I have configured a sample prototype application that deploys a WebService (EJB endpoint) to JBoss 4.3 which is secured against my security domain using WS-Security (using UserNameToken.) If the client provides the correct credentials the principal is set correctly. My question is if I want to make a second WebService call from the first one is there a way I can propagate the security context without having to provide some credential information like this: ((BindingProvider)webserviceApi).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, WebServiceConstants.USERNAME); ((BindingProvider)webserviceApi).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, WebServiceConstants.PASSWORD); Basically what I have in mind is something where the subsequent webservice call automatically adds the required ws-security header fields in the next request. For eg. This would be similar to the case where if I were to make a call on a EJB from the webservice that was protected against the same security domain the container would handle the propagation of the security context. Here is the flow I am talking about if I wasn't clear enough: Client --> 1st Webservice --> 2nd Webservice There is some documentation about doing this if using acegi security(spring security) but I was wondering if Jbossws does this somehow. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4185922#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...