I want to build a secure web-service betweeen a Java producer and a Java consumer. I want to authenticate using Active Directory using the domain accounts that the producer and consumer are running under.
Could you give me an example of this?
(ie: AD trusted automated alternative to manual keystores.)
Look at Spring WS and the and security certificate authentication, 7.2.2.1.3 JaasPlainTextPasswordValidationCallbackHandler, and 7.2.2.3.3 JaasCertificateValidationCallbackHandler.
There are some examples that tie this together through additional research.
Here's an open source library, http://spnego.sourceforge.net/protected_soap_service.html, that has an example of exactly what you are looking to do.
This open source project has an example on how to require authentication (basic auth or Kerberos/Integrated Windows Authentication) via servlet filter.
The project also has an example on how to create a soap client that needs to connect to a protected soap service.