suggest u use HttpSession to do it because you can integrate web service authentication into your whole security-system.please see the blog of peihexian(知其然.知其所以然) about how to write a filter to get HttpSession: http://blog.csdn.net/peihexian/archive/2006/04/21/671437.aspx
http://blog.csdn.net/peihexian/archive/2006/04/21/671437.aspx
楼主测试吧