WS-Security Encrypted headers fail with JAX-WS Binding

When building a SOAP web service using CXF, JAX-WS, and the CXF extensions for WS-Security and WS-SecurityPolicy, SOAP headers that are encrypted are correctly decrypted, but are not correctly passed to the endpoint.

This happens because, as far as I can tell, org.apache.cxf.binding.soap.interceptor.SoapHeaderInterceptor correctly searches for headers in the headers list of the Message parameter to handleMessage, but doesn't find it because the encrypted headers didn't really exist in their final form in the actual message.

I've seen this on 2.3.1 and 2.3.3; no reason to suspect that 2.3.2 also has it but I haven't tested. Running Java 1.6.0_24 on OS X, although I don't think the OS or java version has anything to do with it.