Greetings,
We currently use JAAS and db stored groups and users to manage a form-based
login. We would also like to have the same level of
authentication\authorization security on a web service we have created.
Since the consumer of the web service is a client device, we do not wish to
use the form authorization\authentication method. We have verified that
using BASIC authentication the conversation between device and web service
functions perfectly. However, this of course precludes our form-based login
for the web site in our enterprise application. Is there a strategy for
mixed BASIC and FORM authentication? Even better might be a mixed FORM (web
site login authentication and authorization) and CLIENT-CERT model.
Thank You,
-Michael