Security has 2 parts Authentication & Authorization.
There are different ways of doing Authentication, but the most simple & secure way is to enable SSL for Axis servlet.
For Authorization you can use Handlers. Handlers are like servlet filter. You can read the SOAP message before it is reached to ultimate endpoint and apply Authorization rules.