I have this simple webservice into my JBOSS AS 7.1.

@javax.jws.WebService(
                      serviceName = "HelloWorldService",
                      portName = "HelloWorldPort",
                      targetNamespace = "http://server.wssecurity.sogei.it/",
                      wsdlLocation = "WEB-INF/wsdl/hello-world.wsdl",
                      endpointInterface = "it.sogei.wssecurity.server.HelloWorld")
@EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml", configName = "Custom WS-Security Endpoint")           
public class HelloWorldImpl implements HelloWorld {

    private static final Logger LOG = Logger.getLogger(HelloWorldImpl.class.getName());

    /* (non-Javadoc)
     * @see it.sogei.wssecurity.server.HelloWorld#sayHello(java.lang.String  arg0 )*
     */
    public java.lang.String sayHello(java.lang.String arg0) {
        LOG.info("Executing operation sayHello");
        System.out.println(arg0);
        try {
            java.lang.String _return = "Hello " +arg0;
            return _return;
        } catch (java.lang.Exception ex) {
            ex.printStackTrace();
            throw new RuntimeException(ex);
        }
    }

}

My WSDL have this policy:

<wsp:Policy wsu:Id="UsernameToken"

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">

<sp:SupportingTokens>

  <wsp:Policy>

   <sp:UsernameToken

    sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">

    <wsp:Policy>

     <sp:WssUsernameToken10 />

    </wsp:Policy>

   </sp:UsernameToken>

  </wsp:Policy>

</sp:SupportingTokens>

</wsp:Policy>

How I can configure jaxws-endpoint-config.xml and web.xml for authenticating UsernameToken with JAAS ????

Thanks in advance