Solved the problem in the following way:
Created an interceptor class that derives from AbstractPhaseInterceptor Specified in the constructor that is should apply to pre-protocol phase (Phase.PRE_PROTOCOL) In handleMessage specified the line of code suggested by Daniel Kulp: WSSConfig.getDefaultWSConfig().setAllowNamespaceQualifiedPasswordTypes(true); Added an <cxf:bus> section to cxf-servlet.xml configuration file Added an <cxf:inInterceptors> section within <cxf:bus> Added first the AbstractPhaseInterceptor derived class to this section Followed by the org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor Added the appropriate constructor-args to WSS4JInInterceptor: action="UsernameToken", passwordType="PasswordText", passwordCallbackClass="..." And it works! -- View this message in context: http://old.nabble.com/Bad-UsernameToken-Values-due-to-.NET-compliance-problem---how-to-solve--tp28524226p28534777.html Sent from the cxf-user mailing list archive at Nabble.com.
