Aug 26th, 2010, 01:53 AM
Two levels of auth?
My customers' front-end allows access via an anonymous user (not logged in) or a logged-in user. My web service is backend/middleware; it always needs authentication to allow use for paying customers only.
So I was reading this article:
And I was wondering if it would be a good design to make HTTP authentication the way a registered customer authenticates, and use SOAP WS-SEC to authenticate the customer's user?
Is something even possible with Spring Security? Or what alternative designs exist?