Unfortunately there is no standard way to specify what WS-Security features should be applied to a web service. Each WS engine uses its own system, which means that there is a certain amount of non-portability. Axis is a bit better than what you're showing here, in that it uses external deployment descriptors that leave no trace in the source code.
Is it possible to use WSS4J with weblogic. Does this will give portability across different soap engines? - This is the one which I am currently looking into.
Joined: Mar 22, 2005
WSS4J is the library that implements WS-Security; I believe (not quite sure) that all SOAP stacks use it. But the way it's integrated differs between servers, so I don't think that there's currently a way to achieve cross-platform compatibility.