Thank you for your reply! In the end I simply registered a ExceptionMapper<NotAuthorizedException> and now I redirect the resource owner to our login page (implemented as a wab).
The problem I'm still facing is that when the login wab performs the /authorize/ invocation again (this time with the expected basic authentication header in place), the authorization invocation fails because the securityContext.getUserPrincipal() returns null. What is the right way in CXF to correctly populate the SecurityContext with a sound user principal? Many thanks again, matte ----- matteo -- View this message in context: http://cxf.547215.n5.nabble.com/How-to-manage-resource-owner-login-in-CXF-tp5766808p5766837.html Sent from the cxf-user mailing list archive at Nabble.com.
