I’m developing a REST/SOAP backend in SpringBoot 2.3.12, Spring Security, JWT and cxf-rt-ws-security.
Services cosumed by REST have JWT Security and SOAP services consume Rest services thru the core use cases (hexagonal architecture).
SOAP services have an Interceptor that makes the security with certificates only.