The scope of the current Web Service Security provider plug-ins is limited to JSR 196 SPI implementation, and is only supported on Sun Application Server version 9.0 and above.
Clients using JAX-WS based applications on web or J2EE containers that do not support JSR 196 specifications must use handlers.
Clients using SAAJ based applications need to secure the messages programmatically using the OpenSSO Enterprise Client SDK.