+

Search Tips   |   Advanced Search

 

Web services authentication and authorization troubleshooting tips

 

Web services are developed and implemented based on the Web Services for J2EE specification. The are several troubleshooting authentication and authorization considerations when you are securing Web services.

These Web services are developed and implemented based on the Web Services for J2EE specification. This topic discusses troubleshooting authentication and authorization issues to consider when you are securing Web services.

 

Authentication challenge or authorization failure is displayed

You might encounter an authentication challenge or an authorization failure if a thread switch occurs. For example, an application might create a new thread or a raw socket connection to a servlet might open. A thread switch is not recommended by the J2EE specification because the security context information is stored in thread local. When a thread switch occurs, the authenticated identity is not passed from thread local to the new thread. As a result, WAS considers the identity to be unauthenticated. If create a new thread, propagate the security context to the new thread. However, this process is not supported by WebSphere Application Server.

 

Web services security enabled application fails to start

When a Web services security-enabled application fails to start, you might receive an error message similar to the following: 

[6/19/03 11:13:02:976 EDT] 421fdaa2 KeyStoreKeyLo E WSEC5156E: An exception while retrieving the key from KeyStore object:  java.security.UnrecoverableKeyException: Given final block not properly padded

The cause of the problem is that the keypass value or password provided for a particular key in the key store is invalid. The key store values are specified in the KeyLocators elements of one of following binding files: ws-security.xml, ibm-webservices-bnd.xmi or ibm-webservicesclient-bnd.xmi. Verify that the keypass values for keys specified in the KeyLocators elements are correct.

 

Applications with Web services security enabled cannot interoperate between WAS V6.0.x and V5.0.2

Applications with Web services security enabled cannot interoperate between WAS V6.0.x and V5.0.2. When applications attempt to interoperate, a "digest mismatch" error is displayed. An error exists in the cannonicalization algorithm for XML digital signature, which is fixed in V5.1. For Web services security to interoperate between WAS V6 and Version 5.0.2, update your V5.0.2 appserver. To update your V5.0.2 server, access the WAS Support Web site and download the latest fix pack for WAS, V5.0.2.

 

Related tasks


Troubleshooting Web services

 

Related information


Web services: Resources for learning

 

Reference topic