We have a set of services which implement the Signature policy (X509 certificate) policy using the Spring provided Wss4jSecurityInterceptor.

Now we have a situation where we want the same set of services to support UsernameToken policy too for a new set of clients, in such a way that it doesn't impact the existing clients in whatsoever manner and they continue to use the older policy.

So my query is:-

1. Is it possible to have the same endpoint support two separate policies?
2. If yes, how do we achieve that using Spring's Wss4jSecurityInterceptor?