XWS-Security and service specific fault messages

From: Stuart Dykes <>
Date: Mon, 20 Nov 2006 16:40:01 -0000


I have a problem with xws-security and fault messages.

In a nutshell, the security policy does not seem to be applied to
exceptions (defined as wsdl faults) thrown from my web services. This
results in an error at the client side because the fault message does
not match the expected security configuration. Is this correct
behaviour? Surely there must be a way to sort this out, or does the use
of xws-security actually render my custom exceptions useless? I would
have thought that a fault message would be treated in the same way as
any other SOAP message and encrypted/signed accordingly.

Can anyone enlighten me?