WSEC5075E: No security token found which satisfies any one of AuthMethods
 Technote (troubleshooting)
 
Problem(Abstract)
Web Services Security (WS-Security) in IBM® WebSphere® Application Server may not work properly, with the following exception occurring:

com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5075E: No security token found which satisfies any one of AuthMethods.
 
Cause
This problem may occur if there is a Web service invocation in an application-spawned thread (meaning a thread that is created by application code). A Web service invocation on a newly spawned thread will not have the correct thread context for WS-Security. The thread context contains Web services application metadata. When the Web services engine queries to see if the module (such as a WAR module) is a Web services client or Web services server, it does not detect the Web services metadata (e.g., webservicesclient.xml). When the metadata is not detected, the engine assumes that the client is an unmanaged client.
Unmanaged clients do not have the ability to send WS-Security headers in Web services requests, so if the receiving service is WS-Secured, the client will fail to authenticate, causing the SoapSecurityException.

Spawned threads do not have access to the thread context that contains Web services metadata. Creating new threads within J2EE containers is not a supported practice in Application Server.
 
Resolving the problem
Ensure that a spawned thread is not used to perform Web service client invocations.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Web Services Security
Operating system(s): Windows
Software version: 6.0
Software edition:
Reference #: 1230517
IBM Group: Software Group
Modified date: Feb 15, 2006