Hi , I'm going to start a web service project in my organization and I'm considering the possible technologies to use. I used the JBossWS implementation and it worked just fine but when it came to implementing the WS-Security specs I saw that it involves using specific configuration files and annotations from JBoss. One of the major concerns I'm having is to not get coupled to a specific App server, thats because my company has alreadly changed from other servers in the past and it involved serious re-work because most projects were coupled to specific details of them. So I'm tempted to abandon using the JBossWS implementation and use SpringWS with is also JAX-WS compliant (including a WS-Security imp) and makes all configuration be inside the application, not getting specific to some appserver. I'll eventualy end up using the Spring over JBoss's EJB3 for simplicity (I'm trying to minimize the mix of technologies). I would like to ask your opinion about these decisions and if it make sense to you, since i'm kinda newbie at these techs!
Evaluate using JBossWS-CXF or JBossWS-Metro which support WS-SecurityPolicy. That's currently the standard way of configuring and using WS-Security.