Best way to design authentication service

[javaxmlsoapdev]

We are developing an application in which we use Flex UI in the front end and Spring DAO, business, service layers in the backend. I want to use Acegi Security framework for authentication/authorization etc.

What's the best way to keep authentication/authorization info to the front end (do we really need to pass this info from spring beans to Flex HttpSession (don't know yet if there is any such object in Flex) ). In essense, how to make sure Front end layer doesn't ask for authentication/authorization on every page (to achieve single signon) while calling backend services?

Any pointers would he appreciated.

[ronwheeler]

I have the same question.

I would like to also support other clients (process control systems using webservices to upload information and get data) as well as simple HTTP sessions for adminstrative functions which may become web service access later.

From a quick reading of Acegi, it would seem that Digest with Acegi is a good choice for some very simple authentication with 5-10 users including accounts for the process control systems.

Any comments would be appreciated.