See this bug for details: https://issues.apache.org/jira/browse/WSS-235 IdResolver.java was refactored from release xmlsec/1.3.0 to xmlsec/1.4.3. Symptoms: java.lang.NullPointerException at org.apache.xml.security.utils.IdResolver.isElement(Unknown Source) at org.apache.xml.security.utils.IdResolver.getEl(Unknown Source) at org.apache.xml.security.utils.IdResolver.getElementBySearching(Unknown Source) at org.apache.xml.security.utils.IdResolver.getElementById(Unknown Source) at org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineResolve(Unknown Source) at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source) Problem: Under certain circumstances, the ID attribute of an XML node in the XMLBeans DOM implementation is treated as !nodeCanHavePrefixUri