JBossWS creates a transient webapp to deal with ws invocations. The original problem was that this web app metadata was not being fed to the security deployer which happens very early in the pipeline of deployers. For this reason, we generated the JACC permissions for this particular transient web app in the webservices module. The fix would be to get the metadata of this transient web app to go through the chain of deployers just like regular standard web apps that get deployed in AS. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4250658#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...