The problem is when Wss4jSecurityInterceptor is used in the server side, to validate username token (or signature).
Everything looks fine except when a <wsse:header> empty is sent. The Interceptor lets the messsage goes and don't
throw any exceptions.
As an attachment, I'm sending a maven project with JUnit tests to prove the case. The project is a very simple web service
based on the tutorial sample. I just configure the wss4j interceptor for validate username token.
The only test thats doesn't pass is the last 'testSendMessageWithEmptyWsseHeader'
Sorry for my english... it isn't my native language.