web.xml, using form and basic authentication simultaneously

There were no responses here for a while, so I did a quick servlet refresher myself. Servlet specs indeed allow only one <login-config> element per web application, so there is no way to have an entry point with BASIC authetication for the REST API and another with FORM-based authentication for the UI. The only option is to build them as two independently deployable applications. To avoid code duplication, it might be a good idea just to let the UI application talk to the REST API the same way the third-party clients are supposed to.


I was also facing a similar problem and I realized that if you are using Wildfly then its possible to configure multiple mechanism using web.xml:-

    <auth-method>BASIC?silent=true,FORM</auth-method>

Using this silent basic authentication will be tried first, which is basic authentication that only takes effect if an Authorization header is present. If no such header is present then form authentication will be used instead.

Maybe its too late for a reply but I just updated this in case someone finds this useful :P