I'm trying to modify an existing application that uses JBoss Application Server 4.0.3, and I find myself confused about how to secure web services with Basic Authentication. The AS documentation says all I need is a web-service.xml document, and that's all I have, but the only tutorial I found on securing web services wants edits to jboss.xml and ejb-jar.xml. There are no ejb-jar.xml or jboss.xml files anywhere to be found. I figure I can add the security policy to the application's login-config.xml easily enough, but I have no idea how to tell JBoss to use that policy for the web service only. What am I failing to understand? Thanks for any help! Chris View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985050#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...