Hmmmm... Unfortunately, I never tried to secure a web service, I used it only for servlets/JSPs. For those, I would add a "jboss-web.xml" to my app: <?xml version="1.0" encoding="UTF-8"?> | <!DOCTYPE jboss-web PUBLIC | "-//JBoss//DTD Web Application 4.2//EN" | "http://www.jboss.org/j2ee/dtd/jboss-web_4_2.dtd"> | | <jboss-web> | <security-domain>java:/jaas/mydomain</security-domain> | <context-root>...<context-root> | | </jboss-web> | Maybe you could give this one a try? Wolfgang View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4250382#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...