AFAIK JBossWS (and so WISE) doesn't support WS-Security Policy.
Wise, have also problems ant the moment with JBossWS native support of WS-Security since it uses a legacy implementation of JBossWS having some problem there.
Support of WS-Security will be included in next release. Support of WS-Security Policy depends on underlying JAX-WS implementation (JBossWS native at the moment and I don't know if there are any plan to add its support). Maybe Wise will support different underlying JAX-WS implementation in the future, but probably not for next release.
On http://jbws.dyndns.org/mediawiki/index.php?title=JBossWSSpecStatus, there is a clear statement:
Since JBossWS 2.0 we fully cover the JAX-RPC and JAX-WS specifications for J2EE 1.4 and EE 5.
JBossESB supports WS-S on WS endpoints exposed through the ESB, but the SOAPClient doesn't support WS-Sstatement made by Tom Fennelly (see history of this post) still correct ?
Is somebody able to answer this question ?
Can I conclude that in the current version, JBossESB does not support to call webservices that require WS-Security ? If this is correct, in which version will it be included ?
Is it now possible to get sth like
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>MyUserName</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">bE8/ubsGarXfn8utupekxCN4zI4=</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">UmFLFgYOyEub3vmpyO9jng==</wsse:Nonce>
<wsu:Created>2010-09-23T05:50:16.402Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
into the soap header ?