Hello.
I'm trying to secure a webservice client that runs in a EJB or servlet (not in application client).
Due to the fact that I need both UsernameToken AND X509 token profile authentication I tried to configure the SOAP security module using:
[code]
InputStream f = service.getClass().getClassLoader().getResourceAsStream("client-security-config.xml");
XWSSecurityConfiguration config = SecurityConfigurationFactory.newXWSSecurityConfiguration(f);
((BindingProvider) port).getRequestContext().
put(XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION, config);
[/code]
This works in an application client.
But when I try to use this mechanism from a session bean or a servlet on glassfish V2 M4 (b33) it does'nt work. An instance of the security environment handler (configured in the client-security-config.xml) is created but the securing process does not happen actually.
I have JAX-WS 2.1 running on top of JDK 6.
Please help!
Alexander
[Message sent by forum member 'sahlix' (sahlix)]
http://forums.java.net/jive/thread.jspa?messageID=204586