It seems currently web service publishing using the "inXsd" and "outXsd" attributes ignores any WS-Security tokens in the SOAP header to set into AuthenticationContext. We can get around this by using the SOAPProcessor and the HTTP gateway but this entails opening up a single port for each service we wish to expose. Is there anyway around this problem other than using the SOAPProcessor?