Karl Beowulph [http://community.jboss.org/people/KBeowulph] created the discussion "Minimum required for basic user/password authentication on a POJO?" To view the discussion, visit: http://community.jboss.org/message/545289#545289 -------------------------------------------------------------- Hello. I've followed the authentication guide ( http://community.jboss.org/wiki/JBossWS-Authentication http://community.jboss.org/wiki/JBossWS-Authentication) and have (mostly) successfully implemented basic security on a POJO web service. The problem I'm having though is that my client requires two-sets of authentication setting; once for the HTTP basic authentication, and again in the request context (same user and password).  Is there a way I can set it so that the user only needs to authenticate at the request context level? My files are as follows... h1. Service *web.xml* <?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp_ID" version="2.4" xmlns=http://java.sun.com/xml/ns/j2ee xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">      <display-name>securityWs_PoC</display-name>      <servlet>           <servlet-name>secureWs</servlet-name>           <servlet-class>com.securityWs.SecureWs</servlet-class>           <load-on-startup>1</load-on-startup>      </servlet>      <servlet-mapping>           <servlet-name>secureWs</servlet-name>           <url-pattern>/secureWs</url-pattern>      </servlet-mapping>      <welcome-file-list>           <welcome-file>index.html</welcome-file>           <welcome-file>index.htm</welcome-file>           <welcome-file>index.jsp</welcome-file>           <welcome-file>default.html</welcome-file>           <welcome-file>default.htm</welcome-file>           <welcome-file>default.jsp</welcome-file>      </welcome-file-list>      <!-- Security -->      <security-constraint>           <web-resource-collection>                <web-resource-name>All resources</web-resource-name>                <url-pattern>/*</url-pattern>                <!-- <http-method>POST</http-method> -->           </web-resource-collection>           <auth-constraint>                <role-name>friend</role-name>           </auth-constraint>      </security-constraint>      <security-role>           <role-name>friend</role-name>      </security-role>      <login-config>           <auth-method>BASIC</auth-method>           <realm-name>JBossWS</realm-name>      </login-config> </web-app> *jboss-web.xml* <jboss-web>      <security-domain>java:/jaas/JBossWS</security-domain> </jboss-web> *SecureWs.java* package com.securityWs;   import javax.jws.WebService;     @WebService public class SecureWs {            public String echo(String word){           return word+" "+word;      }   }                                         h1. Client *TestSecureClient.java* package com.secureClient;   import static org.junit.Assert.assertEquals;                                             Thanks. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/545289#545289] Start a new discussion in JBoss Web Services at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]