I've taken a look at the failing tests (with JACC server conf). I confirm that on AS5 trunk jbossws currently generates JBossWebMetaData and attaches it to the deployment unit. | 2008-08-20 12:07:01,625 DEBUG [org.jboss.web.tomcat.service.deployers.TomcatDeployer] (RMI TCP Connection(5)-127.0.0.1) Begin deploy, org.jboss.metadata.web.jboss.JBossWebMetaData@1f | 2008-08-20 12:07:01,625 DEBUG [org.jboss.web.tomcat.service.deployers.TomcatDeployer] (RMI TCP Connection(5)-127.0.0.1) Unpacking war to: /home/alessio/dati/jboss-5.0-src/build/output/jboss-5.0.0.CR2/server/jacc/tmp/deploy/ws4ee-jbws309.jar23188-exp.war | | ... | | 2008-08-20 12:07:01,674 DEBUG [org.jboss.web.tomcat.service.deployers.TomcatDeployment] (RMI TCP Connection(5)-127.0.0.1) Linked java:comp/UserTransaction to JNDI name: UserTransaction | 2008-08-20 12:07:01,674 DEBUG [org.jboss.web.tomcat.service.deployers.TomcatDeployment] (RMI TCP Connection(5)-127.0.0.1) linkSecurityDomain | 2008-08-20 12:07:01,674 DEBUG [org.jboss.web.tomcat.service.deployers.TomcatDeployment] (RMI TCP Connection(5)-127.0.0.1) Linking security/securityMgr to JNDI name: java:/jaas/JBossWS | 2008-08-20 12:07:01,675 DEBUG [org.jboss.web.tomcat.service.deployers.TomcatDeployment] (RMI TCP Connection(5)-127.0.0.1) injectionContainer enabled and processing beginning | | ... | | 2008-08-20 12:07:02,755 DEBUG [org.jboss.web.tomcat.service.deployers.TomcatDeployment] (RMI TCP Connection(5)-127.0.0.1) Initialized: {WebApplication: /home/alessio/dati/jboss-5.0-src/build/output/jboss-5.0.0.CR2/server/jacc/tmp/deploy/ws4ee-jbws309.jar23188-exp.war/, URL: file:/home/alessio/dati/jboss-5.0-src/build/output/jboss-5.0.0.CR2/server/jacc/tmp/deploy/ws4ee-jbws309.jar23188-exp.war/, classLoader: BaseClassLoader@2abdb{vfszip:/home/alessio/dati/jboss-5.0-src/testsuite/output/lib/ws4ee-jbws309.jar}:175067} jboss.web:j2eeType=WebModule,name=//localhost/ws4ee-jbws309,J2EEApplication=none,J2EEServer=none | In the 3 failing tests the call is not authorized by the JBossAuthorizationContext, but looking at the messages that go on the wire, I see an HTTP/1.1 200 OK coming back as a reply to the POST request with the SOAP message. I think that's why an exception is not raised on client side and the tests fail with the "Security exception expected" message and the "Premature end of file" complaint. The jbossws endpoint servlet is not called. Please note that it seems to me the calls are rejected in the same way even when using the right principal/credential. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171460#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...