Thanks for fast advices, some more information should be provided here.
The real web-service caller is SAPUI5 form published on the portal with required authorization. Collecting username on the form before calling web-service is not an option. Custom username field could be easily compromised using browser.
So the solution must be found somewhere on the backend side, where username could be caught from authorization details.