We have a jboss server that is shared by another group in our enterprise in which both groups deploy multiple web services onto. They have a separate connector for ssl that references a different keystore/truststore than we have. This is the problem.... When they go to make web service calls to an outside entitiy that requires cert authentication they have access to our keystores to make the call. Is it true that since they share the jvm that its underlying keystore set by jboss is used to attach the cert to the request? Thus allowing them to make calls from our truststore to other web services outside of JBOSS? If so how can we prevent them from doing so?