Hi- It's a little counter-intuitive, because it works in different ways depending on whether you use cleartext or digested passwords. I'm attaching a handler that does both, and which works fine for me.
Ulf // the username and password we expect incoming WS calls to use private String user = "wsuser"; private String pwd = "wspwd"; public void handle (Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof WSPasswordCallback) { WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) { // digested password if (user.equals(pc.getIdentifer())) pc.setPassword(pwd); } else if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) { // cleartext password if (! user.equals(pc.getIdentifer())) throw new IOException("unknown user: "+pc.getIdentifer()); if (! pwd.equals(pc.getPassword())) throw new IOException("password incorrect for user: "+pc.getIdentifer()); } } else { throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); } } }