Has any one tried to have some hands-on with ws security stuff? I really feel that only reading can not help me, so i tried to use JWDP, but somehow i did not find it so easy to use. Did anyone try to use some other servers, which can be easy but at the same time can improve our understanding?
I use WSS4J, which implements WS-Security, with Axis (a link is in the Web Services FAQ at the bottom of this post). The WSS4J home page has links to two introductory articles on how to use it with Axis. (When you download WSS4J, be sure to get the binary and the additional libraries.) It's not trivial to use, but not really hard either. WS-Security defines some involved procedures (signatures, encryption etc.), and their complexity can not be hidden completely. Some simple stuff (e.g., authentication with username and password) is fairly easy, though.