The main thing you need to focus is signing and encrypt your message. Actually if you go with anonymous ssl or https (authentication without client) mode of communication your interface is already encrytped server to server level. For this, you basically have to store the client certificate in pi keystore and send the message via pi soap adapter (sync mode). That's enough and you don't need java mapping for it. If the client insists to have message level encryption then you have to have java mapping to implement the signing and encryption. Many clients does not know the difference between system to system and message level encrytion/signing. please clarify first. If you need strictly message level (or specific fields to be encrypted in your payload) then go for java mapping
Again to implement java mappping , I would recommend you can use apache axis implementation. refer apache site as below
http://ws.apache.org/wss4j/package.html
Also another simplest way is using oracle java api as below
http://docs.oracle.com/javase/6/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
http://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/CryptoSpec.html
Hope this helps.
Also you can search scn for the same topic in SCN