Hi, I'm currently implementing a specific WS scenario which is not really supported by the current release of wss4j/axis2.
The main issues are: 1) Username token without a password (an issue has already been logged for this) 2) Variable username I've solved the first issue by interpreting a 'null' password from the PWCallback handler to indicate that no <password> elements (and nonce etc.) should be output. For the second issue, I've introduced a UsernameCallback to pick up the correct identity. I have patches for both of these features locally (and will submit them via JIRA), but am wondering, based on the age of some issues, wether anyone is still updating wss4j ? Regards, Marcel Ammerlaan.
