Colm, thanks for responding.
It's hard for me to create a test-case because there is so many things involved. I did my best below: Client creates a file called client.properties under */tmp* which looks like this: sign.propFile=client/100/sign.properties enc.propFile=client/100/encrypt.properties resp.propFile=client/100/decrypt.properties My java application is able to find this file without any issues even though /tmp is *not * in the classpath. however when WSS4JOutInterceptor runs when I prepare the soap message, it goes into the WSHandler.loadSignatureCrypto -> WSHandler.loadCrypto method -> WSHandler.loadCryptoFromPropertiesFile -> CryptoFactory.getInstance -> org.apache.ws.security.Loader.getResource which always tries to use the classloader to load the resource. No matter what path I try for the sign.propFile , I get the same error. *What versions of cxf + wss4j are supported currently?* Let me know please so that I can see if I can upgrade. Currently I have the following: <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-bundle</artifactId> <version>2.7.15</version> </dependency> Which pulls in wss4j 1.6.19 as a transitive dependency. -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html