Mark,
Instead of using filter to perform authentication, we extended the class AbstractPhaseInterceptor
in cxf to intercept the requests and perform basic authentication. We registered the interceptor in
applicationContext.xml.
<jaxrs:inInterceptors>
<ref bean="securityInterceptor" />
</jaxrs:inInterceptors>
<bean id="securityInterceptor" class="org.snia.cdmiserver.interceptor.SecurityInterceptor">
<property name="users">
<map>
<entry key="cloudibm2" value="password" />
<entry key="user5" value="password" />
<entry key="user6" value="password" />
</map>
</property>
</bean>
We also ran some tests with this enabled and it worked as excepted.