Has anyone implemented security for a webservice exposed as a proxy service via JBOSS ESB ? Can you please share the steps ? We have Application B's webservice proxied on the ESB. Application A will be calling the same. The application A client side WS calling code already exists and we are not using ServiceInvoker anywhere. In the documentation read something about userNameToken and BinarySecurityToken but it is not clear. Basicaly we need to ensure that the service is called App A only on no one else. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4223675#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...