Any update on this? Has a JIRA todo been created? I'm running into the same problem. I'd like to base64(SHA1(nonce + createdTimeStamp + password)) and send that value in the SOAP Header as part of the WSSE UsernameToken. However, JBoss appears to not be doing anything with this when the actual authentication occurs on the server-side....In order to get WSSE auth working, I have to send a clear password as the value of the 'password' element in the Security header. Is full WSSE functionality something that has to be implemented in a LoginModule, or will this be implemented in a later rev of JbossWS? David View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3975628#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...