To answer your first question I believe it is yes as it belongs to the package weblogic.jws.Policies, so it isn't possible to use it outside Weblogic.
As I know currently JAX-WS doesn't support WS-Security, so there is no standard API or annotations that you can use or rely on.
However it is preferred to can use an XML deployment descriptor provided by your application server instead of using annotation in order to have your code portable between different application servers, as currently many application servers support WS-Security but in different manners.
I am of the strong impression that JAX-WS does indeed support WS-Security.
This can be configured using WS-Policy in the service WSDL and, dropping certain Metro libraries in on the client side, the client automatically recognizes and honors the WS-Policy declarations.
I couldn't find any part in the JAX-WS 2.2 jsr224 specification that says anything about WS-Security, that is why I concluded this answer.
I think Metro supports WS-Security among other WS-* specifications as part of the WSIT project (Web Services Interoperability Technologies), which doesn't have a corresponding jsr. Also as I understand from Metro samples that you use a configuration file named wsit-package.service.xml that resembles a normal WSDL file to configure the required polices