Hi, I am facing exactly the same problem... So, what's the solution? I am using JBoss_4_2_1_GA. On client side, I also use the request context to set the user name and password: | CmiEndPoint proxy = (CmiEndPoint) service.getPort(CmiEndPoint.class); | BindingProvider bp = (BindingProvider) proxy; | Map<String, Object> reqCtxt = bp.getRequestContext(); | reqCtxt.put(BindingProvider.USERNAME_PROPERTY, user); | reqCtxt.put(BindingProvider.PASSWORD_PROPERTY, password); | proxy.execCmd("Do this command"); | On server side, the WebService is simply declared with the "@WebService" annotation. A security-domain is defined in jboss.xml. Users are defined. The command failed because of an authentification failure: javax.xml.ws.soap.SOAPFaultException: Authentication failure The same user/password used for a RMI client calling directly the underlying stateless session bean works. The same WS client with security disabled on server works. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4078883#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...