Thank you for the link to that wiki. Very helpful. To quote from there: "If Spring Security is used for authentication, then CXF's SecurityContext is not initialized automatically. cxf-spring-security provides an interceptor that can be used if this is required. This interceptor adapts an authenticated Authentication object found in the current Exchange to the org.apache.cxf.security.SecurityContext interface and adds it to the current message. Authorities in the Authentication object are mapped one-to-one to roles in the SecurityContext. ...
Setting up Spring's security context: <ssec:spring-security-context-feature> ... This makes it clear that an interceptor would not be the right place to manage Spring's security context. cxf-spring-security solves this issue with the help of a org.apache.cxf.service.invoker.Invoker proxy that will be installed in front of the real invoker (whose responsibility is to dispatch to the right method of the service implementation). This proxy sets up the security context before delegating to the real invoker and removes it after completion. " Doesn't this imply that either an Interceptor or custom invoker is required ? My example is not currently using either approach. Is there an example that uses an Interceptor or Invoker to set up the Security Context? -- View this message in context: http://old.nabble.com/Is-it-possible-to-integrate-CXF-JAX-RS-with-Spring-Security-2.0.5---tp27587340p27623838.html Sent from the cxf-user mailing list archive at Nabble.com.