Continuing this little discussion between me myself and I... Found the following logs: 2008-01-15 09:19:36,480 DEBUG [org.jboss.wsf.framework.DefaultSPIProvider] class org.jboss.wsf.spi.invocation.SecurityAdaptorFactory Implementation: org.jboss.wsf.container.jboss42.SecurityAdapterFactoryImpl@c774f0 2008-01-15 09:19:36,482 TRACE [org.jboss.security.SecurityAssociation] setPrincipal, p=kermit, server=true 2008-01-15 09:19:36,483 TRACE [org.jboss.security.SecurityAssociation] setPrincipal, sc=org.jboss.security.SecurityAssociation$SubjectContext@103c25f{principal=kermit,subject=null} 2008-01-15 09:19:36,483 TRACE [org.jboss.security.SecurityAssociation] setCredential, sc=org.jboss.security.SecurityAssociation$SubjectContext@103c25f{principal=kermit,subject=null} Looks like the principal information is set but subject is not, why? When adding: System.out.println("Getting principal from SecurityAssociation: " + org.jboss.security.SecurityAssociation.getPrincipal()); | to the server side implementation of my WS I do get the following log: 2008-01-15 09:19:37,135 INFO [STDOUT] Getting principal from SecurityAssociation: kermit I would much rather use the standard mechanisms to obtain the principal info. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4119947#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...