a possible solution for client side WS-Security support could be implemented using callbacks. On the server side WS-Security is implemented with Interceptor. On the client-side the api semantic is different i.e. the callback mechanism allows specifying a callback for every send operation while on the server side you decide at configuration time what interceptor attach to the EndpointMapping.
My proposal is the following one
add four properties to the WebServiceTemplate class:
the after and before is referred to the callback specified at invocation time.
In the new implementation if the AfterRequestCallBackList is set (the property accept a list of callbacks) the callback list specified is invoked and executed after the callback sepcified by the user at runtime, on the the other end if the BeforeRequestCallBackList is set the callback list specified is invoked and executed before the callback sepcified by the user at runtime.
the same for ResponseCallback.
You can specify both the four properties.
This is the desing part; on the implementation side the WS-Security callbacks can be implmented using the existing handlers. Probably there is the need for a CallbackChain class in order to centralize the management ot the execution of a Callback list.
I'm not sure if these new methods should affect the WebServiceTemplate interface.
What do you think about?