Hi,
We are developing a web service using CXF 2.1.1, and we are encrypting/signing all the inbound/outbound messages using WSS4J. Everything works fine until when there is an exception. When an exception is thrown from a web service, it bypasses all the encryption/signing, and return a soap fault back to the client in clear text. Here is an example, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><soap: Fault><faultcode>soap:Server</faultcode><faultstring>VALD001E Missing required field [name]. VALD001E Missing required field [name]. </faultstring><detail><ns1:ValidationException xmlns:ns1="http://service.ws.sspgui.sterlingcommerce.com/"; /></detail></soap:Fault></soap:Body></soap:Envelope> However, since the client is expecting the message to be encrypted and signed, the client will get the following without the original soap fault message, Caused by: org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JI nInterceptor.java:168) What we really want to do is for the client to catch the exception, so it can be handled appropriately. Does anyone know a good solution to this issue? Thanks, Billy
