Hi, I'm trying to figure out how I can decrypt the soapmessage on a user-based manner. What I mean is that I want to link the UsernameToken to a keystore. What I would like to do is to persist the key for a specific user in a database and then when I receive a web service call I could use the usernametoken to lookup the key I can use for decryption. I've seen something similar in xws-security (if I remember correctly). There the key can be fetched from a database using a parameterized SQL query. Is there something similar in Jbossws? Greetz, Kristof. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3975470#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...