Here's my situation.

I have a CAS web application and a ACEGI web application that also exposes web services to be protected by ACEGI. There is another application that uses CAS on a different machine that will make a web service call to my ACEGI web application. The CAS authentication is working fine, however the web service call does not.

When a logged in user on the other machine makes a web service call, I get the following message in my logs:

Authentication not added to ContextHolder (could not extract an authentication object from the container which is an instance of Authentication)

and this error eventually occurs:

DEBUG [2004-09-01 11:31:45,008] (SecurityEnforcementFilter.java:191) - Authentication failed - adding target URL to Session: https://hostname.domain.edu:8443/s3d...CuTZa9rVObSKjT
net.sf.acegisecurity.AuthenticationCredentialsNotF oundException: A valid SecureContext was not provided in the RequestContext

My guess is that the CASProcessingFilter is not getting run because the request does not end in /j_acegi_cas_security_check. Is that correct?

How am I supossed to validate a proxy ticket for a web service using the ACEGI framework? Any suggestions would be greatly appreciated!

Thanks,
Matt