xfire wss 异常 WSS4JInHandler: security processing failed

异常 Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: security processing failed

    如果使用服务器端wss配置：

    <bean id="domInHandler" class="org.codehaus.xfire.util.dom.DOMInHandler" />

       <bean id="wss4jInHandler" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">

              <property name="properties">

                     <props>

                            <prop key="action">UsernameToken</prop><!--  指定认证类型-->

                            <prop key="passwordCallbackClass"><!--指定一个密码回调实现类-->

                            com.szboeye.webservice.handler.PwdCallbackHandler

                            </prop>

                     </props>

              </property>

       </bean>

    客户代码：

                  WSS4JOutHandler wsOut = new WSS4JOutHandler();

                    String actions =WSHandlerConstants.USERNAME_TOKEN;

                    wsOut.setProperty(WSHandlerConstants.ACTION, actions);//动作

                    wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PASSWORD_DIGEST);//WSConstants.PW_DIGEST表示密码以摘要方式发送，这可以保证密码的传输安全。设置为WSConstants.PW_TEXT表示密码以明文方式发送

                    wsOut.setProperty(WSHandlerConstants.USER, "server");   //指定用户    

                    wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPwdCallbackHandler.class.getName());//密码回调类

                    client.addOutHandler(new DOMOutHandler());

                    client.addOutHandler(wsOut);

 

服务端和客户端的 PwdCallbackHandler 和 ClientPwdCallbackHandler 客户端的密码不一致将会导致以上异常，这个异常很正常，说明是非法用户和来校验用户密码，只要两个密码一样，就不会出现以上异常