Darran Lofthouse [http://community.jboss.org/people/darran.lofthouse%40jboss.com] replied to the discussion "JBWS-2210 : CXF Username Token JAAS integration" To view the discussion, visit: http://community.jboss.org/message/536531#536531 -------------------------------------------------------------- Yes this is where I think your two interceptor approach will help as it gives you the option of dropping the authorization one when not required. Yes that line is where we push the subject onto the ThreadLocal for the request so it is ready for further checks for subsequent calls. Following the existing code will probably help you get something up and running but do keep in mind that it was written at a time the WS stack needed to support JBoss AS 4, 5 and 6 so a final switch to the APIs recommended by Anil would be required at some point. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/536531#536531] Start a new discussion in JBoss Web Services Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]