1 Reply Latest reply on Jan 31, 2007 9:12 AM by phfery

[WSSecurityHandler] Cannot obtain security configuration

thomasrynne Oct 10, 2006 1:08 PM

I get the following in the jboss log when trying to use a jbossws webservice with a security domain. i.e. @SecurityDomain("mydomain"):

[java] 17:58:11,224 WARN [WSSecurityHandler] Cannot obtain security configuration
[java] 17:58:11,240 ERROR [SOAPFaultExceptionHelper] SOAP request exception
[java] javax.xml.rpc.soap.SOAPFaultException: Unprocessed 'mustUnderstand' header element: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
[java] at org.jboss.ws.handler.HandlerChainBaseImpl.checkMustUnderstand(HandlerChainBaseImpl.java:505)
[java] at org.jboss.ws.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:229)
......

Btw, I am using annotations and the class files are in a sar.

Here are my questions, answers to any of these would be greatly appreciated.

-Do I get the error because the security configuration can not be found?
-Does 'security configuration' mean jboss-wsse-server.xml?
-Where should jboss-wsse-server.xml go in a .sar? I've tried the root and META-INF directories.
-Will I find things easier if I don't use annotations?
-Once I have this working will jbossws automatially hook into the existing jboss JAAS authentication?

thanks
Thomas

1. Re: [WSSecurityHandler] Cannot obtain security configuration

phfery Jan 31, 2007 9:12 AM (in response to thomasrynne)

Hi thomas!
Have a look here for correct location of both jboss-wsse-server.xml and jboss-wsse-client.xml.

It depends how you application is packaged (war, EJB jar,...)

http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecurityConfig

;-)
Philippe FERY
Actions