&quot;darran.lofthouse(a)jboss.com&quot; wrote : A new operation 'AuthorizeOperation' will be added to JBossWS and this will be called last if the 'authorize' element is present. The purpose of this operation will be to take whatever is set on the 'SecurityAssociation' and perform the authentication and authorization using the approach shown by Anil. | | The configuration would look as follows: - | | | | <config> | | <requires> | | <authorize> | | </unchecked> | | </authorize> | | </requires> | | </config> | | | OK Darran, that's fine with me. Is this going to apply to both pojo and ejb endpoints, isn't it? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4178255#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...