User password is already hashed by WS client (SoapUI WSS-PasswordType=PasswordDigest).
Password stored in ws-users.properties is unencrypted and dynamically hashed by UsernameTokenCallback nad UsernameTokenCallback.
The question is how to encrypt local password for this mode WSS-PasswordType=PasswordDigest.
Currenty we can do this only for old http digest method which use MD5 and RFC2617 but this is not ws-security.
I suppose the problem is very old [JBESB-3723] Add support for WS-Security UsernameToken with digested password, nonces and timestamps. - JBoss Issue Trac…
Correct workaround is VAULT.
- use Masking passwords for WildFly using non-interactive VaultTool and vault.sh to encrypt password and store in security vault
- in user.properties for user 'wsuser' replace password with result of "Configuration should be done as follows:" (generated above) for example
- add generated in step 1 <vault>...</vault> section to standalone.xml