I need to implement a java soap client with message level encryption. This will be running in a slightly older app that has some spring 3 controllers and jax-ws web services.
I need to add message level encryption and so far most of the hit on searches point to cxf. I didn't want to add another framework to the project.
There must be another way to do this.. This subject has been difficult to find good answers on.. any help is appreciated
The standard for SOAP message-level security is WS-Security, so you should use a WS-Security implementation. Since you are already using Spring, look at the Spring WS-Security extension:
https://docs.spring.io/spring-ws/site/reference/html/security.html
You would need to add the Gradle/Maven dependency spring-ws-security to your project.
However, as far as I know, this Spring WS-security extension is quite limited compared to CXF, e.g. it does not support WS-Policy/WS-SecurityPolicy which allows to configure the security policy in a standard way. Also CXF is already integrated with Spring, so I recommend it on the long term. Check the doc if you are interested in the alternative: http://cxf.apache.org/docs/ws-securitypolicy.html