You work in the Service Composer perspective of the SAP NetWeaver Developer Studio.
To apply an authentication policy on your composed service, the policy details must be added directly in the WSDL file. In case you want to compose a service, you have to add a policy in the back-end service that you want to compose. Note, that in a composed service:
If you use JAX-WS generation, the resulting composed service will have no configured end point at all.
If you use SDO generation, the resulting service has an enabled end point with basic authentication by default.
If you simplify services, then you can add the policy to the simplified service later on.
For more information about adding a policy in a WSDL, see http://www.w3.org/TR/ws-policy/ and http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.pdf.