XML and Web Services Security (XWS-Security), provides a framework within which a JAX-WS or SAAJ application developer can secure applications. XWSS is also available from java.net's XWSS project. XWSS 3.0 has a whole lot of new features including realignment with JAXWS 2.1 architecture which gives an impoved performance. Using the XWS-Security framework, developers of JAX-WS can secure their applications by configuring the request and response security policies at the level of service, port, or operation.
XWSS also supports WS-Policy, WS-SecurityPolicy, WS-Trust and WS-SecureConversation. Please refer to the WSIT project for additional details. WSIT is also a part of Project Glassfish.