Vedran Mikulcic [https://community.jboss.org/people/vmikulcic] commented on the document "AS 7.1.0 Beta1 - Security Enabled By Default" To view all comments on this document, visit: https://community.jboss.org/docs/DOC-17367#comment-11798 -------------------------------------------------- How does the web management application authenticate users then? I'm building an web service that will enable users to add and remove JNDI datasources remotely and, if possible, would like to use that same mechanism to allow this only to the users that know their jboss credentials. Removing access from the auth folder works (i.e. only then ModelControllerClient.Factory.create actually throws an exception on wrong credentials), but mantaining that on 500+ JBoss instalations on various platforms would be a nightmare. Any help would be most appreciated :) --------------------------------------------------