for noraml user name token password mechanism
if client sets:
user name = "user1"
password="" // empty string
Then WSS4j processes it as null. instead it should process it as empty string of size 0 or throw exception as it does in case of username= null
password= " "// blank string with size>0
Then it works fine.
note: for password disgest empty password is replaced by default digest.
It seems that the password is default initialized to null and is not being reinitialized if string size 0.
Appropriate correction or exc4eption mechanism suggested