Web services X509身份验证问题

我正在使用SpringWS开发一个web服务。我使用X509证书（由中央系统Desmon颁发）获得消费者呼叫的“WSS0258:More Receiver requirements specified That present in the message”，如下所示

我在WS-Security方面没有太多经验。因此，需要一些帮助来设置我的安全策略文件和进一步的提示

如果有任何提示/帮助，我将不胜感激

Consumer Call
=============
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://app.sample.com/customermanagement/btc/service" xmlns:acc="http://app.sample.com/customermanagement/btc/schema/accountslinkingobject">
   <soapenv:Header xmlns:header="http://com.sample.app.japi">
      <header:ApplicationID>XX</header:ApplicationID>
      <header:CallID>XX1</header:CallID>
      <wsse:Security soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="DESMONCertificate" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">REMOVED MORA THAN 2000 BYTES OF CERTIFICATE CONTENT</wsse:BinarySecurityToken>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
    .......
   </soapenv:Body>
</soapenv:Envelope>

消费者呼叫
=============
XX
三十一
已删除超过2000字节的证书内容
.......

这是我的安全策略文件和拦截器：

Security File
============
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" dumpMessages="true">
  <xwss:RequireSignature requireTimestamp="false">
    <xwss:X509Token keyReferenceType="Direct" />
  </xwss:RequireSignature> 
</xwss:SecurityConfiguration> 

Java code from Spring Configuration file
========================================
    @Bean
public XwsSecurityInterceptor securityInterceptor() {
    XwsSecurityInterceptor result = new XwsSecurityInterceptor();
    result.setCallbackHandler(callbackHandler());
    result.setPolicyConfiguration(new ClassPathResource("security-policy.xml"));
    return result;
}

@Bean SpringCertificateValidationCallbackHandler callbackHandler() {
    SpringCertificateValidationCallbackHandler handler = new SpringCertificateValidationCallbackHandler();
    handler.setAuthenticationManager(authenticationManager());
    return handler;
}
@Bean 
public ProviderManager authenticationManager() {
    ProviderManager pm = new ProviderManager(providers());

    return pm;
}
@Bean
public List<AuthenticationProvider> providers() {
    X509AuthenticationProvider provider = new X509AuthenticationProvider();
    provider.setX509AuthoritiesPopulator(new X509AuthoritiesPopulator() {

        @Override
        public UserDetails getUserDetails(X509Certificate cert) throws AuthenticationException {
            log.info("Got a Certificate: "+cert.toString());
            return null;
        }
    });
    List<AuthenticationProvider> list = new ArrayList<AuthenticationProvider>();
    list.add(provider);
    return list;
}

安全文件
============
来自Spring配置文件的Java代码
========================================
@豆子
public XwsSecurityInterceptor securityInterceptor（）{
XwsSecurityInterceptor结果=新的XwsSecurityInterceptor（）；
setCallbackHandler（callbackHandler（））；
setPolicyConfiguration（新的ClassPathResource（“security policy.xml”）；
返回结果；
}
@Bean SpringCertificateValidationCallbackHandler callbackHandler（）{
SpringCertificateValidationCallbackHandler=新的SpringCertificateValidationCallbackHandler（）；
setAuthenticationManager（authenticationManager（））；
返回处理程序；
}
@豆子
公共ProviderManager authenticationManager（）{
ProviderManager pm=新的ProviderManager（providers（））；
返回pm；
}
@豆子
公共列表提供者（）{
X509AuthenticationProvider=新的X509AuthenticationProvider（）；
setX509AuthoritiesPopulator（新的X509AuthoritiesPopulator（）{
@凌驾
public UserDetails getUserDetails（X509Certificate cert）引发AuthenticationException异常{
log.info（“获得证书：+cert.toString（））；
返回null；
}
});
列表=新的ArrayList（）；
列表。添加（提供者）；
退货清单；
}

提前多谢