Troubleshoot authentication and authorization for Web services security based on Web Services for J2EE

These Web services are developed and implemented based on the Web Services for Java 2 platform, Enterprise Edition (J2EE) specification. This topic discusses the following troubleshooting authentication and authorization when you are securing Web services:

 

Authentication challenge or authorization failure

is displayed

You might encounter an authentication challenge or an authorization failure if a thread switch occurs. For example, an application might create a new thread or a raw socket connection to a servlet might open. A thread switch is not recommended by the Java 2 Platform, Enterprise Edition (J2EE) specification because the security context information is stored in thread local. When a thread switch occurs, the authenticated identity is not passed from thread local to the new thread. As a result, WebSphere Application Server considers the identity to be unauthenticated. If create a new thread, propagate the security context to the new thread. However, this process is not supported by WebSphere Application Server.

 

Web services security enabled application fails to

start

When a Web services security-enabled application fails to start, you might receive an error message similar to the following:

[6/19/03 11:13:02:976 EDT] 421fdaa2 KeyStoreKeyLo E WSEC5156E: An exception
while retrieving the key from KeyStore object:
java.security.UnrecoverableKeyException: Given final block not properly padded

The cause of the problem is that the keypass value or password provided for a particular key in the key store is invalid. The key store values are specified in the KeyLocators elements of one of following binding files: ws-security.xml, ibm-webservices-bnd.xmi or ibm-webservicesclient-bnd.xmi. Verify that the keypass values for keys specified in the KeyLocators elements are correct.