Using a handler chain is the correct way of signing/encrypting your messages - whatever the code might look like to accomplish it. The lines of code that you asked about are correct given the SERVICE_NAMESPACE that you are using is the same one you use when create the QName for your service (which you then pass into createService()) and the "ClientStuffEndpointPort" corresponds to the name of your endpoint. Those lines of code are telling JBossWS to apply the WSSecurityHandlerOutbound handler to the invocation of "ClientStuffEndpointPort." Also, make sure you are giving your wsse-client configuration file to the "createService" method: URL securityLocation = cl.getResource("jboss-wsse-client.xml"); | QName serviceName = new QName(SERVICE_NAMESPACE, "ClientService"); | ServiceImpl service = (ServiceImpl) factory.createService(wsdlLocation, serviceName, mappingLocation, securityLocation); | Here is my jboss-wsse-client.xml: <?xml version="1.0" encoding="UTF-8"?> | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> | <key-store-file>wsse.keystore</key-store-file> | <key-store-password>jbossws</key-store-password> | <trust-store-file>wsse.truststore</trust-store-file> | <trust-store-password>jbossws</trust-store-password> | <config> | <sign type="x509v3" alias="wsse" /> | <requires> | <signature /> | </requires> | </config> | </jboss-ws-security> I am using the keystore and truststore from jbossws-1.0.2 examples archive. I hope this helps. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3965476#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...