Hello: I'm using Apache CXF 2.7.8 + Spring Security 3.1.1
I want to securize an endpoint ( JAX-RS service) with Basic Auth, and I'm following this example: http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/jax_rs/spring_security/ So, I configure the Spring Security filter in web.xml And all works fine But I'm interested in capturing all errors in authentication phase, so to format the response, but this isn't work. The ExceptionMapper object is never invoked ( I tried several type of exceptions ExceptionMapper<T>, included ExceptionMapper<BadCredentialsException>) Looking at logs, CXF code is never called ( DEBUG mode). For example: 18:07:23.828 [http-8080-3] DEBUG [BasicAuthenticationFilter] [doFilter] - Basic Authentication Authorization header found for user 'xxxxxx' 18:07:23.828 [http-8080-3] DEBUG [ProviderManager] [authenticate] - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider 18:07:23.828 [http-8080-3] DEBUG [DaoAuthenticationProvider] [authenticate] - User 'xxxxxx' not found 18:07:23.828 [http-8080-3] DEBUG [BasicAuthenticationFilter] [doFilter] - Authentication request for failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials 18:07:23.828 [http-8080-3] DEBUG [HttpSessionSecurityContextRepository] [saveContext] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession. 18:07:23.828 [http-8080-3] DEBUG [SecurityContextPersistenceFilter] [doFilter] - SecurityContextHolder now cleared, as request processing completed That's all Looks like request is not seen for CXF code What is wrong ? Thanks and regards
