Ok, I narrowed down a little bit my question. I see that it is possible to leverage Jaas to populate the SecurityContext principal via the JAASAuthenticationFilter. Now the point is I would like to manage my users and passwords via datasources as explained in karaf documentation <https://karaf.apache.org/manual/latest/developers-guide/security-framework.html> . The point is that my users' passwords are stored in the database as encrypted tokens.
So my previous question becomes: how to specify a javax.security.auth.callback.CallbackHandler to compute received password hash before jaas login? All other steps should be performed transparently by CXF JAASAuthenticationFilter, right? Thank you very much. matteo ----- matteo -- View this message in context: http://cxf.547215.n5.nabble.com/How-to-manage-resource-owner-login-in-CXF-tp5766808p5766839.html Sent from the cxf-user mailing list archive at Nabble.com.