InboundSecurityToken inboundSecurityToken = SecurityTokenFactory.getInstance().getSecurityToken(
signatureType.getKeyInfo(), WSSecurityTokenConstants.KeyUsage_Signature_Verification,
securityProperties, inboundSecurityContext);
SignatureTokenValidator signatureTokenValidator = ((WSSSecurityProperties) securityProperties).getValidator(WSSConstants.TAG_dsig_Signature);
if (signatureTokenValidator == null) {
signatureTokenValidator = new SignatureTokenValidatorImpl();
}
signatureTokenValidator.validate(inboundSecurityToken, (WSSSecurityProperties) securityProperties);
//we have to emit a TokenSecurityEvent here too since it could be an embedded token
inboundSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_Signature);
TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent
= WSSUtils.createTokenSecurityEvent(inboundSecurityToken, signatureType.getId());