Hi there!

I've started developing a zimlet and can't seem to wrap my head around an issue and have not found any useful info so far.

Details:
I would like to create a zimlet where, using some business logic, I can manipulate database data. Just like a Java (J2EE) web application, but the presentation tier is zimbra(zimlet) inside my company's ZCS.
To do this, I thought the best way would be to create a Java backend (a server) to handle SOAP requests. Why this way? Because using Hibernate and Spring (Spring WS) is an easy and convenient way to implement this funcionality.

So the thing is, currently, my java WebService accepts and serves requests from everywhere. My question is:

How do I know, that the request is coming from a logged in user? How do I authenticate? Am I coming at this at the right angle?

Thanks in advance