1 Reply Latest reply on Jan 31, 2007 9:12 AM by Philippe Fery

    [WSSecurityHandler] Cannot obtain security configuration

    Thomas Rynne Newbie

      I get the following in the jboss log when trying to use a jbossws webservice with a security domain. i.e. @SecurityDomain("mydomain"):

      [java] 17:58:11,224 WARN [WSSecurityHandler] Cannot obtain security configuration
      [java] 17:58:11,240 ERROR [SOAPFaultExceptionHelper] SOAP request exception
      [java] javax.xml.rpc.soap.SOAPFaultException: Unprocessed 'mustUnderstand' header element: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security
      [java] at org.jboss.ws.handler.HandlerChainBaseImpl.checkMustUnderstand(HandlerChainBaseImpl.java:505)
      [java] at org.jboss.ws.server.ServiceEndpointInvoker.callRequestHandlerChain(ServiceEndpointInvoker.java:229)
      ......

      Btw, I am using annotations and the class files are in a sar.

      Here are my questions, answers to any of these would be greatly appreciated.

      -Do I get the error because the security configuration can not be found?
      -Does 'security configuration' mean jboss-wsse-server.xml?
      -Where should jboss-wsse-server.xml go in a .sar? I've tried the root and META-INF directories.
      -Will I find things easier if I don't use annotations?
      -Once I have this working will jbossws automatially hook into the existing jboss JAAS authentication?

      thanks
      Thomas