Hi -
I have a requirement that when my service returns an InvalidSecurity
fault, that the fault includes as little information as possible.
Specifically, the fault shouldn't include any WS-Addressing headers, stack
traces, or a variety of other things. I have a CXF interceptor set up to
sanitize faults, which works great on the soap body. But no matter what I
do, my faults always end up with WS-Addressing headers.
The WS-Addressing headers are being added as a result of my output policy
in the WSDL. And for non-fault responses, or for faults that are not
InvalidSecurity, I need to include them. So for the InvalidSecurity case,
I'm attempting to remove them in a Fault Interceptor with code similar to:
if ( message.hasHeaders() ) {
if ( message.hasHeader(Names.WSA_TO_QNAME) ) {
log.info("Removing WS-A To");
Header hdr = message.getHeader(Names.WSA_TO_QNAME);
if ( message.getHeaders().remove(hdr) ) {
log.info("WS-A To successfully removed");
} else {
log.info("WS-A To NOT removed");
}
}
}
This code executes fine, and I see in my logs "Removing WS-A To", followed
by "WS-A To successfully removed". Then I see the fault, and it very
clearly has a wsa:To header in it.
I've tried playing around with the interceptor phase (it is currently in
Phase.MARSHALL) but that hasn't helped at all. Is there some other way to
remove headers during fault processing that anyone can recommend?
Thanx,
Stephen W. Chappell
