You have two options: you can use a message handler or you can use an intermediary. Both of these approaches allow you to add and process SOAP headers in your message. If you have any requirements at all to support interoperability, then you should make sure that your security header conforms to the OASIS WS-Security 2004 v1.0 specification. (See http://www.oasis-open.org/specs/index.php#wssv1.0).
I must warn you, though. The native SOAP engine in WAS 5.0 is very limited in its capabilities -- especially in terms of advanced features and interoperability. (It predates the WS-I Basic Profile.) I encourage you to either upgrade to WAS 5.1 or later or to install a third party SOAP engine, such as Apache Axis (open source) (see http://ws.apache.org/axis/) or Systinet Server (commercial) (see http://www.systinet.com/products/systinet_server). Apache WSS4J is an open source WS-Security provider (i.e., a pre-built handler that supports WS-Security) designed to work with Apache Axis or any JAX-RPC compliant SOAP engine. You can find a number of open source tools for Axis/WSS4J that plug into Eclipse/WSAD. Systinet Server has a built-in WS-Security provider, and it also provides an Eclipse plug-in.
If you prefer to stay with the WAS 5.0 native SOAP engine, then you might do better by using an intermediary. Apache Synapse (http://incubator.apache.org/synapse) is an open source intermediary, and it can work with WSS4J -- but be warned that the code is still very early stage (as of January 2006). You can also use a variety of commercial products from web services management vendors such as Amberpoint, Blue Titan, SOA Software, and Sonic Software (Actional). Or you can use a hardware-based XML Gateway (an appliance) from vendors such as IBM/DataPower, Forum Systems, Layer 7, and Reactivity.
Dig Deeper on Topics Archive
Related Q&A from Anne Thomas Manes
Anne Thomas Manes explains the differences between open source clients and open source implementations. Continue Reading
Anne Thomas Manes discusses the best way to go about creating an enterprise data dictionary and why the systems works well. Continue Reading
Anne Thomas Manes explains the difference between 'hard' real time and 'live' real time systems. Continue Reading