I've turned on the DEBUG mode in the log4j, and find: | 17:11:54,304 DEBUG [SOAPContentElement] setXMLFragment: <UserType_1 xmlns:xsi='h | ttp://www.w3.org/2001/XMLSchema-instance'><msg>Kermit</ms... | 17:11:54,304 DEBUG [SOAPMessage] Incomming SOAPMessage | <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> | <env:Header/> | <env:Body> | <ns1:echoUserType xmlns:ns1='http://org.jboss.ws/samples/wssecurity'> | <UserType_1 xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'><msg&... | sg></UserType_1> | </ns1:echoUserType></env:Body></env:Envelope> | | 17:11:54,304 DEBUG [JAXBSerializer] serialized: <result xmlns:xsi="http://www.w3 | .org/2001/XMLSchema-instance"><msg>Kermit</msg></result> | 17:11:54,304 DEBUG [SOAPContentElement] xmlFragment: <result xmlns:xsi="http://w | ww.w3.org/2001/XMLSchema-instance"><msg>Kermit</msg>&... | 17:11:54,304 DEBUG [SOAPMessage] Outgoing SOAPMessage | <env:Envelope xmlns:env='http://schemas.xmlsoap.org/soap/envelope/'> | <env:Header/> | <env:Body> | <ns1:echoUserTypeResponse xmlns:ns1='http://org.jboss.ws/samples/wssecurity'> | <result xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'> | <msg>Kermit</msg> | </result></ns1:echoUserTypeResponse></env:Body></env:Envelope> | This reinforces my previous finding that despite I use the tag "username" in the *wsse-*.xml file, JBossWS 1.0.3 doesn't render the WSS 1.0 username token profile. I would be expecting JBossWS to generate something like: | <soap:Header> | <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext"> | <wsse:UsernameToken xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext" | xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility" | wsu:Id="merlin-authws-91E90B44-1C8F-0607-BF4F-8B3E3D242EBA"> | <wsse:Username>kchan</wsse:Username> | <wsse:Password Type="wsse:PasswordDigest">1OjLUItM4JKW4D4feXBKuSccBOg=</wsse:Password> | <wsse:Nonce>0pHV+YqqsotZvuwTzVUoUw==</wsse:Nonce> | <wsu:Created>2006-11-1T17:47:10.814Z</wsu:Created> | </wsse:UsernameToken> | </wsse:Security> | </soap:Header> | | | Questions 1. Do any of you have advice or pointer? Is this because JBossWS 1.0.3 does not fully support WSS 1.0 username token? 2. A colleague of mine writes a client to the Java web service in JBoss, and provides the user id and password by setting the property in the SOAP stub (refer to previous replies in this thread). He says this is an alternative way to generate WSS 1.0 username token. My understanding is that this won't generate WSS 1.0 compliant username token. Can any one confirm? Thanks. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982827#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...