diff --git a/src/main/java/de/bps/onyx/plugin/wsserver/ReturnWSService.java b/src/main/java/de/bps/onyx/plugin/wsserver/ReturnWSService.java
index 136c8394fb38308ab22cb05a2ec5a9d6aaf1f5ad..e69b10220a36d6df1b51cd80e8ce97bad9454960 100644
--- a/src/main/java/de/bps/onyx/plugin/wsserver/ReturnWSService.java
+++ b/src/main/java/de/bps/onyx/plugin/wsserver/ReturnWSService.java
@@ -54,6 +54,7 @@ import org.olat.ims.qti.QTIResultSet;
 import org.olat.modules.assessment.Role;
 import org.olat.modules.assessment.model.AssessmentEntryStatus;
 
+import de.bps.onyx.plugin.OnyxModule;
 import de.bps.onyx.plugin.OnyxResultManager;
 
 /**
@@ -98,6 +99,11 @@ public class ReturnWSService {
 	public void saveResult(@WebParam(name = "uniqueId") String uniqueId, @WebParam(name = "resultFile") byte[] resultFile, @WebParam(name = "params") MapWrapper params)
 			throws Exception {
 		
+		if(!CoreSpringFactory.getImpl(OnyxModule.class).isEnabled()) {
+			log.warn("ReturnWSService unauthorized attempt, service disabled");
+			throw new RuntimeException("Onyx plugin disabled");
+		}
+		
 		File temp = null;
 		try {
 
@@ -292,6 +298,11 @@ public class ReturnWSService {
 
 	@WebMethod
 	public void saveResultLocal(@WebParam(name = "uniqueId") String uniqueId, @WebParam(name = "resultLocalFile") String resultLocalFile) {
+		if(!CoreSpringFactory.getImpl(OnyxModule.class).isEnabled()) {
+			log.warn("ReturnWSService unauthorized attempt, service disabled");
+			throw new RuntimeException("Onyx plugin disabled");
+		}
+		
 		QTIResultSet qtiResultSet = OnyxResultManager.getResultSet(Long.parseLong(uniqueId));
 
 		if (resultLocalFile == null) {
diff --git a/src/main/java/de/bps/onyx/plugin/wsserver/TraineeStatusService.java b/src/main/java/de/bps/onyx/plugin/wsserver/TraineeStatusService.java
index d85c9cc72ae754be5fced393a0281a16b1db7c3a..0e5c30aadb584aaf7e619bdfb456d4d88c4873fe 100644
--- a/src/main/java/de/bps/onyx/plugin/wsserver/TraineeStatusService.java
+++ b/src/main/java/de/bps/onyx/plugin/wsserver/TraineeStatusService.java
@@ -27,10 +27,12 @@ import javax.jws.WebParam;
 import javax.jws.WebService;
 import javax.jws.soap.SOAPBinding;
 
+import org.olat.core.CoreSpringFactory;
 import org.olat.core.id.Identity;
 import org.olat.core.logging.OLog;
 import org.olat.core.logging.Tracing;
 
+import de.bps.onyx.plugin.OnyxModule;
 import de.bps.onyx.util.ExamPoolManager;
 
 @WebService(name = "TraineeStatusService", serviceName = "TraineeStatusService", targetNamespace = "http://test.plugin.bps.de/")
@@ -46,6 +48,11 @@ public class TraineeStatusService {
 	@WebMethod(operationName = "updateStatus")
 	public void updateStatus(@WebParam(name = "testSessionId") Long testSessionId, @WebParam(name = "studentIds") StudentIdsWrapper studentIds,
 			@WebParam(name = "status") Integer status) {
+		if(!CoreSpringFactory.getImpl(OnyxModule.class).isEnabled()) {
+			log.warn("TraineeStatusService unauthorized attempt, service disabled");
+			throw new RuntimeException("Onyx plugin disabled");
+		}
+		
 		TestState testState = TestState.getState(status);
 		log.info("updateStatus: " + testSessionId + " # " + studentIds + " # " + testState);