Currently, redirections are limited to 'verbs with no content':
In HTTP/1.1 specification it is written that automatic redirection need to be done with care for methods not known to be safe:
The safe methods are GET, HEAD, OPTIONS, and TRACE, those listed in list of verbs with no content .
Although the specification tells to do redirection of not safe method with care, it doesn't forbid it. Currently, it is not possible to do redirection of a POST method with CXF.
Maybe it could be acceptable to configure the list of redirected verbs ?