ws-policy/ws-security and a encrypted header part

[Martin Fernau]

Hi,

is it possible to call a webservice with the following ws-security content:
--cut
    <wsp:Policy 
wsu:Id="CustomBinding_IServiceCustomer_InsertCustomer_Input_policy">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:SignedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                    <sp:Body/>
                    <sp:Header Name="FfeHeader" 
Namespace="http://tempuri.org/"/>
                    <sp:Header Name="To" 
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="From" 
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="FaultTo" 
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="ReplyTo" 
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="MessageID" 
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="RelatesTo" 
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="Action" 
Namespace="http://www.w3.org/2005/08/addressing"/>
                </sp:SignedParts>
                <sp:EncryptedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                    <sp:Body/>
                    <sp:Header Name="FfeHeader" 
Namespace="http://tempuri.org/"/>
                </sp:EncryptedParts>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>
--cut
The problematic part is the "FfeHeader" which needs to be encrypted and 
signed.
All the other parts are working (as far as I can tell).
If I use wsdl2java a class file for the FfeHeader-Type is generated but 
I can find a way how to add it to my request. Thus the resulting request 
contains no such header and therefore the server fails to understand my 
request:
--cut
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Object 
reference not set to an instance of an object.
--cut

I only know the following way to add a custom header to my request:
--cut
ObjectFactory of = new ObjectFactory();
List<Header> headersList = new ArrayList<Header>();
// HeaderType is the generated class for FfeHeader
HeaderType type = of.createHeaderType();
// call several setters on 'type'
[...]

Header ffeHeader = new Header(new QName("http://tempuri.org";, 
"FfeHeader"), type, new JAXBDataBinding(HeaderType.class));
headersList.add(ffeHeader);
client.getRequestContext().put(Header.HEADER_LIST, headersList);
--cut
But this way the FfeHeader is neither signed nor encrypted and the call 
fails with exact the same error message.

I would appreciate any kind of help.

Thanks
Martin