I have a requirement to add security to webservices in a J2EE application where the clients are other applications. My application handles pure http and soap requests that need security. The application runs on weblogic and Spring is used for autowiring the components.
I have done some research and leaning towards PKI approach. But not sure as how and where to implement it.
Any pointers to the examples, current security trends/patterns and preferable techologies would be highly appreciated.