The JAX-RS community noticed a difference in behavior between CXF and Jersey/RESTEasy where form data in the HTTP body is modified prior to invoking the resource method. There are two differences noted:
1) CXF does not invoke a MessageBodyReader (or any ReaderInterceptors) when there is no entity parameter. I believe that this is proper behavior - or at least an appropriate optimization since there is no parameter, why bother creating one with a MBR (and it's associated ReaderInterceptors)?
2) When the resource method contains both a Form parameter (entity) and a parameter annotated with `@FormParam`, and a Filter or interceptor, etc. has modified the content of of the HTTP body, the value injected for the `@FormParam` parameter does not reflect those modifications, but the Form entity parameter does. This seems inconsistent, and (IMO) violates the spirit of the spec - note that there is no TCK test for this case, so CXF is still compliant - but it differs from other implementations. Here is an example:
If the HTTP request body contains "value=ORIGINAL", then when CXF invokes the processForm method, it will pass "ORIGINAL" to the String value, but will pass a Form object that contains a MultivaluedMap with entry "value=MODIFIED". To be consistent with Jersey and RESTEasy, CXF should inject MODIFIED as the String value.
See JAX-RS API Issue 659 for more details.