I get the following in the jboss log when trying to use a jbossws webservice with a security domain. i.e. @SecurityDomain("mydomain"):
[java] 17:58:11,224 WARN [WSSecurityHandler] Cannot obtain security configuration
[java] 17:58:11,240 ERROR [SOAPFaultExceptionHelper] SOAP request exception
[java] javax.xml.rpc.soap.SOAPFaultException: Unprocessed 'mustUnderstand' header element: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
[java] at org.jboss.ws.handler.HandlerChainBaseImpl.checkMustUnderstand(HandlerChainBaseImpl.java:505)
[java] at org.jboss.ws.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:229)
......
Btw, I am using annotations and the class files are in a sar.
Here are my questions, answers to any of these would be greatly appreciated.
-Do I get the error because the security configuration can not be found?
-Does 'security configuration' mean jboss-wsse-server.xml?
-Where should jboss-wsse-server.xml go in a .sar? I've tried the root and META-INF directories.
-Will I find things easier if I don't use annotations?
-Once I have this working will jbossws automatially hook into the existing jboss JAAS authentication?
thanks
Thomas
Hi thomas!
Have a look here for correct location of both jboss-wsse-server.xml and jboss-wsse-client.xml.
It depends how you application is packaged (war, EJB jar,...)
http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecurityConfig
;-)
Philippe FERY