Currently X.509 tokens are validated against a truststore that is local to the ws-security deployment. There is full support for digital signatures and encryption using them. There is not yet support for mapping this to a principal, though it could be done. There is one problem with adding support for this, which is that a WS-Security message may contain many X.509 tokens (perhaps one for signature, and one for encryption), so we would have to somehow decide to pick one.
I have assigned this feature here (in case you choose to monitor it)
I am trying to run the Jbossws examples with a axis wss4j based client. All my server side stuff seems working fine as the webservice is expecting a soap headers with the security. I am looking for the client side key store with the public key based certificate. In the examples, i am not finding the client related security information. Could you please tell me how to create the client side key store with the public key.