Installation As of February 2013, XServices require Java 7. Older builds run against Java 5. Apache Tomcat 7 tbd. In short: Deploy .WAR file to Apache Tomcat
Securing with Basic Authentication There is a quick guide explaining Basic Authentication for Tomcat here: http://oreilly.com/pub/a/java/archive/tomcat-tips.html?page=1
Limit access to Sometimes you'll only want to restrict access to to only specified host names or IP addresses. This way, only clients at those specified addresses can use the web services. Tomcat provides two configuration values for that: RemoteHostValve and RemoteAddrValve. These Valves allow you to filter requests by host name or by IP address, and to allow or deny hosts that match. The example below restricts access to the ArchiveService from any machine that is not the local host. <Context path="/XService/ArchiveService" ...> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1" deny=""/> </Context> If no allow pattern is given, then patterns that match the deny attribute patterns will be rejected, and all others will be allowed. Similarly, if no deny pattern is given, patterns that match the allow attribute will be allowed, and all others will be denied. The <context> element must be placed into the server.xml file (into <engine><host>).