cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wu, Billy" <Billy...@stercomm.com>
Subject Encrypting/Signing the Server Exception
Date Thu, 04 Sep 2008 19:23:39 GMT
Hi,

 

We are developing a web service using CXF 2.1.1, and we are
encrypting/signing all the inbound/outbound messages using WSS4J.
Everything works fine until when there is an exception.  When an
exception is thrown from a web service, it bypasses all the
encryption/signing, and return a soap fault back to the client in clear
text.  Here is an example,

 

<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><soap:
Fault><faultcode>soap:Server</faultcode><faultstring>VALD001E Missing
required field [name].    VALD001E Missing required field [name].
</faultstring><detail><ns1:ValidationException
xmlns:ns1="http://service.ws.sspgui.sterlingcommerce.com/"
/></detail></soap:Fault></soap:Body></soap:Envelope>

 

However, since the client is expecting the message to be encrypted and
signed, the client will get the following without the original soap
fault message,

 

Caused by: org.apache.ws.security.WSSecurityException: An error was
discovered processing the <wsse:Security> header

      at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JI
nInterceptor.java:168)

 

What we really want to do is for the client to catch the exception, so
it can be handled appropriately.  Does anyone know a good solution to
this issue?

 

Thanks,

 

Billy


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message