We are implementing web service client. We need to implement ws security with username token. I was planning to use wss4j but our client said they want to use SAAJ. I know SAAJ can be used for simple web service but how can it be used in implementing ws security? Any ideas?