Spring security session management via CXF ReST services

[rthamer]

Hi,

I'm very new to spring security framework, so please forgive me if this question is naive. (Spring Framework 2.5.6, Spring security 2.0.6)

I need to write a set or ReST services, the first of which authenticates the client via username/password - this was rather simple:

UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(username, password);
SecurityContextHolder.getContext().setAuthenticati on(auth);

However, I'm having a few issues:

1) I need to pass back the session ID (UUID) from this service. It is being invoked by a client application.
2) I need to authenticate calls to a set of ReST services with various functions via session ID in the HTTP header (the session ID returned from the login call). Simply validating the incoming session ID as valid/authorized.
3) Destroy the session via a logout service (passing in the session ID). I'm assuming this will be easy, however I'm not sure how to map a SecurityContext to an incoming session ID.

I'd like to utilize spring security if possible as to use its various role authorization, however at this point i'm simply looking for the above functionality.

Thanks in advance.