClaimsMapper claimsMapper = relationship.getClaimsMapper();
+        if (claimsMapper == null) {
+            LOG.log(Level.SEVERE, "ClaimsMapper required to federate claims 
but not configured.");
+            throw new STSException("ClaimsMapper required to federate claims 
but not configured",
+                                   STSException.BAD_REQUEST);
+        }
 
-            ProcessedClaimCollection targetClaims = 
claimsMapper.mapClaims(relationship.getSourceRealm(),
-                    sourceClaims, relationship.getTargetRealm(), parameters);
-            validateClaimValues(claims, targetClaims);
-            return targetClaims;
+        // Get the claims of the received token (only SAML supported)
+        // Consider refactoring to use a CallbackHandler and keep 
ClaimsManager token independent
+        SamlAssertionWrapper assertion =
+            
(SamlAssertionWrapper)parameters.getAdditionalProperties().get(SamlAssertionWrapper.class.getName());
+        List<ProcessedClaim> claimList = null;
+        if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
+            claimList = this.parseClaimsInAssertion(assertion.getSaml2());
+        } else {
+            claimList = this.parseClaimsInAssertion(assertion.getSaml1());
         }
+        ProcessedClaimCollection sourceClaims = new ProcessedClaimCollection();
+        sourceClaims.addAll(claimList);
+
+        ProcessedClaimCollection targetClaims = 
claimsMapper.mapClaims(relationship.getSourceRealm(),
+                sourceClaims, relationship.getTargetRealm(), parameters);
+        validateClaimValues(claims, targetClaims);
+        return targetClaims;
     }
 
     private ProcessedClaimCollection handleClaims(ClaimCollection claims, 
ClaimsParameters parameters) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/db11547c/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
----------------------------------------------------------------------
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
index bc63502..fbe3f2e 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
@@ -77,9 +77,8 @@ public class JexlClaimsMapper implements ClaimsMapper {
             LOG.warning("No claim mapping script defined");
             return new ProcessedClaimCollection(); // TODO Check if null or an 
exception would be more
                                                    // appropriate
-        } else {
-            return (ProcessedClaimCollection)s.execute(context);
         }
+        return (ProcessedClaimCollection)s.execute(context);
     }
 
     public Script getScript() {

Reply via email to