By default, JSR clients do not preemptively pass the HTTP Basic Authorization header in requests when the Oracle Web Services Manager (OWSM) oracle/wss_http_token_client_policy policy is configured. The Oracle Directory Server Enterprise Edition DSML web service does not request this authorization header from the client. Therefore, a client that is willing to use HTTP basic authentication must be configured to preemptively stash the header in the initial request. You can achieve this by setting the ClientConstants.PREEMPTIVE_BASIC_AUTH property to true in the request context.
The OWSM oracle/wss_http_token_over_ssl_client_policy policy includes timestamps in the SOAP header by default. These timestamps are not supported by Oracle Directory Server Enterprise Edition, so you must set the orasp:include-timestamp attribute to false in the policy description. For example: