See this bug for details:

https://issues.apache.org/jira/browse/WSS-235

IdResolver.java was refactored from release xmlsec/1.3.0 to xmlsec/1.4.3.

Symptoms:
java.lang.NullPointerException
    at org.apache.xml.security.utils.IdResolver.isElement(Unknown Source)
    at org.apache.xml.security.utils.IdResolver.getEl(Unknown Source)
    at org.apache.xml.security.utils.IdResolver.getElementBySearching(Unknown Source)
    at org.apache.xml.security.utils.IdResolver.getElementById(Unknown Source)
    at org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineResolve(Unknown Source)
    at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)

Problem:
Under certain circumstances, the ID attribute of an XML node in the XMLBeans DOM implementation is treated as !nodeCanHavePrefixUri