You can apply annotation @RolesAllowed, eg.: holder for auth roles constant: public class Roles { | private static final XXX = "033"; | | } and in Webservice: @WebMethod | @RolesAllowed(Roles.XXX) | public void youMethod(.... This annotation is same as in EJB and use JAAS to configuration. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4170943#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...