Hi,
I am using "UsernameToken" based security filter to prevent unauthorized
request to my web services.
I have configured <jaxws:outFaultInterceptors>" to
"CustomSoapFaultOutInterceptor" which extends "AbstractPhaseInterceptor
<Message>", in my cxf-server.xml
What I want to do is return my own response with status code 200 instead of 500.
Here is how CustomSoapFaultOutInterceptor.java looks like.
public void handleMessage ( Message message ) throws Fault
{
Fault fault = ( Fault ) message.getContent ( Exception.class );
Throwable ex = fault.getCause ( );
if ( ex instanceof WSSecurityException )
{
HttpServletResponse response =
( HttpServletResponse ) message.getExchange ( ).getInMessage (
).get (
AbstractHTTPDestination.HTTP_RESPONSE );
response.setStatus ( 200 );
String Message = "You are not authorized";
response.getOutputStream ( ).write ( Message.getBytes ( ) );
response.getOutputStream ( ).flush ( );
message.getInterceptorChain ( ).abort ( );
}
}
Here is the response which I am getting in case of security failure with status
code as 200.
You are not authorized
I want response something like,
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
<soap:Body>
<ns3:SecurityServiceResponse xmlns="http://..../types";
xmlns:ns2="http://...../types"; xmlns:ns3="http://....../endpoint";>
<ResponseType>FAILURE</ResponseType>
<ResponseCode>SECURITY_001</ResponseCode>
<ResponseMessage>You are not authorized</ResponseMessage>
</ns3: SecurityServiceResponse>
</soap:Body>
</soap:Envelope>
If I don't configure "CustomSoapFaultOutInterceptor" then I am getting "Soap
Fault" with status code 500 but I want normal response with status code 200 and
my own customized message similar to above.
-Bhavin
________________________________
http://www.mindtree.com/email/disclaimer.html
