Re: XWS-Security and service specific fault messages

From: V B Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Tue, 28 Nov 2006 12:24:54 +0530

If you are using JAXWS and XWSS 3.0 it should already work you, can you
download and try it out :

    JAXWS 2.1 :
    XWSS 3.0 :

 Note: with XWSS 3.0 there is a single jar xws-security.jar (that
contains all the classes which were earlier packaged under
xws-security.jar, xws-security_jaxrpc.jar and security-plugin.jar).

  If it does not work, or if you need this functionality for JAXRPC
webservices then please file an issue at


V B Kumar Jayanti wrote:

> V B Kumar Jayanti wrote:
>> Stuart Dykes wrote:
>>> Hi,
>>> I have a problem with xws-security and fault messages.
>>> In a nutshell, the security policy does not seem to be applied to
>>> exceptions (defined as wsdl faults) thrown from my web services.
>>> This results in an error at the client side because the fault
>>> message does not match the expected security configuration. Is this
>>> correct behaviour? Surely there must be a way to sort this out, or
>>> does the use of xws-security actually render my custom exceptions
>>> useless? I would have thought that a fault message would be treated
>>> in the same way as any other SOAP message and encrypted/signed
>>> accordingly.
>>> Can anyone enlighten me?
>> I guess this is a Known issue. Do you want your application faults
>> to be secure with the same policy that you have specified for the
>> normal operations ?. Please file an issue at and
>> we will try to fix this.
>> Meantime we really have support for securing faults but that is as
>> part of Project WSIT ( where you can specify the
>> security policies in the WSDL including fault policies.
>> Please post all future issues about security at
> Would you be using JAXRPC or JAXWS for your applications ?.
> regards,
> kumar