Hi Folks, I've just committed some tests showing how to use ws-security with the jbossws-metro stack (http://fisheye.jboss.com/changelog/JBossWS/?cs=6713). Documentation will come on the wiki. However the tests requiring keystore/trustore files (i.e. those involving signature and encryption) are currently disabled since the metro sources we're currently using do not scan the client/server application jars for the keystore/trustore files. This means we have to provide absolute paths to the filesystem in the configuration files to tell the stack where those files are. I found out on the wsit fisheye that more recent releases also scan the jar's META-INF folder and that's why I created JIRA-2158. I've also disabled the UsernameTokenProfile test since it's not possible to enable username token without using a transport security (i.e. https) or -again- message level protection (i.e. sign & encrypt). The problem with https is the same we currently have for the interop usernametoken+http tests which are excluded because they require a proper jboss-web tomcat configuration along with the references to the keystore/trustore to be used for ssl. Does anybody have an interesting idea about this? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4146888#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...