Welcome to the Ranch, Alexander!
Preferably, security should be handled by the
JEE standard security system and not by application code. Or at a minimum, security code in webapps should be handled by a well-vetted security system such as Spring Security. User-designed security systems - including those developed by the local "genius" are almost invariably insecure and often take only minutes for unsophisticated users to crack. Security is too sensitive to be designed by someone whose main job is doing anything else.
Having said that, the preferred way to inject external data into a web application is via the application environment and JNDI. You can then set the value(s) you want to pass in using the webapp administration console and the webapp can retrieve those values from the JNDI
java:comp/env directory tree. That process works under all JEE-compliant webapp servers, not just WebSphere and all OS's.