<p>We have an existing Web-Service accessible to everyone who knows the address of the endpoint. The software used on the server:</p><ul><li>Java 6</li><li>Apache CXF 2.2.3</li><li>SOAP Webservice</li></ul><p>Because of massive abuse in the past the access should be limited to authorized people only. The login credentials are stored in a database and should be checked with every request made on the service. The login data should be transmitted in the SOAP-Envelope header and an interceptor should verify the data before the actual invocation of a webservice method. The solution should be based on an open standard which is well defined.</p>