diff --git a/modules/client/src/main/java/org/jboss/wsf/stack/cxf/i18n/Messages.java b/modules/client/src/main/java/org/jboss/wsf/stack/cxf/i18n/Messages.java
index eae839cd6..d02206af4 100644
--- a/modules/client/src/main/java/org/jboss/wsf/stack/cxf/i18n/Messages.java
+++ b/modules/client/src/main/java/org/jboss/wsf/stack/cxf/i18n/Messages.java
@@ -219,4 +219,7 @@ public interface Messages {
 
     @Message(id = 24113, value = "Invalid endpoint URI: %s")
     IllegalArgumentException invalidEndpointURI(String endpoint);
+
+    @Message(id = 24118, value = "BindingOperation is missing for authorization")
+    IllegalArgumentException missingBindingOperationForAuthorization();
 }
diff --git a/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/HandlerAuthInterceptor.java b/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/HandlerAuthInterceptor.java
index 9bc63bc4b..1098c1d31 100644
--- a/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/HandlerAuthInterceptor.java
+++ b/modules/server/src/main/java/org/jboss/wsf/stack/cxf/interceptor/HandlerAuthInterceptor.java
@@ -144,6 +144,10 @@ protected void checkAuthorization(MessageContext ctx)
             SecurityContext secCtx = message.get(SecurityContext.class);
             BindingOperationInfo bop = exchange.getBindingOperationInfo();
             MethodDispatcher md = (MethodDispatcher) exchange.getService().get(MethodDispatcher.class.getName());
+            if (bop == null)
+            {
+               throw MESSAGES.missingBindingOperationForAuthorization();
+            }
             Method method = md.getMethod(bop);
 
             EJBMethodSecurityAttribute attributes = attributeProvider.getSecurityAttributes(method);