Security has 2 parts Authentication & Authorization.
There are different ways of doing Authentication, but the most simple & secure way is to enable SSL for Axis
servlet.
For Authorization you can use Handlers. Handlers are like servlet filter. You can read the
SOAP message before it is reached to ultimate endpoint and apply Authorization rules.