I have a simple service that is exposed as a web service. I have a remote web application that submits a simple soap message to this end point. My service exposed through contract definition. I specified my actions mep to be RequestResponse. I then provided in/out xml schemas. The client is able to submit a sop request to this and get a response back. What I want to do is integrate security into set up. I want to do the simplest possible scenario a the moment. I modified my soap message to contain a UsernameToken header. I modified my service definition to contain the security module. When I deploy this setting, I get an exception about AuthenticationRequest not being set in the SEcurityContext in the Message. I guess this is happening because I do not have a gateway set up and I am not using ServiceInvoker directly within my actions. With the set up I have is it possible for me to integrate Security? If so how? If not do i need to have a gateway? jbr http? thanks in advance. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4251850#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...