Re: XWS-Security and service specific fault messages

From: V B Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Tue, 28 Nov 2006 11:59:19 +0530

Stuart Dykes wrote:

> Hi,
> I have a problem with xws-security and fault messages.
> In a nutshell, the security policy does not seem to be applied to
> exceptions (defined as wsdl faults) thrown from my web services. This
> results in an error at the client side because the fault message does
> not match the expected security configuration. Is this correct
> behaviour? Surely there must be a way to sort this out, or does the
> use of xws-security actually render my custom exceptions useless? I
> would have thought that a fault message would be treated in the same
> way as any other SOAP message and encrypted/signed accordingly.
> Can anyone enlighten me?
I guess this is a Known issue. Do you want your application faults to
be secure with the same policy that you have specified for the normal
operations ?. Please file an issue at and we will
try to fix this.

Meantime we really have support for securing faults but that is as part
of Project WSIT ( where you can specify the security
policies in the WSDL including fault policies.

Please post all future issues about security at


> Regards,
> Stuart