Team, I am not finding a way to add a BST token in WSS4j w/o adding a signature token as well. This restriction is not there for verification - each token has its own processor. Not sure why this is not an option for securement: having a BST token w/o signature is still a better authentication token than a UsernameToken w/o signature. Especially when a direct trust is used (and let's assume enforced) to authenticate the token...
Please advise on this matter. Gene