context.getOtherProperties().put(IssuedTokenContext.CONFIRMATION_METHOD, confirMethod);
}
// Check if the client is authorized to be issued the token from the STSAuthorizationProvider
//ToDo: handling ActAs case
final STSAuthorizationProvider authzProvider = WSTrustFactory.getSTSAuthorizationProvider();
if (!authzProvider.isAuthorized(subject, appliesTo, tokenType, keyType)){
String user = subject.getPrincipals().iterator().next().getName();
log.log(Level.SEVERE,
LogStringsMessages.WST_0015_CLIENT_NOT_AUTHORIZED(
user, tokenType, appliesTo));
throw new WSTrustException(LogStringsMessages.WST_0015_CLIENT_NOT_AUTHORIZED(