Any followup to this? I'm in a similar situation, I've taken a working EJB-backed web service, added a @EndpointConfig and a /META-INF/jboss-wsse-server.xml that should require a plaintext username token. Testing with soapUi shows that no username token is required when I expected it to fail and require the username.
Did I miss a step? 1) add @EndpointConfig(configName = "Standard WSSecurity Endpoint") 2) create jboss-wsse-server.xml with | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xsi:schemaLocation="http://www.jboss.com/ws-security/config | http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> | <config> | <timestamp ttl="300"/> | <requires/> | </config> | </jboss-ws-security> | Client app should fail since I haven't configured it to send any username token at this point. -Brett View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4163710#4163710 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4163710 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user