The simplest approach to implementing secure Web services is to leverage the security features of the protocol used to exchange messages. This typically involves transporting the SOAP envelope over SSL using Basic, Digest, or Certificate authentication and authorization. This technique is also transportable across platforms, e.g. .NET and J2EE. The drawback to this is that is secures the payload as a whole, giving no fine-grained security to individual sections of the SOAP body.
If you want to secure individual sections of the SOAP body, at this point in time, you must do it in a proprietary manner, i.e. encrypting and decrypting the sections with your favorite toolset. Standards defining techniques for securing individual sections of SOAP payloads are not yet mature.
The SOAP Toolkit will create your WSDL file for you and RPCRouter is part of the org.apache.soap offering.