I'm trying to get spring-security to work with a project where there is both a form login component needed (for website access) and a http-basic or http-digest component for web services. Now we started out with the namespace based configuration, e.g. a spring-security.xml file with stuff like:
<http auto-config="true">
<intercept-url...>
...
</http>
But you have to go with form-based as default or http-basic as default (i.e. this only configures one filter chain). What I want is for some stuff to never redirect to a form and just use http-basic or equivalent. The manual does seem to cover this, only if you follow their advice, you'll end up having to define own filter chains for everything.
So I was wondering, is there really no other way? Is there perhaps a way I can reuse the filter chain introduced by the http element for those elements that can still use the old scheme? The namespace based config is really handy for us since it's easy to read and understandable, whereas a list of bean definitions is less so...