Re: Acegi Security with CXF

I don't know a lot about acegi, but if you are only talking about  
propagating a WS-Security UnsernameToken through a SOAP wss:Security  
header, then yes, CXF is perfectly capable of doing this.

Note, however, that you will need to add some code on the consuming  
side of the message to "validate" the username and password, via  
WSS4J callback, which you'll also need to configure through Spring.  
Like XFire, the CXF WS-Security interceptor is based not only on the  
WSS4J toolkit, but also on the WSS4J Handler architecture (which Axis  
uses, as well).  Not knowing much at all about XFire, I believe the  
CXF configuration should be pretty strightforwardly mappable to CXF.

Shout if you need a sample CXF config.

-Fred

On Aug 27, 2007, at 3:44 PM, Kaleb Walton wrote:

> There is an example at that URL
> as well but it is for XFire and I'm not sure how those concepts  
> translate
> over to CXF; additionally the example they use points out its own
> inefficiency suggesting it should use a custom handler to read the  
> contents
> of the SOAP message via StAX.