Re: XWS-Security and service specific fault messages

From: V B Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Tue, 28 Nov 2006 12:10:39 +0530

V B Kumar Jayanti wrote:

> Stuart Dykes wrote:
>> Hi,
>> I have a problem with xws-security and fault messages.
>> In a nutshell, the security policy does not seem to be applied to
>> exceptions (defined as wsdl faults) thrown from my web services.
>> This results in an error at the client side because the fault message
>> does not match the expected security configuration. Is this correct
>> behaviour? Surely there must be a way to sort this out, or does the
>> use of xws-security actually render my custom exceptions useless? I
>> would have thought that a fault message would be treated in the same
>> way as any other SOAP message and encrypted/signed accordingly.
>> Can anyone enlighten me?
> I guess this is a Known issue. Do you want your application faults to
> be secure with the same policy that you have specified for the normal
> operations ?. Please file an issue at and we will
> try to fix this.
> Meantime we really have support for securing faults but that is as
> part of Project WSIT ( where you can specify the
> security policies in the WSDL including fault policies.
> Please post all future issues about security at

Would you be using JAXRPC or JAXWS for your applications ?.