We have spring web services deployed in weblogic & we have security requirement to protect the web services request using siteminder. We are sending the soap requests from application server(eg:from controllers of our web app). Would like to know what is the best way to authenticate the webservice request when the request is coming from application server(i.e no browser session attached to the request).