Index: spring-ws/security/src/test/java/org/springframework/ws/soap/security/wss4j/Wss4jMessageInterceptorHeaderTestCase.java
===================================================================
--- spring-ws/security/src/test/java/org/springframework/ws/soap/security/wss4j/Wss4jMessageInterceptorHeaderTestCase.java	(revision 14402)
+++ spring-ws/security/src/test/java/org/springframework/ws/soap/security/wss4j/Wss4jMessageInterceptorHeaderTestCase.java	Sun Nov 16 19:47:48 CET 2008
@@ -25,6 +25,7 @@
 import org.springframework.ws.soap.SoapHeaderElement;
 import org.springframework.ws.soap.SoapMessage;
 import org.springframework.ws.soap.security.wss4j.callback.SimplePasswordValidationCallbackHandler;
+import org.springframework.ws.soap.security.WsSecurityValidationException;
 
 public abstract class Wss4jMessageInterceptorHeaderTestCase extends Wss4jTestCase {
 
@@ -68,4 +69,15 @@
         assertXpathExists("header2 not found", "/SOAP-ENV:Envelope/SOAP-ENV:Header/header2", getDocument(message));
 
     }
+
+    public void testEmptySecurityHeader() throws Exception {
+        SoapMessage message = loadMessage("emptySecurityHeader-soap.xml");
+        MessageContext messageContext = new DefaultMessageContext(message, getMessageFactory());
+        try {
+            interceptor.validateMessage(message, messageContext);
+            fail("validation must fail for an empty security header.");
+        } catch (WsSecurityValidationException e) {
+            // expected
-}
+        }
+    }
+}
Index: spring-ws/security/src/main/java/org/springframework/ws/soap/security/wss4j/Wss4jSecurityInterceptor.java
===================================================================
--- spring-ws/security/src/main/java/org/springframework/ws/soap/security/wss4j/Wss4jSecurityInterceptor.java	(revision 14402)
+++ spring-ws/security/src/main/java/org/springframework/ws/soap/security/wss4j/Wss4jSecurityInterceptor.java	Sun Nov 16 20:33:28 CET 2008
@@ -499,7 +499,7 @@
                     validationCallbackHandler, validationSignatureCrypto, validationDecryptionCrypto);
 
             // Results verification
-            if (results == null) {
+            if (results == null || results.size() == 0) {
                 throw new Wss4jSecurityValidationException("No WS-Security header found");
             }
 
Index: spring-ws/security/src/test/resources/org/springframework/ws/soap/security/wss4j/emptySecurityHeader-soap.xml
===================================================================
--- spring-ws/security/src/test/resources/org/springframework/ws/soap/security/wss4j/emptySecurityHeader-soap.xml	Sun Nov 16 19:25:22 CET 2008
+++ spring-ws/security/src/test/resources/org/springframework/ws/soap/security/wss4j/emptySecurityHeader-soap.xml	Sun Nov 16 19:25:22 CET 2008
@@ -0,0 +1,10 @@
+<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
+    <SOAP-ENV:Header>
+        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
+                       SOAP-ENV:mustUnderstand="1">
+        </wsse:Security>
+    </SOAP-ENV:Header>
+    <SOAP-ENV:Body>
+        <tru:StockSymbol xmlns:tru="http://fabrikam123.com/payloads">QQQ</tru:StockSymbol>
+    </SOAP-ENV:Body>
+</SOAP-ENV:Envelope>
\ No newline at end of file