Again continuing this discussion with myself. One way I guess to solve this issue would be to use handlers. One picks up the credential information from the soap header and when the response is sent another handler adds the header fields. This way the second webservice will try to authenticate against the headers added by my handler. Would this be a correct solution? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4185930#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...