I am not the specialist here but I can try to help you. Chris which is our WSRP lead is currently away for a few days. You could try to secure the endpoints in web.xml located in : jboss-portal.sar/portal-wsrp.sar/portal-wsrp.war/WEB-INF/web.xml try with the ServiceDescriptionService endpoint like that <security-constraint> | <web-resource-collection> | <web-resource-name>Secure Area</web-resource-name> | <url-pattern>/ServiceDescriptionService</url-pattern> | <http-method>POST</http-method> | </web-resource-collection> | <user-data-constraint> | <transport-guarantee>CONFIDENTIAL</transport-guarantee> | </user-data-constraint> | </security-constraint> and also do it for the 3 other endpoints you can find in the web.xml View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4009741#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...