using user name and password in a webservice call

The standard way for providing username and passwords is using WS-Security, which provides security information in the SOAP header:

<SOAP-ENV:Header>
  <wsse:Security SOAP-ENV:mustUnderstand="1"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken 
      wsu:Id="UsernameToken-29477163"
      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsse:Username>username</wsse:Username>
      <wsse:Password>verySecret</wsse:Password>
    </wsse:UsernameToken>
  </wsse:Security>
</SOAP-ENV:Header>

WSS4J implements the WS-Security headers for Java.

I like the java5 EE tutorials for these kinds of things, there are code samples and links to resources. http://download.oracle.com/javaee/5/tutorial/doc/bncbx.html

Another really good website for the security side of things in more depth is: OWasp at: https://www.owasp.org/index.php/Main_Page They are the experts in web security IMHO. We used their api's at a bank I worked at recently.

HTH, James

Username and password are generally sent as parts in the http headers.JAX-WS provides constants USERNAME_PROPERTY and PASSWORD_PROPERTY for easy handling of these properties on the server.You will have to write a http handler for accessing these values.

void authenticate(HttpExchange ex){
  Headers headers = ex.getRequestHeaders();
 headers.get(BindingProvider.USERNAME_PROPERTY)
 headers.get(BindingProvider.PASSWORD_PROPERTY)
}

Call this method from the public void handle(HttpExchange ex) method of your Httphandler.