I'm programming a web service in Java EE and need to secure the connection. For this purpose I will use HTTPS. But, I need to authenticate the user who calls the web service.
The hardware which consumes the web service wants to authenticate itself via HTTP+Digest, so, the web service goes over HTTP(S).
Is it possible to authenticate SOAP requests over HTTP+Digest? Perhaps I can make my own handler chain and call the authenticate method on the incoming request?
I don't want to implement the web service security stack!