Does anyone have a recommendation about web service security architecture in Java (preferably under JBoss)? Any recommended reading?
I want to expose a fairly rich web service to the world but the data are sensitive and it requires authentication from the current client (Flex), accessed via RPC. I definitely do not want any server-side session state.
What's the best way to go about implementing security through web services in Java/JBoss and where can I read about it?