I am having many issues with WS-Security configuration using JBoss AS 6.1 with JBossWS-CXF 3.4.1 which comes with CXF 2.3.1 and WSS4J 1.5.8.  I am being told on the CXF mailing lists that these versions are ancient and that I should upgrade, but I am in an environment where I am constrained to stick with this version of JBoss AS.

So, my questions are: 

Has anyone successfully updated JBossWS-CXF in AS 6? 

In the compatibility matrix, nothing is marked as tested later than the version that I have.  Am I inviting alot of new issues with JBoss/CXF integration if I do this?

Or, should I just try to disable all the web service stuff in Jboss AS 6 and then completely embed CXF?  If I were to take this approach, what would be an efficient way of going about this, considering that I will have several web service modules that will need it?  Should I bundle them all into an EAR project and then just let the web service modules use them there?  Should I then avoid the JBossWS-Tools in eclipse, which I suppose rely on JBossWS-CXF integration features?

Thanks.