You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Bhavin Pandya <Bh...@mindtree.com> on 2011/11/21 06:23:54 UTC
How to return response with 200 code in case security failure
Hi,
I am using "UsernameToken" based security filter to prevent unauthorized request to my web services.
I have configured <jaxws:outFaultInterceptors>" to "CustomSoapFaultOutInterceptor" which extends "AbstractPhaseInterceptor <Message>", in my cxf-server.xml
What I want to do is return my own response with status code 200 instead of 500.
Here is how CustomSoapFaultOutInterceptor.java looks like.
public void handleMessage ( Message message ) throws Fault
{
Fault fault = ( Fault ) message.getContent ( Exception.class );
Throwable ex = fault.getCause ( );
if ( ex instanceof WSSecurityException )
{
HttpServletResponse response =
( HttpServletResponse ) message.getExchange ( ).getInMessage ( ).get (
AbstractHTTPDestination.HTTP_RESPONSE );
response.setStatus ( 200 );
String Message = "You are not authorized";
response.getOutputStream ( ).write ( Message.getBytes ( ) );
response.getOutputStream ( ).flush ( );
message.getInterceptorChain ( ).abort ( );
}
}
Here is the response which I am getting in case of security failure with status code as 200.
You are not authorized
I want response something like,
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<ns3:SecurityServiceResponse xmlns="http://..../types" xmlns:ns2="http://...../types" xmlns:ns3="http://....../endpoint">
<ResponseType>FAILURE</ResponseType>
<ResponseCode>SECURITY_001</ResponseCode>
<ResponseMessage>You are not authorized</ResponseMessage>
</ns3: SecurityServiceResponse>
</soap:Body>
</soap:Envelope>
If I don't configure "CustomSoapFaultOutInterceptor" then I am getting "Soap Fault" with status code 500 but I want normal response with status code 200 and my own customized message similar to above.
-Bhavin
________________________________
http://www.mindtree.com/email/disclaimer.html