User development, A new message was posted in the thread "JbossWS username authentication not working": http://community.jboss.org/message/528902#528902 Author : Peter Johnson Profile : http://community.jboss.org/people/peterj Message: -------------------------------------------------------------- Sorry, I forgot a step. You also need a <security-contarint> section to restrict access to the web service URL. Here is an example from one of my apps:     <security-constraint>    <web-resource-collection>      <web-resource-name>Secure Sales Tax</web-resource-name>      <url-pattern>/tax</url-pattern>      <http-method>POST</http-method>    </web-resource-collection>    <auth-constraint>      <role-name>merchant</role-name>    </auth-constraint>  </security-constraint>   -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/528902#528902