web service security error using BasicAuth

Hi guys,
I have a web service deployed on WebSphere App Server. The web service has enabled security by Basic Auth.

Server side:
LoginConfig = Basic Auth
LoginMapping = Basic Auth, Config Name = WSLogin,
Callback Handler = com.ibm.wsspi.wssecurity.auth.callback.WSCallbackHandlerFactoryImpl

Java Client side:
LoginConfig=Basic Auth
LoginBinding= BasicAuth
Callback Handler = com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler
user and password have been specified.

Server specs:
Custom registry, SWAM, created new ServerKey and ServerTrust files.

When i invoke client get exception:
WSEC5075E: No security token found which satisfies any one of AuthMethods.

Same error comes from a dot net client.

WSAD 5.1.0
Server is IBM WebSphere Application Server Version        5.0.2
Windows 2000

Please let me know why I am getting that error.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


Problem :
WebSphere - Security does not work properly. For example, the customer may see the following exception:
com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5075E: No security token found which satisfies any one of AuthMethods.  
Cause :
This may occur if there is a web service invocation in an application-spawned thread. A web service invocation on a newly spawned thread will not have the correct thread context for WS-Security. The thread context contains web services application metadata. When the engine queries to see if the module (such as a WAR module) is a web services client or web services server, it does not detect the web services metadata (e.g., webservicesclient.xml). When those are not detected, the engine assumes that the client is an unmanaged client. Unmanaged clients do not have the ability to send WS-Security headers in web services requests, so if the receiving service is WS-Secured, the client will fail to authenticate, causing the SoapSecurityException.

Spawned threads do not have access to the thread context that contains web services metadata. Creating new threads within J2EE containers is not a supported practice in WebSphere.  
Ensure that you are *not* using a spawned thread to perform your web service client invocations.  

i hope it may help you


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java App Servers

From novice to tech pro — start learning today.