11.5.2.  Username/password configuration

When using the Username Token Profile, the username and password are provided and verified through two callback handlers that you need to provide. As the keystore password callback handler, they need to implement javax.security.auth.callback.CallbackHandler; they are configured in jbossws-cxf.xml (or programmatically) through the passwordCallbackClass attribute.