WS-Security is able to support equivalents of the security measures that we have seen so far via WS-SecurityPolicy. In this recipe, we will see how to test a web service that requires client certificate authenticated transport layer security (TransportBinding), a username and password (UsernameToken), and a valid timestamp (Timestamp element). More about these policies will be covered later.

Most of the apparent complexity is in the service implementation provided by an Apache CXF sample. You should not have to deal with this complexity directly, although it may help your overall understanding if you do take a look at the code. You will need to be happy with certificate handling ...