[CVE-2012-0803] - Apache CXF does not validate UsernameToken policies correctly - Fixed some policy alternative issues with WS-Security - Added + updated a lot of tests based around this