I had a WS that used the "Standard WSSecurity Endpoint" and everything worked fine.
Then I needed to add a handler so I grabbed the code to the said endpoint from http://jbws.dyndns.org/mediawiki/index.php?title=JAX-WS_Endpoint_Configuration and added my own handler there.
But I couldn't get it to understand the encryption/security anymore. Then I took a look at standard-jaxws-endpoint-config.xml in the .sar-file and there the endpoint config had the security handler in a post-handler-chain (as opposed to in a pre-handler-chain in the wiki).
What should it be? The post-handler-version is the one that works for me at least.
Yes, the JAX-WS security handler should be configured as a post handler. I fixed the documentation on the wiki. Thanks!