You should use a servlet filter that can validate your sesssion before it gets to your servlet.
Check the example here in the question. Unable to access session data in servlet filter on app engine dev server
Here's a more thorough example http://brendangraetz.wordpress.com/2010/06/17/use-servlet-filters-for-user-authentication/
You can add the servlet filter to as many services as you need by adding more filter-mapping stanzas.
<!-- Example servlet loaded into servlet container -->
<filter>
<description>Requires user to log in as a member</description>
<filter-name>SecurityFilter</filter-name>
<filter-class>some.package.SecurityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/com.example.foo.Foo/myService</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>myServiceImpl</servlet-name>
<servlet-class>
com.example.foo.server.MyServiceImpl
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>myServiceImpl</servlet-name>
<url-pattern>/com.example.foo.Foo/myService</url-pattern>
</servlet-mapping>