Hi,

We are looking into migrating from 5.1 to 6.0. We ironed out most of the corner cases without much fuss, so both our unit tests and integration tests are passing. However, we still can not solve ws security. In 5.1 with jbossws native stack security worked out of box. In 6.0 with cxf stack we had to do much configuration to make it work and although we made it work there are is still some issues we need to resolve.

The main issues is that cxf security is not setting user princiapl and roles in EjbContext. This is major issue for us both from auditing and data access point of view.

Is there some combination of jboss/cxf interceptors that can do this?

Also, it seems that we have to list all endpoints that we want secured. Is there some way we can use *  for all?

Thank you in advance,

Branko