Hi Dan,
There are some other place which need to know about the cause of soap
fault such as In the
org.apache.cxf.databinding.source.XMLStreamDataReader, if there are some
saop fault is throw from it, we can't know what exactly error from the
client side.
If the CXF server is put into production, and client is developed by the
other people outside the company, it will be very difficult for the
client to trace the real error if the CXF doesn't send the cause of
exception back to the client.
Because there are lots of place that CXF throws the Fault/SOAPFault
message, I changed the Fault class for it.
Willem
On 4/6/11 6:35 PM, Daniel Kulp wrote:
I think I'm -1 to this change. To me, this looks like it may leak security
information and such to the client.
The only message sent back to the client should be the top level message.
The "causes" should be logged server side and not reflected back. If there
are certain places where we CAN send back a specific cause, we should just do
that. We specifically don't send the stacks and such back to the client (by
default) exactly for that reason.
In the case of the SAAJIn, if it's an XMLStreamException, just do something
like:
throw new SoapFault(new org.apache.cxf.common.i18n.Message(
e.getMessage(), BUNDLE), e, message
.getVersion().getSender());
Dan
On Wednesday 06 April 2011 6:21:42 AM [email protected] wrote:
Author: ningjiang
Date: Wed Apr 6 10:21:42 2011
New Revision: 1089385
URL: http://svn.apache.org/viewvc?rev=1089385&view=rev
Log:
CXF-3442 Fault should not swallow the cause exception message
Modified:
cxf/trunk/api/src/main/java/org/apache/cxf/interceptor/Fault.java
Modified: cxf/trunk/api/src/main/java/org/apache/cxf/interceptor/Fault.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/in
terceptor/Fault.java?rev=1089385&r1=1089384&r2=1089385&view=diff
==========================================================================
==== --- cxf/trunk/api/src/main/java/org/apache/cxf/interceptor/Fault.java
(original) +++
cxf/trunk/api/src/main/java/org/apache/cxf/interceptor/Fault.java Wed Apr
6 10:21:42 2011 @@ -44,7 +44,13 @@ public class Fault extends
UncheckedExce
public Fault(Message message, Throwable throwable) {
super(message, throwable);
- this.message = message.toString();
+ StringBuffer buffer = new StringBuffer();
+ buffer.append(message.toString());
+ if (throwable != null) {
+ buffer.append(" Caused by :");
+ buffer.append(throwable.getMessage());
+ }
+ this.message = buffer.toString();
code = FAULT_CODE_SERVER;
}
--
Willem
----------------------------------
FuseSource
Web: http://www.fusesource.com
Blog: http://willemjiang.blogspot.com (English)
http://jnn.javaeye.com (Chinese)
Twitter: willemjiang
Connect at CamelOne May 24-26
The Open Source Integration Conference
http://camelone.com
