Greetings,
We currently use JAAS and db stored groups and users to manage a form-based login. We would also like to have the same level of authentication\authorization security on a web service we have created. Since the consumer of the web service is a client device, we do not wish to use the form authorization\authentication method. We have verified that using BASIC authentication the conversation between device and web service functions perfectly. However, this of course precludes our form-based login for the web site in our enterprise application. Is there a strategy for mixed BASIC and FORM authentication? Even better might be a mixed FORM (web site login authentication and authorization) and CLIENT-CERT model.
Thank You,
-Michael
[Message sent by forum member 'codealchemist' (codealchemist)]
http://forums.java.net/jive/thread.jspa?messageID=318501