So that was some basic configuration. How about adding security etc? I think whatever we do here will translate into adding appropriate configurations to the web.xml of the generated .war. Seems like there are 2 approaches to this: 1. Add a strict config model inside the ESB config file whereby we only allow certain configurations and we manually map those appropriately to the web.xml going into the generated .war sub deployment. 2. We allow the user to specify a suplemental web.xml that gets merged into the generated web.xml. The user would define the "extra" configs as per the web.xml schema. We could allow them specify this inline in the esb config, or externally. We might want to restrict the config types we allow in this e.g. you can't define any servlet/filter configs etc?? Same would apply to jboss-web.xml. So what are the pros/cons to these approaches? Other approaches? The existing http gateway also supports configuration of allowed http methods. Do we need to bring this along? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4237955#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...