cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wu, Billy" <>
Subject Encrypting/Signing the Server Exception
Date Thu, 04 Sep 2008 19:23:39 GMT


We are developing a web service using CXF 2.1.1, and we are
encrypting/signing all the inbound/outbound messages using WSS4J.
Everything works fine until when there is an exception.  When an
exception is thrown from a web service, it bypasses all the
encryption/signing, and return a soap fault back to the client in clear
text.  Here is an example,


Fault><faultcode>soap:Server</faultcode><faultstring>VALD001E Missing
required field [name].    VALD001E Missing required field [name].


However, since the client is expecting the message to be encrypted and
signed, the client will get the following without the original soap
fault message,


Caused by: An error was
discovered processing the <wsse:Security> header



What we really want to do is for the client to catch the exception, so
it can be handled appropriately.  Does anyone know a good solution to
this issue?





  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message