There are multiple stacks for JBoss WS (native, cxf, etc) and each has its different way to provide and configure ws-security for a particular endpoint. Is there any standard way in JBoss WS to configure ws-security which will work across the different implementations?
Having to completetly change how ws-security is handled across JBoss AS5 and AS6 is a pain.
I am trying to build ws-security support into GateIn WSRP, which worked great in AS5, but wont in AS6 since its now using cxf. Is there any point to using JBoss WS for security? It almost seems to make more sense to just use wss4j directly, that will at least work between AS releases.
No, there's no standard way of setting up ws-security, at least not atm. The reason is basically in different options supported and no java spec covering this. We might come to a jbossws common api for doing this, but this is still in planning phase, sorry.