Using the documentation's ejb-security-plus example, I deployed TestLoginModule, with debug code printed in executed phase.

When calling the SecuredEJB Method from the RemoteClient, the below TestLoginModule Code gets executed correctly.

However  !!!  when calling a @Webservice from a SOAPUI , this login module does not get executed. ! ?

STANDALONE.XML

==================

<security-domain name="jbossws" cache-type="default">

                    <authentication>

     <login-module name="DelegationLoginModule" code="org.jboss.as.quickstarts.ejb_security_plus.TestLoginModule" flag="optional">

                            <module-option name="password-stacking" value="useFirstPass"/>

                        </login-module>

                        <login-module code="Remoting" flag="optional">

                            <module-option name="password-stacking" value="useFirstPass"/>

                        </login-module>

                        <login-module code="RealmDirect" flag="required">

                            <module-option name="password-stacking" value="useFirstPass"/>

                        </login-module>

                    </authentication>

                </security-domain>

JBossWeb.XML

===========================

<!DOCTYPE jboss-web>

<jboss-web>

    <context-root>myapp</context-root>

  <security-domain>jbossws</security-domain>

  <!-- security-domain>other</security-domain -->

</jboss-web>

EJB

==========================

@Stateless

@Remote(RemoteInt.class)

@RolesAllowed({ "guest" })

@WebService

public class SecuredEJB

WEB.xml

=============================

   <login-config>

      <auth-method>BASIC</auth-method>

      <realm-name>RealmUsersRoles</realm-name>

     </login-config>

</web-app>

Does anybody know why the custom login module does not get executed when called from SOAPUI . (When calling as a webservice) ?