In some cases, manual configuration of security profile/policy is necessary. In one particular example, I would like to validate cryptographic coverage of a SOAP message while using a traditionally/manually configured interceptor chain. The existing code that enforces such coverage is only accessible to PolicyBasedWSS4JInInterceptor and cannot be reused. Additionally, this code is affected by
The solution could be a class that holds XPath expressions for the different types of required cryptographic coverage and can be injected into a a simple interceptor that is usable without policy based configuration.