[jboss-user] [JBossWS] - WS-Security question

I implemented WS-Security for Usernametoken authentication for an EJB3 bean. Everything is working fine. But I noticed that when I send the SOAP envelope with just a wsse:security header (without any child elements) , the system allowed to invoke the service (No authentication happened). Is there a bug in there? Code is same as the post here: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=131719 View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4143483#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...