cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tomas Majak <tomas.ma...@nasdaqomx.com>
Subject RE: How to get rid of certain runtime exceptions in the log?
Date Thu, 12 Nov 2009 09:21:46 GMT
Thanks for your reply, I came to the same conclusion, seems a bit of a hack to do that...
Assuming that you're involved in development of CXF:
What if I where to submit a patch, I'm guessing customizing the behavior in the PhaseInterceptorChain
may be the simplest fix. One solution could be to introduce a faultLogger handling the fault
logging in PhaseInterceptorChain, based on the MessageObserver interface. Have PhaseInterceptorChain
calling faultLogger, which then can be replaced by a custom implementation by configuration.
Reasonable?

Tomas

-----Original Message-----
From: Daniel Kulp [mailto:dkulp@apache.org] 
Sent: den 11 november 2009 22:17
To: users@cxf.apache.org
Cc: Tomas Majak
Subject: Re: How to get rid of certain runtime exceptions in the log?


The only thing I can think of would be to subclass the JAXWSMethodInvoker we 
use and override the invoke or createFault things and do:

message.put(FaultMode.class, FaultMode.CHECKED_APPLICATION_FAULT);

if the fault is the security fault.   That would mark it as a checked 
exception and not an unchecked exception.   Checked exceptions are logged at 
INFO level which would allow the other exceptions that are logged at WARNING 
to make it through.    Not sure if that is really enough for you though.  If 
not, a patch adding an enhancement would be good.   :-)

Dan


On Wed November 11 2009 5:28:03 am Tomas Majak wrote:
> Hi,
> 
> I'm using CXF together with Spring Security (Acegi). I have secured my WS
>  methods, with role constraints. I'm also using basic auth, which in most
>  cases leads to requests without credentials first, then I reply
>  HTTP401-USE BASIC AUTH (I have added a interceptor for doing this) Upon
>  receiving 401,  the client will resubmit the SOAP request and supply
>  credentials.
> 
> The problem here is that in the first request, the service (more precise a
>  Spring security interceptor on the POJO), will throw
>  org.springframework.security.AccessDeniedException (RunTime). As described
>  above, this is OK, hence I want the error consumed and nothing logged. BUT
>  reading CXF code, I note that
>  (org.apache.cxf.phase.PhaseInterceptorChain.java) where the exception is
>  caught, there is no possibility to turn off logging for this scenario. The
>  only possible way I found is to set log level ERROR, which will turn of
>  all logging of exceptions, which I don't. I just want this one to be
>  consumed.
> 
> Anyone solved something similar?
> 
> Thanks!
> Tomas
> 

-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog

Mime
View raw message