You bet, it's:
[#|2008-06-19T16:37:29.578-0400|WARNING|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=14;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=783256bd-904b-47b7-823e-6775dc063249;|SEC5052: null Subject used in SecurityContext construction.|#]
Apparently it matches the message key "java_security.null_subject" and is a warning in SecurityContext.constructors. It's just a warning, and if it's null they create a new Subject to use instead, so it may not be significant.
I configured my simpleSoap SAM as the default provider for SOAP, but I never see any output from it's constructor or from it's methods in the logs. In contrast, when I had it configured as a HttpServlet SAM, I did see log messages.
It's like it's being ignored.
Right... maybe I should back up....
We are trying to develop a webservice that is protected by a username and password. The original plan was to decorate every method with a u/p, but we were hoping for a nicer solution than this, something that would let us factor out the u/p from the interface definition for the service.
I started digging yesterday, trying to find out this is done, which is where I dug up the whole USERNAME_PROPERTY etc fragments.
Since we'd had some luck with SAM's before, the idea was to try to use the SOAP flavor to make this happen.
Is this heading in the right direction?
[Message sent by forum member 'brian_of_fortent' (brian_of_fortent)]
http://forums.java.net/jive/thread.jspa?messageID=281410