Today's solution is for following about specifying default client provider, which will cause all webservice calls to be signed. But we cannot do that, because other web service we're calling cannot handle digitally signed SOAP messages. Documentation only mentions web service endpoint configuration .
Add following to your glassfish-ejb-jar.xml:
[source,xml ---- <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE glassfish-ejb-jar PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 EJB 3.1//EN" " http://glassfish.org/dtds/glassfish-ejb-jar 31-1.dtd"> <glassfish-ejb-jar> <enterprise-beans> <ejb> <ejb-name>EjbThatSignsSoapRequests</ejb-name> <service-ref> <!-- you might need explicit @WebService(name="service") on that field, even if the field is named service --> <service-ref-name>service</service-ref-name> <port-info> <!-- This is the vital part - specify port of web service --> <wsdl-port> <namespaceURI>urn:webservice:namespace-from-wsdl</namespaceURI> <localpart>WebServicePortName</localpart> </wsdl-port> <message-security-binding auth-layer="SOAP" provider-id="ClientProvider"/> </port-info> </service-ref> </ejb> </enterprise-beans> </glassfish-ejb-jar> ----
Then, configure your client e. g. via admin gui at path Configurations > server-config > Security > Message Security > SOAP > Tab Providers > Client Provider.