I'm trying to figure out how I can decrypt the soapmessage on a user-based manner.
What I mean is that I want to link the UsernameToken to a keystore. What I would like to do is to persist the key for a specific user in a database and then when I receive a web service call I could use the usernametoken to lookup the key I can use for decryption.
I've seen something similar in xws-security (if I remember correctly). There the key can be fetched from a database using a parameterized SQL query.