Details
Description
Right now we search the list of security results from WSS4J from the last result backwards, and stop when we meet a result that can be used to create a security context. However, we should instead create a list of desired tokens/actions with a priority to each one. So for example, if a (signed) SAML token is in the security header, this should have a higher priority than say a Signature, as the likely intention of the service logic is that the SAML Token encapsulates the user identity.