Why does Tomcat error when I change the keystore?

Question

I have a problem with axis2-client inside JAX-WS web service. This JAX-WS web service is inside Tomcat container. Keystorefile is retrieved dynamically from database. When I start Tomcat I can use ws-client normally and it works fine, but if I change the keystore it fails with stacktrace shown below. If I restart Tomcat it works fine. Does rampart or tomcat have some static variables that aren't flushed until Tomcat is restarted? I use rampart-module 1.3 to sign message for a secure web service. I think inflow and outflow configs are correct since I have been printing them in the log.

The Stacktrace in Tomcat Catalina log:

 org.apache.axis2.AxisFault: Error during Signature: ; nested exception is:
        org.apache.ws.security.WSSecurityException: General security error (No certificates for user user1 were found for signature)
        at org.apache.rampart.handler.WSDoAllSender.processMessage(WSDoAllSender.java:67)
        at org.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:318)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
        at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:416)
        at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:402)
        at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
        at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)

Answer 1

Ok I found out the solution. The trick was to use PolicyBased configuration. I was using old ParameterBased configuration. Here is a link to great blog by Thilina:

How to build rampart-config programmatically..

Remember to define policy.xml file when following this tutorial. This was something that I first forgot to do :)