Hi there.
I'm getting involved with the web services security
From the wiki I use a simple security configuration example, and deployed my web service.
Just to be sure that it works, I ran a client with no security configuration, expecting to get an exception, but surprisingly this didn't happen, the client works just fine.
After some comparations between examples and my code I realized that I was missing the jboss-web.xml on my secured web service whit the next config:
<jboss-web> <webservice-description> <webservice-description-name>ProfileService</webservice-description-name> <config-name>Standard Secure Endpoint</config-name> </webservice-description> </jboss-web>
Yes, this needs to be fixed. Thanks for reporting
http://jira.jboss.com/jira/browse/JBWS-979