JBoss EAP comes with a readme.html file that highlights the differences between AS and EAP. Wait, the EAP binary download doesn't have the readme; instead it is in the docs download. In that file you will see this text: readme wrote : If you are using the rpm, or the zip distribution, please note that by default, authentication is enabled and no user accounts are set up. This is done to prevent unauthorized access to various services of JBoss AS. Please refer to the Installation Guide, or see http://kbase.redhat.com/faq/FAQ_107_9963.shtm for information on how to make the services accessible again. Thus, EAP is locked down. Not only are all of the services secured, but there is no way to log in to any of them. I just now installed devstudio. It doesn't contain this readme. How convenient. But looking at some key files it appears that the version of EAP that comes with devstudio is not locked down. I guess this makes sense because this version of EAP is meant for development use. However, the /jbossws context is still locked down. Curious. I guess they forgot to unlock it. Anyway, edit the server/xxx/deploy/jbossws.sar/jbossws-context.war/WEB-INF/jboss-web.xml file, commenting out the security-domain: <jboss-web> | <!-- A security domain that restricts access | <security-domain>java:/jaas/jmx-console</security-domain> | --> | <context-root>jbossws</context-root> | </jboss-web> View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4187076#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...