I'm looking for a way to add security header to my soap request.
I've found the interceptor, which will solve my problem: UsernameTokenInterceptor Could someone suggest me how to create with my arguments (password, username) this bean and correctly insert it into my jaxws client
<jaxws:client id="***" name="***" endpointName="***" serviceName="***" address="***" serviceClass="***" xmlns:tns="***">
<jaxws:outInterceptors>
<ref bean="myInterceptor" />
</jaxws:outInterceptors>
The UsernameTokenInterceptor is a policy-aware interceptor that gets automatically created if your WSDL has a security policy that matches a sp:UsernameToken (with no other security binding. If so, then a different interceptor is used. UsernameTokenInterceptor is just to insert the UsernameToken). So you only need to specify the username + password as JAX-WS properties and you're done.
If you don't have a security policy, then you want to use the WSS4JOutInterceptor instead, to manually insert a UsernameToken in the outbound security header.
For an example of a policy which will trigger the UsernameTokenInterceptor, see the policy called "DoubleItPlaintextPolicy" here:
If you want to use the manual approach, there is an example in the CXF docs: