- if (m_correlate && !XMLString::equals(m_correlate, response->getInResponseTo()))
- throw BindingException("InResponseTo attribute did not correlate with the Request ID.");
+ if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo()))
+ throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID.");
+
+ m_soaper.getPolicy().evaluate(*response);
+
+ if (!m_soaper.getPolicy().isSecure()) {
+ SecurityPolicyException ex("Security policy could not authenticate the message.");
+ if (m_soaper.getPolicy().getIssuerMetadata())
+ annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it
+ else
+ ex.raise();
+ }