webservice using security UserNameToken
I am trying to resolve a problem we have using glassfish V2 to publish a simple web service using a plain UserNameToken for security reasons. Since we were using Netbeans 6.5 to archive this we were looking into this tutorial:
Therefore the following steps were done:
In our dev environment we installed the Sun Java(TM) System Access Manager and can administer this through the admin console as well as through the Netbeans IDE. All good. The example from the tutorial worked perfect so we thought we are in a good position to move on.
After changing the security options for our web service we published this on our test environment without any Netbeans installed.
After that the following steps were done:
1. deploying the service
2. configure the realm in Access Manager for the IP address
3. setup the expected user to access the web service.
When our partner is now accessing the web service the actual web service code is not accessed and we always find in the server logging that the security header was not understood.
This is the message we receive at the server:
our wsit.xml looks like that:
<?xml version="1.0" encoding="UTF-8"?>
Does anyone has any idea what configuration might be missing here?
We also realised that in the IDE after turning the security (AM security) on there was a file created under configuration files/ amserver called amconfig.xml.
This file we can't find on the webserver after deploying the service nor in the *.war nor under addons/amserver or so.
The file internally looks like:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
since the information is already in sun-web.xml which is published on the server I think that should not be the problem but might be helpful for you.
Any help appreciated. Thanks!