[
https://issues.apache.org/jira/browse/CXF-6255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14320304#comment-14320304
]
Colm O hEigeartaigh commented on CXF-6255:
------------------------------------------
The purpose of the message is to indicate that a SOAP fault was received with
no security applied to it. It is logged at "WARN", as when WSS4J is configured
via the "action" approach (as opposed to WS-SecurityPolicy), then we don't
enforce security on the incoming SOAP fault. I don't have strong feelings
either way on it, but I would probably just leave the message at WARN as it is.
Colm.
> WSS4JInInterceptor: "Security header, but it's a fault"
> -------------------------------------------------------
>
> Key: CXF-6255
> URL: https://issues.apache.org/jira/browse/CXF-6255
> Project: CXF
> Issue Type: Improvement
> Reporter: Richard O'Sullivan
> Priority: Minor
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> When CXF processes a SoapFault it logs this WARNing: "Request does not
> contain Security header, but it's a fault.". The message is logged from the
> handleMessage at WSS4JInInterceptor in the package
> org.apache.cxf.ws.security.wss4j.
> The message is cryptic but I think it is intended to be an INFO or DEBUG
> instead of a WARN.
> If I'm correct please make this an INFO or a DEBUG; otherwise, rewrite the
> message to indicate a course of action to eliminate the warning.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
