• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 986
  • Last Modified:

web service security error using BasicAuth

Hi guys,
I have a web service deployed on WebSphere App Server. The web service has enabled security by Basic Auth.

Server side:
LoginConfig = Basic Auth
LoginMapping = Basic Auth, Config Name = WSLogin,
Callback Handler = com.ibm.wsspi.wssecurity.auth.callback.WSCallbackHandlerFactoryImpl

Java Client side:
LoginConfig=Basic Auth
LoginBinding= BasicAuth
Callback Handler = com.ibm.wsspi.wssecurity.auth.callback.NonPromptCallbackHandler
user and password have been specified.

Server specs:
Custom registry, SWAM, created new ServerKey and ServerTrust files.

When i invoke client get exception:
WSEC5075E: No security token found which satisfies any one of AuthMethods.

Same error comes from a dot net client.

Environment:
WSAD 5.1.0
Server is IBM WebSphere Application Server Version        5.0.2
Windows 2000

Please let me know why I am getting that error.

Thanks!!
0
kingstrider
Asked:
kingstrider
  • 2
1 Solution
 
rama_krishna580Commented:
Hi,

Problem :
WebSphere - Security does not work properly. For example, the customer may see the following exception:
com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5075E: No security token found which satisfies any one of AuthMethods.  
 
Cause :
This may occur if there is a web service invocation in an application-spawned thread. A web service invocation on a newly spawned thread will not have the correct thread context for WS-Security. The thread context contains web services application metadata. When the engine queries to see if the module (such as a WAR module) is a web services client or web services server, it does not detect the web services metadata (e.g., webservicesclient.xml). When those are not detected, the engine assumes that the client is an unmanaged client. Unmanaged clients do not have the ability to send WS-Security headers in web services requests, so if the receiving service is WS-Secured, the client will fail to authenticate, causing the SoapSecurityException.

Spawned threads do not have access to the thread context that contains web services metadata. Creating new threads within J2EE containers is not a supported practice in WebSphere.  
 
Solution:
Ensure that you are *not* using a spawned thread to perform your web service client invocations.  

i hope it may help you

R.K
0
 
rama_krishna580Commented:
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now