policyEnforcer.registerSecurityEvent(operationSecurityEvent);
List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(null, true, protectionOrder);
signedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
List<QName> headerPath = new ArrayList<QName>();
headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
headerPath.add(new QName("http://example.org", "a"));
signedElementSecurityEvent.setElementPath(headerPath);
policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
//additional SignedElements are also allowed!
headerPath = new ArrayList<QName>();
headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
headerPath.add(new QName("http://example.org", "b"));
signedElementSecurityEvent.setElementPath(headerPath);
policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
policyEnforcer.doFinal();
}