[
https://issues.apache.org/jira/browse/CXF-4684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13534306#comment-13534306
]
Glen Mazza commented on CXF-4684:
---------------------------------
Thanks. A configuration property seems like a very workable idea; if you go
that route you might wish to default it to what it was before this patch was
applied, lest we wait and end up needing to default it to the less-secure
option out of concern for backwards compatibility. Also, by keeping "Fault
occurred while processing" as the default we can get people wanting something
else to show up on the mailing list, where we can (1) inform them of this new
property and (2) make sure they are in fact aware that they shouldn't be
sending sensitive internal error messages back to the client (if that is, in
fact, their intention.)
> SOAPFault message improvement in CXF when there is unchecked NPE
> ----------------------------------------------------------------
>
> Key: CXF-4684
> URL: https://issues.apache.org/jira/browse/CXF-4684
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.6.2
> Reporter: Bin Zhu
> Assignee: Aki Yoshida
> Attachments: CXF-4684.patch
>
>
> When there is unchecked NPE thrown, the SOAPFault in CXF will only throw the
> "Fault occurred while processing." message rather than the original NPE
> message.
> Analysis:
> 1. In org.apache.cxf.binding.soap.interceptor.Soap11FaultOutInterceptor and
> org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor,
> It will check fault.getMessage() :
> if (fault.getMessage() != null) {
> if (message.get("forced.faultstring") != null) {
> writer.writeCharacters((String)
> message.get("forced.faultstring"));
> } else {
> writer.writeCharacters(fault.getMessage());
> }
> } else {
> writer.writeCharacters("Fault occurred while
> processing.");
> }
> But for NPE, the fault.getMessage() will return null instead of the
> "java.lang.NullPointerException" in the getMessage() in NPE.
> 2.
> Fault.getMessage will return null in the NPE scenario while it's super class
> Throwable will not.
> When there is NPE, the message attribute in Fault is null while the
> detailMessageAtrribute is "java.lang.NullPointerException".
> Details:
> SoapFault->Fault->UncheckedException->RuntimeException->Exception->Throwable.
> // SoapFault->Fault means SoapFault class extends Fault class
> UncheckedException.getMessage:
> public String getMessage() {
> if (null != message) {
> return message.toString();
> }
> return null;
> }
> Throwable.getMessage:
> public String getMessage() {
> return detailMessage;
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
