Securing a web service means to add security measures to prevent one or more of the following:
1. Unauthorized access to the services of the web service.
2. Tampering of the data sent to and received from the web service.
3. Third party from reading the data sent to and received from the web service.
Examples of measures that can be taken to secure the web service (matching the requirements above):
1. Adding a login mechanism or requiring clients to present a security token from a trusted security service.
2. Checksumming all, or parts of, XML data sent to and received from the web service. XML Digital Signature.
3. Encrypt all or parts of the data going in and out of the web service.
The simplest way is using HTTPS, but then there are also XML Encryption which can encrypt part of a SOAP message.
The simplest scenario is to use basic authentication, as provided by the servlet container(?).
If you want to improve security, add on HTTPS.
This document contains, among a lot of other things, step-by-step tutorial describing how to accomplish the above:
http://faq.javaranch.com/content/Exam-Objectives-5.pdf Best wishes!