I've verified with WSS4J that the first example request passes when BSP (Basic Security Profile) compliance is turned off. So the problem appears to be that turning off BSP compliance via "ws-security.is-bsp-compliant" is not working with your configuration.
Could you clarify whether you are using WS-SecurityPolicy to configure the service, or just manually adding the WSS4JInInterceptor? If the latter, then the "ws-security.is-bsp-compliant" tag won't work, as this only works with WS-SecurityPolicy. If this is the case, then you can turn off BSP compliance via setting "isBSPCompliant" to "false".
If this doesn't work, could you also paste the service configuration?