Thanks for your response and guidance .
In our Web service we have used JAX-WS and using RAD and Web sphere application server .Our Web service is in Top Down approach .
After I googled on WS-Security and specially after going through the URL
webpage I understand
We can implement this using WSS4J but still I need two more input to implement this .
1.I need to know what are the component I need to incorporate in my code to make it run for example we have to write handler,update deployment descriptor in server and may be something in client side as well .
2.How it is ensureing my web service will not be hacked if somebody get access to the request soap xml which actually contain password in its header .