The first link posted by BL was right on the mark. Amongst other things, it says that you can use HTTP Authentication. That involves your web.xml and conf/tomcat-users.xml on the server side (assuming you're using Tomcat, but other
servlet containers work similarly), as well as setting properties in your javax.xml.rpc.Stub on the client, which looks something like:
Stub stub = (Stub) ...; // wherever you get your Stub from
stub._setProperty(Stub.USERNAME_PROPERTY, "username");
stub._setProperty(Stub.PASSWORD_PROPERTY, "password");
No
rocket science involved. This is not very strong security (password is transmitted unencrypted in the HTTP headers), but it's a start. Later, you can run your service over SSL for some additional security, or migrate to using the WS-Security standard.