web service security error using BasicAuth

Posted on 2006-03-23
Last Modified: 2013-12-10
Hi guys,
I have a web service deployed on WebSphere App Server. The web service has enabled security by Basic Auth.

Server side:
LoginConfig = Basic Auth
LoginMapping = Basic Auth, Config Name = WSLogin,
Callback Handler =

Java Client side:
LoginConfig=Basic Auth
LoginBinding= BasicAuth
Callback Handler =
user and password have been specified.

Server specs:
Custom registry, SWAM, created new ServerKey and ServerTrust files.

When i invoke client get exception:
WSEC5075E: No security token found which satisfies any one of AuthMethods.

Same error comes from a dot net client.

WSAD 5.1.0
Server is IBM WebSphere Application Server Version        5.0.2
Windows 2000

Please let me know why I am getting that error.

Question by:kingstrider
    LVL 23

    Accepted Solution


    Problem :
    WebSphere - Security does not work properly. For example, the customer may see the following exception: WSEC5075E: No security token found which satisfies any one of AuthMethods.  
    Cause :
    This may occur if there is a web service invocation in an application-spawned thread. A web service invocation on a newly spawned thread will not have the correct thread context for WS-Security. The thread context contains web services application metadata. When the engine queries to see if the module (such as a WAR module) is a web services client or web services server, it does not detect the web services metadata (e.g., webservicesclient.xml). When those are not detected, the engine assumes that the client is an unmanaged client. Unmanaged clients do not have the ability to send WS-Security headers in web services requests, so if the receiving service is WS-Secured, the client will fail to authenticate, causing the SoapSecurityException.

    Spawned threads do not have access to the thread context that contains web services metadata. Creating new threads within J2EE containers is not a supported practice in WebSphere.  
    Ensure that you are *not* using a spawned thread to perform your web service client invocations.  

    i hope it may help you

    LVL 23

    Expert Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    -Xmx and -Xms are the two JVM options often used to tune JVM heap size.   Here are some common mistakes made when using them:   Assume BigApp is a java class file for the below examples. 1.         Missing m, M, g or G at the end …
    This article is about some of the basic and important steps to be used to improve the performance in web-sphere commerce application development. 1) Always leverage the Dyna-caching facility provided by the product 2) Remove the unwanted code …
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video discusses moving either the default database or any database to a new volume.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now