Announcement Announcement Module
No announcement yet.
Wss4jSecurityInterceptor 's handleFault: not programmed to return a secured message Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wss4jSecurityInterceptor 's handleFault: not programmed to return a secured message


    I secured my webservices with WSSE Signature, Timestamp and Encryption. I have noticed that my response messages are not encrypted or signed when a (XSD) validation error occurs.

    I checked out the Spring WS sourcecode of Wss4JSecurityInterceptor class implementation and discovered that handleFault is will not secure my soap fault messages. (So it is said in the comments. v2.0.1).

    Is there a reason for not securing (i.e. signature, encryption) soap faults?

    My code triggers soap faults whenever a validationexception is thrown. There are business specific details in my exception and eventually in my fault message, which I would rather see encrypted.


  • #2
    Possible solution for this problem: SWS-519

    This is more a follow up on my question earlier posted...

    I Googled my way through where I learned that someone had already submitted a patch for making Soap Fault messages secured. Apparently, this proposal had already been submitted during R1.5.9 of Spring WS.

    @Arjen, Tareq:
    I have checked the history log of this issue (SWS-519), but have not found much info on this matter. What is the likelihood of committing this change request in the next release of Spring WS?

    May be there is a reason not to secure faults...which I am not aware of. If that's the case I am gladly to hear the arguments. :-)