JBossWS wiki contains such tutorial as "securing endpoint access". Example at "requiring SSL" demonstrates changes in jboss.xml file , but where is the file situated that must be changed ? And can anyone provide me with details about invoking SLSB methods through jax-rpc, when i use ejb service endpoint. At jboss4guide "web services" paragraph doesn't explain invoking mechanism , so i should understand that mechanism is the same that is described at "Remote Access to Services, Detached Invokers" paragraph. But does it mean that additional changes also are required for invoker specification for example or all this work is done only by declaring CONFIDENTIAL in <transport-gaurantee> tag ?