What do you mean by doesn't work?
Btw, you should also ask about this on wss4j list, because XFire use this library, so if problem exists maybe its already solved.

If this piece of SOAP header is completly generated by WSS4J then error is definitely not on Xfire side.

1) Same .NET header have probably diferent hash value.
2) Same .NET header have all namespaces in header tag and rest of XML is perfectly readable and small in size.

<wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-20564850" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">xxx</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">UrpQqQY/qXdGar7TKe5oUOLLzOk=</wsse:Password><wsse:Nonce xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oas
is-200401-wss-wssecurity-secext-1.0.xsd">hS6E+nb41TobI66FPB/eoA==</wsse:Nonce><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2006-12-05T11:30:47.595Z</wsu:Created></wsse:UsernameToken></wsse:Security>

Does the solution proposed on wss4j list work ?

No. Still not working.
I must make some tests with etherreal.

If wss4j works as they claims there must be mess with processing properties in WSS4JOutHandler, but this is highly improbable.

I mark this as won't fix, case its not XFire bug ( WSS4J or .Net ) , but can you let us know what exactly caused problem ?