After trying various options, I finally figured out a way to write a completely generic client by removing the StubExt dependency. This was achieved by using the @HandlerChain annotation on the Service class. This may also work if we use the annotation on the SEI. And then I defined the handler in an xml and referred to it in the annotation as follows: @HandlerChain(file="HelloWorldHandlerChain.xml") But the server side endpoint still does not work if I use @HandlerChain annotation instead of @EndpointConfig to set the security handler. After digging into the source code of JBossWS and the log files for a few hours, I understood that for the WS-Security handler to work correctly, it has to be configured as a POST Handler type. When I used @HandlerChain annotation, it is configured as ENDPOINT Handler type. I was not able to find anyway to specify the type of handler in a standard way. So for now, I'm guessing there is no escape from the @EndpointConfig proprietary annotation. Can someone please confirm the same? I would love to hear that I"m wrong with this because it is not a good idea to fill the source code with proprietary stuff. Doing this in a JBoss specific configuration file will be more cleaner as the code can then easily migrated to a different server without changes to source code. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4215707#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...