There is no way of returning the actual underlying exception to the client, as this could leak sensitive information to an attacker. Why do you need to differentiate between different exception types on the client end?
Colm. On Thu, Jan 30, 2014 at 7:16 PM, Ted <[email protected]> wrote: > Hi I'm on cxf 2.7.4, > > On the server, in the UsernameTokenValidator.verifyPlaintextPassword(), > if the user/password is invalid I'm throwing a > new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION). > > The problem is on the client side, all I'm getting is : > javax.xml.ws.soap.SOAPFaultException: The security token could not > be authenticated or authorized > ... > Caused by: org.apache.cxf.binding.soap.SoapFault: The security token > could > not be authenticated or authorized > > So I can see the logic is all working properly, however, on the client > side, > short of parsing some random text "could not be authenticated" and > hoping it doesn't change, there's no way for me to determine that it > was a failed authentication v.s. any other soap fault. > > i.e. on the client side I want to od (but can't do) "catch > (WSSecurityException e)". > > Does anyone know if there's a configuration or something I can change > so the exception makes it over to the client side so I can properly > determine that it was actually security exception? > -- > Ted. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
