SWS-524 - Wss4j security header validation: make header elements check overriddable

Author: Tareq Abedrabbo

security/src/main/java/org/springframework/ws/soap/security/wss4j/Wss4jSecurityInterceptor.java

@@ -519,9 +519,7 @@ protected void validateMessage(SoapMessage soapMessage, MessageContext messageCo
                 throw new Wss4jSecurityValidationException("No WS-Security header found");
             }
 
-            if (!handler.checkReceiverResults(results, validationActionsVector)) {
-                throw new Wss4jSecurityValidationException("Security processing failed (actions mismatch)");
-            }
+            checkResults(results, validationActionsVector);
 
             // puts the results in the context
             // useful for Signature Confirmation
@@ -542,6 +540,20 @@ protected void validateMessage(SoapMessage soapMessage, MessageContext messageCo
         soapMessage.getEnvelope().getHeader().removeHeaderElement(WS_SECURITY_NAME);
     }
 
+    /**
+     * Checks whether the received headers match the configured validation actions. Subclasses could override this method
+     * for custom verification behavior.
+     * @param results the results of the validation function
+     * @param validationActionsVector the decoded validation actions
+     * @throws Wss4jSecurityValidationException if the results are deemed invalid
+     */
+    protected void checkResults(Vector results, Vector validationActionsVector)
+            throws Wss4jSecurityValidationException {
+        if (!handler.checkReceiverResults(results, validationActionsVector)) {
+            throw new Wss4jSecurityValidationException("Security processing failed (actions mismatch)");
+        }
+    }
+
     /**
      * Puts the results of WS-Security headers processing in the message context. Some actions like Signature
      * Confirmation require this.