Hello Gunther. Of course I am sure it is possible. Unfortunately I don't know how to do this manually, but I am sure someone out there knows. Maybe
this will help with some more information.
In case you already have the header constructed (I couldn't tell by looking at your code), you can look
here on how to add a header to the
SOAP envelope. Maybe this is what you were looking for?
But I think it must be complicated enough to handle all aspects of the WS-Security specification that a separate product (Rampart) exists. And with it, the whole security handling becomes a matter of complicated configuration, rather than complicated programming