Please have a look at https://docs.jboss.org/author/display/JBWS/WS-Security which has the documentation for WS-Security usage on AS 7 series with JBossWS 4.
ATM you can have a WS-Security enabled endpoint on AS7 withouth Spring, using the @EndpointConfig annotation.
Regarding JBossWS 4 being on Beta stage, that's going to reach Final/GA by the time JBoss AS 7.1.0.Final is released, but most features are already available and usable nevertheless.
Alessio, thanks for your answer.
Actually reading that guide is what had confused me in the first place. The guide uses org.jboss.ws.api.annotation.EndpointConfig to secure the web service, but I can't import that annotation. I thought EndpointConfig was part of spring witch explained why it wasn't available, but apparently I was wrong. As I understand from your answer EndpointConfig should be available, right?
Any idea why I can't import EndpointConfig? Do I need an external jar?
@org.jboss.ws.api.annotation.EndpointConfig is part of the jbossws-api. That's in module org.jboss.ws.api on AS7 and should be automatically available to any deployments. On client side / at compile time you can use the last beta of org.jboss.ws:jbossws-api maven artifact.
I will better move to jboss 6, I find it easier to find documentation and examples on the web.
I marked the first response as correct given that it answered my initial concern, thank you very much for your time.