We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

web service security error using BasicAuth

kingstrider
kingstrider asked
on
Medium Priority
1,038 Views
Last Modified: 2013-12-10
Hi guys,
I have a web service deployed on WebSphere App Server. The web service has enabled security by Basic Auth.

Server side:
LoginConfig = Basic Auth
LoginMapping = Basic Auth, Config Name = WSLogin,
Callback Handler = com.ibm.wsspi.wssecurity.auth.callback.WSCallbackHandlerFactoryImpl

Java Client side:
LoginConfig=Basic Auth
LoginBinding= BasicAuth
Callback Handler = com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler
user and password have been specified.

Server specs:
Custom registry, SWAM, created new ServerKey and ServerTrust files.

When i invoke client get exception:
WSEC5075E: No security token found which satisfies any one of AuthMethods.

Same error comes from a dot net client.

Environment:
WSAD 5.1.0
Server is IBM WebSphere Application Server Version        5.0.2
Windows 2000

Please let me know why I am getting that error.

Thanks!!
Comment
Watch Question

Hi,

Problem :
WebSphere - Security does not work properly. For example, the customer may see the following exception:
com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5075E: No security token found which satisfies any one of AuthMethods.  
 
Cause :
This may occur if there is a web service invocation in an application-spawned thread. A web service invocation on a newly spawned thread will not have the correct thread context for WS-Security. The thread context contains web services application metadata. When the engine queries to see if the module (such as a WAR module) is a web services client or web services server, it does not detect the web services metadata (e.g., webservicesclient.xml). When those are not detected, the engine assumes that the client is an unmanaged client. Unmanaged clients do not have the ability to send WS-Security headers in web services requests, so if the receiving service is WS-Secured, the client will fail to authenticate, causing the SoapSecurityException.

Spawned threads do not have access to the thread context that contains web services metadata. Creating new threads within J2EE containers is not a supported practice in WebSphere.  
 
Solution:
Ensure that you are *not* using a spawned thread to perform your web service client invocations.  

i hope it may help you

R.K

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.