You have two options: you can use a message handler or you can use an intermediary. Both of these approaches allow you to add and process SOAP headers in your message. If you have any requirements at all to support interoperability, then you should make sure that your security header conforms to the OASIS WS-Security 2004 v1.0 specification. (See http://www.oasis-open.org/specs/index.php#wssv1.0).
I must warn you, though. The native SOAP engine in WAS 5.0 is very limited in its capabilities -- especially in terms of advanced features and interoperability. (It predates the WS-I Basic Profile.) I encourage you to either upgrade to WAS 5.1 or later or to install a third party SOAP engine, such as Apache Axis (open source) (see http://ws.apache.org/axis/) or Systinet Server (commercial) (see http://incubator.apache.org/synapse/) is an open source intermediary, and it can work with WSS4J -- but be warned that the code is still very early stage (as of January 2006). You can also use a variety of commercial products from web services management vendors such as Amberpoint, Blue Titan, SOA Software, and Sonic Software (Actional). Or you can use a hardware-based XML Gateway (an appliance) from vendors such as IBM/DataPower, Forum Systems, Layer 7, and Reactivity.
Dig Deeper on Service-oriented architecture (SOA)
Related Q&A from Anne Thomas Manes
Anne Thomas Manes explains the differences between open source clients and open source implementations. Continue Reading
Anne Thomas Manes discusses the best way to go about creating an enterprise data dictionary and why the systems works well. Continue Reading
Anne Thomas Manes explains the difference between 'hard' real time and 'live' real time systems. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.