Index: spring-ws/security/src/test/java/org/springframework/ws/soap/security/wss4j/Wss4jMessageInterceptorHeaderTestCase.java =================================================================== --- spring-ws/security/src/test/java/org/springframework/ws/soap/security/wss4j/Wss4jMessageInterceptorHeaderTestCase.java (revision 14402) +++ spring-ws/security/src/test/java/org/springframework/ws/soap/security/wss4j/Wss4jMessageInterceptorHeaderTestCase.java Sun Nov 16 19:47:48 CET 2008 @@ -25,6 +25,7 @@ import org.springframework.ws.soap.SoapHeaderElement; import org.springframework.ws.soap.SoapMessage; import org.springframework.ws.soap.security.wss4j.callback.SimplePasswordValidationCallbackHandler; +import org.springframework.ws.soap.security.WsSecurityValidationException; public abstract class Wss4jMessageInterceptorHeaderTestCase extends Wss4jTestCase { @@ -68,4 +69,15 @@ assertXpathExists("header2 not found", "/SOAP-ENV:Envelope/SOAP-ENV:Header/header2", getDocument(message)); } + + public void testEmptySecurityHeader() throws Exception { + SoapMessage message = loadMessage("emptySecurityHeader-soap.xml"); + MessageContext messageContext = new DefaultMessageContext(message, getMessageFactory()); + try { + interceptor.validateMessage(message, messageContext); + fail("validation must fail for an empty security header."); + } catch (WsSecurityValidationException e) { + // expected -} + } + } +} Index: spring-ws/security/src/main/java/org/springframework/ws/soap/security/wss4j/Wss4jSecurityInterceptor.java =================================================================== --- spring-ws/security/src/main/java/org/springframework/ws/soap/security/wss4j/Wss4jSecurityInterceptor.java (revision 14402) +++ spring-ws/security/src/main/java/org/springframework/ws/soap/security/wss4j/Wss4jSecurityInterceptor.java Sun Nov 16 20:33:28 CET 2008 @@ -499,7 +499,7 @@ validationCallbackHandler, validationSignatureCrypto, validationDecryptionCrypto); // Results verification - if (results == null) { + if (results == null || results.size() == 0) { throw new Wss4jSecurityValidationException("No WS-Security header found"); } Index: spring-ws/security/src/test/resources/org/springframework/ws/soap/security/wss4j/emptySecurityHeader-soap.xml =================================================================== --- spring-ws/security/src/test/resources/org/springframework/ws/soap/security/wss4j/emptySecurityHeader-soap.xml Sun Nov 16 19:25:22 CET 2008 +++ spring-ws/security/src/test/resources/org/springframework/ws/soap/security/wss4j/emptySecurityHeader-soap.xml Sun Nov 16 19:25:22 CET 2008 @@ -0,0 +1,10 @@ + + + + + + + QQQ + + \ No newline at end of file