MimeHeaders couldn't be past dowm from SOAPMessage to the ServiceClient, So all the SOAPMessages would be with empty SOAPAction as "". Since the Authorization HTTP Header cann't be set, it is not possible to properly secure SAAJ services using HTTP authentication. Because the WSA-Addressing Action value isn't the same as the SOAPAction header, WS-Security doesn't work, either.
Resolving the problem
To fix this issue, please follow the instruction.
1. Download the patch.SOAPActionMIMEHeader.zip
2. Unzip the attached file into the WebSphere Application Server Community Edition installation directory, and ensure the files listed in the zip file to replace the ones in the server installation directory.
3. Start the server, for example,