WS-SecurityPolicy
CXF 2.2 introduced support for using WS-SecurityPolicy to configure WSS4J instead of the custom configuration for WS-Security. However, all of the "background" material for WS-Security still applies and is important to know. WS-SecurityPolicy just provides an easier and more standards based way to configure and control the security requirements. With the security requirements documented in the WSDL as WS-Policy fragments, other tools such as .NET can easily know how to configure themselves to inter-operate with CXF services.