I agree, it is possible to extract WS Security header from incoming messages by replacing the PortHandler with my custom one, but how can I add authentication to outgoing messages? Here is your code (PortCaller.java): 197 // retain only parts specified by soap:body keeping the parameter order | 198 parameterOrder = new ArrayList(parameterOrder); | 199 parameterOrder.retainAll(partNames); So I found no ability to add any soap header to outgoing message, and no ability to add Authorization http header. Does the jbpm-bpel support multiple users at all? Does it plan to? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3964092#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...