[
https://issues.apache.org/jira/browse/CXF-4684?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13538428#comment-13538428
]
Aki Yoshida commented on CXF-4684:
----------------------------------
Hi Bin,
As you probably followed the discussion above, I modified the previous change
so that you can still configure CXF to construct the faulstring using
cause.toString() for no-message runtime exception without the message but keep
us all on the safer side from the security perspective.
In short, to enable this configuration, you can set the endpoint property
exceptionMessageCauseEnabled as described in
http://cxf.apache.org/docs/debugging-and-logging.html#DebuggingandLogging-Stacktraceinfaultdetails
Programmatically, you can use the following constant from Message, as in
ep.getProperties().put(org.apache.cxf.message.Message.EXCEPTION_MESSAGE_CAUSE_ENABLED,
"true")
I hope you are satisfied with solution.
Thanks.
regards, aki
> SOAPFault message improvement in CXF when there is unchecked NPE
> ----------------------------------------------------------------
>
> Key: CXF-4684
> URL: https://issues.apache.org/jira/browse/CXF-4684
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.6.2
> Reporter: Bin Zhu
> Assignee: Aki Yoshida
> Attachments: CXF-4684.patch
>
>
> When there is unchecked NPE thrown, the SOAPFault in CXF will only throw the
> "Fault occurred while processing." message rather than the original NPE
> message.
> Analysis:
> 1. In org.apache.cxf.binding.soap.interceptor.Soap11FaultOutInterceptor and
> org.apache.cxf.binding.soap.interceptor.Soap12FaultOutInterceptor,
> It will check fault.getMessage() :
> if (fault.getMessage() != null) {
> if (message.get("forced.faultstring") != null) {
> writer.writeCharacters((String)
> message.get("forced.faultstring"));
> } else {
> writer.writeCharacters(fault.getMessage());
> }
> } else {
> writer.writeCharacters("Fault occurred while
> processing.");
> }
> But for NPE, the fault.getMessage() will return null instead of the
> "java.lang.NullPointerException" in the getMessage() in NPE.
> 2.
> Fault.getMessage will return null in the NPE scenario while it's super class
> Throwable will not.
> When there is NPE, the message attribute in Fault is null while the
> detailMessageAtrribute is "java.lang.NullPointerException".
> Details:
> SoapFault->Fault->UncheckedException->RuntimeException->Exception->Throwable.
> // SoapFault->Fault means SoapFault class extends Fault class
> UncheckedException.getMessage:
> public String getMessage() {
> if (null != message) {
> return message.toString();
> }
> return null;
> }
> Throwable.getMessage:
> public String getMessage() {
> return detailMessage;
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
