Thanx, Colm. There's a few more things that have migrated somewhere that I'm having trouble finding ... 1. WSSecurityUtil used to have some DOM methods that mostly look like they were moved to XMLUtils. But there's one I can't find - storeElementInContext. Is that one still around, or will I need to implement locally? 2. ReferenceListProcessor used to have a static getXPath method, but it looks like that was recently refactored out. Was that moved somewhere? Thanx, Stephen W. Chappell -----Original Message----- From: Colm O hEigeartaigh [mailto:coheigea@apache.org] Sent: Monday, July 13, 2015 5:59 AM To: users@ws.apache.org Cc: users@cxf.apache.org Subject: Re: WSSConfig Migration 1.6.18 -> 2.1.0 Answers inline. On Fri, Jul 10, 2015 at 8:14 PM, wrote: > WSSConfig doesn’t have that flag anymore as far as I can tell. Is > this default behavior now, or is there some other way to enable that > behavior? I see that I can set it on a RequestData, but I don’t have > one of those at the point I’m setting up the security engine. > You can change your code to create a RequestData Object instead when calling the WSSecurityEngine methods. The WSSecurityEngine methods that don't take RequestData just end up creating RequestData internally anyway: https://svn.apache.org/repos/asf/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSecurityEngine.java > > 2. WSSConfig used to have a method isWsiBSPCompliant(), which would > trigger slightly different behaviors for me depending on its setting > when I retrieved in from a RequestData object. Is that what the > RequestData.isDisableBSPEnforcement() flag is now? > > > Yeah, although it has the opposite semantics, as it is set to false by default, meaning that BSP enforcement is enabled. You can also disable specific BSP rules via the ignoredBSPRules List in RequestData. Colm. > Thanx, > > > > *Stephen W. Chappell* > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com