It is possible to call a web service by assembling the requests at runtime using, for instance, SAAJ (see http://en.wikipedia.org/wiki/SAAJ for an explanation of SAAJ).
There should be nothing stopping you from calling a secured web service either, however I cannot elaborate on details since I do not know how the web service is secured.
SAAJ should do the trick for you if you do not want to generate client artifacts. It will enable communication with both JAX-WS and JAX-RPC web services.
For an example on how to use SAAJ, please take a look at section 5.7 in my book, which you can download for free here: http://www.slideshare.net/krizsan/scdjws-5-study-notes-3085287 Registration required to download, but that is also free.