|
Problem(Abstract) |
Web Services Security (WS-Security) in IBM® WebSphere®
Application Server may not work properly, with the following exception
occurring:
com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5075E: No security
token found which satisfies any one of AuthMethods. |
|
|
|
Cause |
This problem may occur if there is a Web service
invocation in an application-spawned thread (meaning a thread that is
created by application code). A Web service invocation on a newly spawned
thread will not have the correct thread context for WS-Security. The
thread context contains Web services application metadata. When the Web
services engine queries to see if the module (such as a WAR module) is a
Web services client or Web services server, it does not detect the Web
services metadata (e.g., webservicesclient.xml). When the metadata is not
detected, the engine assumes that the client is an unmanaged client.
Unmanaged clients do not have the ability to send WS-Security headers in
Web services requests, so if the receiving service is WS-Secured, the
client will fail to authenticate, causing the SoapSecurityException.
Spawned threads do not have access to the thread context that contains Web
services metadata. Creating new threads within J2EE containers is not a
supported practice in Application Server. |
|
|
Resolving the
problem |
Ensure that a spawned thread is not used to perform
Web service client invocations. |
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|