I need to write some server-side java files. The java will generate a successful token which can be stored in a db until a user logs out.

Once the security java classes have been written I need to create a web service where 3rd parties can log in, this talks to my server-side java files generates the token and allows any 3rd party in to access information on our db.

The java and web service have to be secure, so i'm thinking of Apaxhe Axis, http, SSL, XML and creating a WSDL file.

Because I'm new to all this I really have no idea where to start

Has anyone written a logon web service and can give me some advice?

Am I right in writing the java files first to get the security under wraps and then write the web service to gain access to our db so 3rd parties can get their info. The data the 3rd party can have access to will come down in a XML formatted file for the 3rd party to do with what they please and i would like to create a WSDL file to describe the web service to the 3rd parties

I've read loads of tuotirals but still don't know where to start - i'm using eclipse with the wtp and axis plugin intalled

Thanks in advance