X509 Authentication Issue

Question

I am working a web service using Spring WS. I get the...

WSS0258: More Receiver requirements specified than present in the message

...for a Consumer call as shown below with a X509 Certificate (issued from a central system Desmon).

I do not have much experience working with WS-Security. Therefore need some help to set my security policy file and further hints.

I would really appreciate any hints/help.

Consumer Call

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://app.sample.com/customermanagement/btc/service" xmlns:acc="http://app.sample.com/customermanagement/btc/schema/accountslinkingobject">
    <soapenv:Header xmlns:header="http://com.sample.app.japi">
        <header:ApplicationID>XX</header:ApplicationID>
        <header:CallID>XX1</header:CallID>
        <wsse:Security soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="DESMONCertificate" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">REMOVED MORA THAN 2000 BYTES OF CERTIFICATE CONTENT</wsse:BinarySecurityToken>
        </wsse:Security>
    </soapenv:Header>
    <soapenv:Body>.......</soapenv:Body>
</soapenv:Envelope>

And this is my security policy file and interceptors:

Security File

<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" dumpMessages="true">
    <xwss:RequireSignature requireTimestamp="false">
        <xwss:X509Token keyReferenceType="Direct" />
    </xwss:RequireSignature> 
</xwss:SecurityConfiguration> 

Java code from Spring Configuration file

@Bean
public XwsSecurityInterceptor securityInterceptor() {
    XwsSecurityInterceptor result = new XwsSecurityInterceptor();
    result.setCallbackHandler(callbackHandler());
    result.setPolicyConfiguration(new ClassPathResource("security-policy.xml"));
    return result;
}

@Bean SpringCertificateValidationCallbackHandler callbackHandler() {
    SpringCertificateValidationCallbackHandler handler = new SpringCertificateValidationCallbackHandler();
    handler.setAuthenticationManager(authenticationManager());
    return handler;
}
@Bean 
public ProviderManager authenticationManager() {
    ProviderManager pm = new ProviderManager(providers());
    
    return pm;
}
@Bean
public List<AuthenticationProvider> providers() {
    X509AuthenticationProvider provider = new X509AuthenticationProvider();
    provider.setX509AuthoritiesPopulator(new X509AuthoritiesPopulator() {
        
        @Override
        public UserDetails getUserDetails(X509Certificate cert) throws AuthenticationException {
            log.info("Got a Certificate: "+cert.toString());
            return null;
        }
    });
    List<AuthenticationProvider> list = new ArrayList<AuthenticationProvider>();
    list.add(provider);
    return list;
}

Thanks a lot in advance!