Hi!
Assuming you want to put the web service URL in the web page:
First of all, are you sure that you want to expose this web service in a web page?
If this is the case, then it is very simple for anyone being able to view your webpage to learn how to invoke the web service.
Provided the web service is not intentionally to be exposed to "the world", I would not invoke it from the presentation of a web application, but (depending on what it does etc etc) from a controller or a service layer. This has the advantage that you can put it behind a
servlet, another service or an
EJB and thus use the regular security mechanisms for servlets etc.
If you are going to expose a SOAP web service to "the world", then
you should read up on web service security, which is quite a vast topic.
Second, what in-data does your web service need to update the state of the database?
Is it to return any outdata to the webpage?
Finally, I recommend listening to this
podcast from SE-Radio about web application security:
http://se-radio.net/podcast/2009-03/episode-128-web-app-security-bruce-sams
It is both entertaining and interesting!
Best wishes!