Hi, according to RealmAuthenticationAdapter.newInstance() method implementation containing the following code: public static RealmAuthenticationAdapter newInstance(Object context) { RealmAuthenticationAdapter adapter = null; URL url = null; if (context == null) { url = SecurityUtil.loadFromClasspath("META-INF/services/" + UsernameAuthenticator); } else { url = SecurityUtil.loadFromContext("/META-INF/services/" + UsernameAuthenticator, context); } if (url != null) { Object obj = SecurityUtil.loadSPIClass(url, UsernameAuthenticator); if ((obj != null) && !(obj instanceof RealmAuthenticationAdapter)) { throw new XWSSecurityRuntimeException("Class :" + obj.getClass().getName() + " is not a valid RealmAuthenticationProvider"); } adapter = (RealmAuthenticationAdapter) obj; } if (adapter != null) { return adapter; } return new DefaultRealmAuthenticationAdapter(); } The relevant piece of code is: if ((obj != null) && !(obj instanceof RealmAuthenticationAdapter)) { throw new XWSSecurityRuntimeException("Class :" + And because your RealmAuthenticator fulfils all preconditions: public class RealmAuthenticator extends RealmAuthenticationAdapter implements javax.security.auth.callback.CallbackHandler { ... } I bet this is the classloaders related issue. Remember that two classes equals if and only if: ClassA:ClassloaderForA instance of ClassB:ClassloaderForB <=> ClassA == ClassB && ClassloaderForA == ClassloaderForB How did you install Metro? Using our "ant deploy-jbossXYZ" way, right? Try the following steps and let me know if it will work: * Put your RealmAuthenticator to a jar, let's say it's name is my-authenticator.jar * Include META-INF/services/com.sun.xml.xwss.RealmAuthenticator file to refer to your impl in my-authenticator.jar * Copy my-authenticator.jar to jbossws.deployer directory View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4224544#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...