I write applications in an ESB-like framework that uses Spring and Maven1, running in WebLogic 8.1.4. We don't use Axis on the server side, we just have a custom HTTP listener that dispatches to a bean based on a SOAP address header.

I apologize if I'm asking trivial questions about Spring-WS and Acegi, I'm just today starting to examine these two packages.

Up to this point, we haven't had to implement security for any services. However, I'm going to have to do this soon for some specific services. I can see that using Acegi to implement Basic auth against our LDAP will be pretty straightforward. However, I'd like to consider the possibility of using WS-Security, UserNameToken at least. Acegi doesn't provide this, but I imagine that Spring-WS does. However, I can't use all of Spring-WS, as I can't replace our listeners our dispatching system.

Is it possible to just use the WS-Security portion of Spring-WS, which plugs into Acegi, to authenticate and authorize web services?

If that's the case, is the WS-Security implementation in M1 and the upcoming M2 solid enough to consider using for this?