Hi, I run my simple 181 (deployed as JAR file) WS on 4.0.4.GA. | package com.amadeus.adp.aproach.websrvc.access.internal; | | import java.rmi.RemoteException; | import javax.ejb.Stateless; | import javax.jws.WebMethod; | import javax.jws.WebService; | import javax.jws.soap.SOAPBinding; | | //import org.jboss.annotation.security.SecurityDomain; | import org.jboss.ws.annotation.PortComponent; | | @WebService( | name = "AproachAmadeus" | , serviceName = "AproachAmadeusService" | , targetNamespace = "urn:com.amadeus.aproachws" | ) | @SOAPBinding(style = SOAPBinding.Style.RPC) | | @Stateless | //@SecurityDomain("aproach_security") | public class AproachAmadeusWS implements AproachAmadeus | { | @WebMethod | public String getName() throws RemoteException { | return "My name is: " + this.getClass().getName(); | } | } | I can run my client using stubs (dynamic call works as well) | private static boolean stubsCall() | { | URL url = null; | try { | url = new URL(TARGET_ENDPOINT_ADDRESS + "?wsdl"); | } catch (MalformedURLException e) { | e.printStackTrace(); | return false; | } | | QName qname = new QName(TARGET_NAMESPACE, SERVICE_NAME); | ServiceFactory factory; | try { | factory = ServiceFactory.newInstance(); | Service service = factory.createService(url, qname); | | Stub stub = (Stub) service.getPort(AproachAmadeus.class); | stub._setProperty(Stub.USERNAME_PROPERTY, "myuser"); | stub._setProperty(Stub.PASSWORD_PROPERTY, "mypass"); | | logger.info("USERNAME: " + stub._getProperty(Stub.USERNAME_PROPERTY)); | logger.info("PASSWORD: " + stub._getProperty(Stub.PASSWORD_PROPERTY)); | | AproachAmadeus aproach = (AproachAmadeus) stub; | logger.info(" RESULT: " + aproach.getName()); | | } catch (ServiceException e) { | e.printStackTrace(); | return false; | } catch (RemoteException e) { | e.printStackTrace(); | return false; | } | logger.debug("stubsCall FINISHED"); | return true; | } | This works very well when no SecurityDomain is defined. However when I uncomment @SecurityDomain("aproach_security") I cannot call my service anymore. My own login module is properly defined (other WEB applications use it) in login-config.xml. On server side I can see my own login module is called, but it doesn't receive usernam and password at all. Did you have similar problems? JBossWS Tutorial shows how to setup security using SSL, but I need my own login module to authenticate users in more sophisticated way. And yet another question: how to call dynamically my service with username and password specification? AXIS Call object has routines for setting those parameters... Please comment. Zbigniew View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971274#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...