Did you ever find a solution for this? I am having the same problem when combing the USERNAME_TOKEN and TIMESTAMP actions. It appears that if you provide more than one action then it loses the passwordHandlerCallback.
In CXF 1.x we used to use three actions: USERNAME_TOKEN TIMESTAMP NO_SECURITY. This mean that user could easily turn off ws-security on our application and we would not need to redefine the interceptors. Would love to hear if you have managed to do this. -Mark -- View this message in context: http://www.nabble.com/USERNAME_TOKEN-%2B-SIGNATURE-gives-%22General-security-error-%28WSSecurityEngine%3A-No-password-callback-supplied%29%22-tp21814109p23966182.html Sent from the cxf-user mailing list archive at Nabble.com.
