I have SLSB exposed as WS. I tried to add security. WS is deployed as jar. I've placed jboss-wsse-server and keystore files into META-INF (together with persistence.xml). <?xml version="1.0" encoding="UTF-8"?> | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> | <key-store-file>META-INF/wsse.keystore</key-store-file> | <key-store-password>jbossws</key-store-password> | <trust-store-file>META-INF/wsse.truststore</trust-store-file> | <trust-store-password>jbossws</trust-store-password> | <config> | <sign type="x509v3" alias="wsse"></sign> | <encrypt type="x509v3" alias="wsse"></encrypt> | <requires> | <signature /> | <encryption /> | </requires> | </config> | </jboss-ws-security> | This configuration is read during deployment (if I put wrong locations of keystores, jar deployment breaks). However, when I try to access this WS with an unsecured client (generated using wsconsume) it responds normally (as if there is no security). Endpoint interface: import javax.ejb.Remote; | import javax.jws.WebMethod; | import javax.jws.WebService; | import javax.jws.soap.SOAPBinding; | | @WebService(name = "CityFacadeProxy", targetNamespace="http://gint_scm_ws") | @SOAPBinding(style=SOAPBinding.Style.DOCUMENT, use=SOAPBinding.Use.LITERAL, parameterStyle=SOAPBinding.ParameterStyle.WRAPPED) | @Remote | public interface CityFacadeSEI { | @WebMethod | public City createCity(String cityName) throws RemoteException; | } | Implemetation bean: import gint.scm.ws.entity.City; | | import javax.ejb.Remote; | import javax.ejb.Stateless; | import javax.jws.WebService; | import javax.persistence.EntityManager; | import javax.persistence.PersistenceContext; | import javax.xml.ws.BindingType; | | import org.jboss.ws.annotation.EndpointConfig; | import org.jboss.wsf.spi.annotation.WebContext; | | @Stateless | @WebService(endpointInterface = "gint.scm.ws.session.CityFacadeSEI", | serviceName = "CityFacadeServis", targetNamespace="http://gint_scm_ws") | @WebContext(contextRoot="/SCM", urlPattern="/*") | @BindingType(value = "http://schemas.xmlsoap.org/wsdl/soap/http?mtom=true") | @EndpointConfig(configName = "Standard WSSecurity Endpoint") | @Remote(CityFacadeSEI.class) | public class CityFacadeBean implements CityFacadeSEI { | | @PersistenceContext(name = "scm") | EntityManager em; | | public City createCity(String cityName) { | em.persist(new City(cityName.hashCode(), cityName)); | return new City(cityName.hashCode(), cityName); | } | | } What's wrong here? There are no examples for security for SLSB WS (or I couldn't find them in last 4 weeks). View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4201217#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...