cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Willem Jiang <willem.ji...@gmail.com>
Subject Re: svn commit: r1089385 - /cxf/trunk/api/src/main/java/org/apache/cxf/interceptor/Fault.java
Date Wed, 06 Apr 2011 12:03:06 GMT
Hi Dan,

There are some other place which need to know about the cause of soap 
fault such as In the 
org.apache.cxf.databinding.source.XMLStreamDataReader, if there are some 
saop fault is throw from it, we can't know what exactly error from the 
client side.

If the CXF server is put into production, and client is developed by the 
other people outside the company, it will be very difficult for the 
client to trace the real error if the CXF doesn't send the cause of 
exception back to the client.

Because there are lots of place that CXF throws the Fault/SOAPFault 
message, I changed the Fault class for it.

Willem

On 4/6/11 6:35 PM, Daniel Kulp wrote:
>
> I think I'm -1 to this change.   To me, this looks like it may leak security
> information and such to the client.
>
> The only message sent back to the client should be the top level message.
> The "causes" should be logged server side and not reflected back.  If there
> are certain places where we CAN send back a specific cause, we should just do
> that.   We specifically don't send the stacks and such back to the client (by
> default) exactly for that reason.
>
>
> In the case of the SAAJIn, if it's an XMLStreamException, just do something
> like:
>
> throw new SoapFault(new org.apache.cxf.common.i18n.Message(
>                      e.getMessage(), BUNDLE), e, message
>                      .getVersion().getSender());
>
> Dan
>
>
>
> On Wednesday 06 April 2011 6:21:42 AM ningjiang@apache.org wrote:
>> Author: ningjiang
>> Date: Wed Apr  6 10:21:42 2011
>> New Revision: 1089385
>>
>> URL: http://svn.apache.org/viewvc?rev=1089385&view=rev
>> Log:
>> CXF-3442 Fault should not swallow the cause exception message
>>
>> Modified:
>>      cxf/trunk/api/src/main/java/org/apache/cxf/interceptor/Fault.java
>>
>> Modified: cxf/trunk/api/src/main/java/org/apache/cxf/interceptor/Fault.java
>> URL:
>> http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/in
>> terceptor/Fault.java?rev=1089385&r1=1089384&r2=1089385&view=diff
>> ==========================================================================
>> ==== --- cxf/trunk/api/src/main/java/org/apache/cxf/interceptor/Fault.java
>> (original) +++
>> cxf/trunk/api/src/main/java/org/apache/cxf/interceptor/Fault.java Wed Apr
>> 6 10:21:42 2011 @@ -44,7 +44,13 @@ public class Fault extends
>> UncheckedExce
>>
>>       public Fault(Message message, Throwable throwable) {
>>           super(message, throwable);
>> -        this.message = message.toString();
>> +        StringBuffer buffer = new StringBuffer();
>> +        buffer.append(message.toString());
>> +        if (throwable != null) {
>> +            buffer.append(" Caused by :");
>> +            buffer.append(throwable.getMessage());
>> +        }
>> +        this.message = buffer.toString();
>>           code = FAULT_CODE_SERVER;
>>       }
>


-- 
Willem
----------------------------------
FuseSource
Web: http://www.fusesource.com
Blog:    http://willemjiang.blogspot.com (English)
          http://jnn.javaeye.com (Chinese)
Twitter: willemjiang

Connect at CamelOne May 24-26
The Open Source Integration Conference
http://camelone.com

Mime
View raw message