to add to to Tim's comments, the message you received indicates that the client-side orb did not include the necessary security info the header of the request message.
this typically happens when the client side orb has not been configured with the security interceptor, or basically does not support the CSIv2 security protocol. There are various sources of info on how to configure a stand-alone client to support CSIv2. I am not sure of all the details, but this is typically accomplished by ensuring that the client side orb used by the appclient container is available to your application via its classpath.
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=276080