Published on WSO2 Oxygen Tank (http://wso2.org)

How to stop Axis2 sending stack traces in case of a fault?

By chinthaka
Created 2006-07-24 23:56

Apache Axis2 has a configurable way [0] of sending faults to the clients. These fault messages, by default, include an exception stacktrace. In the sample below, You can see a <Exception> element under <soapenv:Detail>.

<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
   <soapenv:Header>
       ..................
       .................
    </soapenv:Header>
    <soapenv:Body>
       <soapenv:Fault>
         .......................
         .......................
          <soapenv:Detail>
            <Exception>org.apache.axis2.AxisFault: 
            Service not found operation terminated !!
at org.apache.axis2.engine.InstanceDispatcher.fillContextsFromSessionContext
(InstanceDispatcher.java:112)                    
at org.apache.axis2.engine.InstanceDispatcher.invoke(InstanceDispatcher.java:63)
at org.apache.axis2.engine.Phase.invoke(Phase.java:380)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:523)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:492)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest
(HTTPTransportUtils.java:284)                  
at org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:238)
at org.apache.axis2.transport.http.server.DefaultHttpServiceProcessor.doService
(DefaultHttpServiceProcessor.java:177)        
at org.apache.http.protocol.HttpService.handleRequest(HttpService.java:123)
at org.apache.axis2.transport.http.server.DefaultHttpServiceProcessor.run
(DefaultHttpServiceProcessor.java:236)        
              ..................................
            </Exception>
         </soapenv:Detail>
      </soapenv:Fault>
   </soapenv:Body>
</soapenv:Envelope>

Stack traces are useful in a development setting, but is not a good idea in production environments for security reasons. In Axis2, It is very simple to switch this feature off. Just edit your axis2.xml and set "sendStacktraceDetailsWithFaults" parameter to false. We definitely recommend switching off stack traces in production environments.

<parameter name="sendStacktraceDetailsWithFaults" locked="false">false</parameter>

In addition to this, fault reason text contains a human readable explanation of the error occurred. If one has not explicitly set this, during the creation of the SOAP fault, the fault processor tries to get the message of the exception thrown and set that as the SOAP fault reason. But if this exception is wrapped several times, then the client may not get a meaningful error message. If you wish Axis2 to drill down in the exception hierarchy in order to find the proper message and set that as the SOAP fault reason, then set the "drillDownToRootCauseForFaultReason" parameter to true in the axis2.xml.

<parameter name="drillDownToRootCauseForFaultReason" locked="false">true</parameter>

Applies To:

Apache Axis2/Java 1.0

Source URL:
http://wso2.org/library/220