Wow, my head hurts from looking at crypto code inside a JSP. Please, get it out of there.
Now, on to the basic problem. You are using Java
String. That won't work. RC4 and most other modern cihpers operate on octets. An octet is a 8 bit
unit, essentially the same as a C-language unsigned byte. Sadly for us Java folk, Java does not have an Unsigned Byte object. So if you naively use Byte instead, you get some code that works and some that does not. If the leading bit is on, Java will interpret that as making the value negative. Unsigned bytes have values from 0 to 255, not -127 to 128.
If you are careful, you can make it wok.
Or you can use the Google Guava library, that has an unsigned byte object.
Also, why are you using RC4? The real RC4 is proprietary, and the ARCFOUR has questionable origins. Do you really need a stream cipher? You seem to be using it in places that a block cipher would be better.