Because of WS deployer framework, I had to create the JACC web permissions for the WS deployments in the WS deployers rather than the security deployers. I am referring to the transient tomcat deployment WS uses to deal with WS invocations. When JBossWS starts using AS deployers, I guess we can clean up the JACC permissions creation. If metadata is used by WS, then I think we just have to remove the jacc perm creation from the as/webservice project. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4238006#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...