In short, we support anything which involves manipulation of the SOAP header (user names/ passwords, certain tokens), and we support nothing out of the box which involves manipulation of the HTTP header (NTLM/ Kerberos tokens). An exception is HTTP basic authentication.
If you want to manipulate the HTTP headers, at the cost of performance, you could (but shouldn't!) fetch the outgoing data stream in Java and insert the necessary headers.