I would like to create a single .war that contains both a web based FORM login for a web GUI AND BASIC authentication (in this case, for a web service interface.)
/index.html (unsecured welcome page)
+---/interactive (folder containing web pages using auth-method=FORM)
+---/service (servlet mapping for web service using auth-method=BASIC)
I don't see a way to configure such a setup in the web.xml file. It appears that login-config can not appear inside a security-config and that it only allows a single auth-method globally for the .war.
The solution was to create two .war submodules and package them in an .ear file.