Web Service Authentication Inside Application

First let me apologize in case I'm repeating a question, it seems I should be since it seems such a fundamental matter, but I can't seem to find an answer...

We have an application deployed on a web server (Web Logic). We have been given a task of providing a web service for one part of the application. The application already exists, uses legacy code, and generally can't be changed too much. The web service is asynchronous.

The application handles authentication and authorization internally using it's own username/password tables in a DB. When implementing the Web Service I can't seem to find any way of authenticating users based on the same mechanism already in place.... The only solution I could find is to create a custom LoginModule, which would be fine except that it by creates a security breach for the Web Logic users that aren't using our application, as well as seeming a bit of an over kill since I only want to authenticate the web service users. It seems that WebLogic authenticates the SOA开发者_开发百科P request way before it actually reaches my service end point, and I need to authenticate only when it gets to the actual application. Am I missing something here? Is there a way for a web service to authenticate users internally? We are using a JAX-RPC web service on WebLogic 11g.

Thanks in advance for any insights!

did you try the built-in RDBMS Authentication Providers?