I have an CXF client to hit an external CXF endpoint that implements WSS4J. I am able to pass well formed messages to endpoint successfully. If my request is say missing a few mandatory fields, I get a security exception and the actual SoapFault is lost because when an SoapFault is generated the response is not encrypted.
How do we fix this scenario - can the input be set to process the WSS4J actions which are actually present in the response. Here is my inbound security configuration
<bean id="inbound-security" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature Encrypt" />
<entry key="signaturePropFile" value="${encryptionPropFile}" />
<entry key="decryptionPropFile" value="${signaturePropFile}" />
<entry key="passwordCallbackClass" value="WSS4JPasswordCallback" />
</map>
</constructor-arg>
</bean>
I was able to solve this by using Security policy rather than configuring WSS4JInInterceptor - the WSDL had included the security policy and encryption is not set for SoapFaults.