Recently had chance to work with WSSE headers in OWSM. WSSE information is stored in SOAP Header. When we were getting WSSE security information in SOAP envelope (header), and we were using "Verify Signature" to verify signature. Verify Signature has step to remove the WSSE header so that this signature doesn't get propagated to BPEL, otherwise BPEL will throw exception. E.g.
If you install entire SOASuite in one container (oc4j_soa) and use above option to remove Security headers, it works great. When SOA suite is installed as per Enterprise Deployment Guide where gateway and policy manager are in separate container than oc4j_soa, OWSM doesn't remove the header even with this option.
Quick resolution to this issue is to use XSL and remove the header completely. Earlier we used following XSL to remove entire SOAP header.
We faced the problem with XSL as it removes entire SOAP header. We can use following XSL which can just remove WSSE header from entire SOAP envelope, so if there are custom element in SOAP header, it doesn't get removed.