WSO2Con 2013 CFP Banner

How to stop Axis2 sending stack traces in case of a fault?

Discuss this article on Stack Overflow
By Eran Chinthaka
  • 25 Jul, 2006
  • Level: 
  • Reads: 7637

Apache Axis2 has a configurable way of sending faults to the clients. These fault messages, by default, include an exception stacktrace. In the sample below, You can see a <Exception> element under <soapenv:Detail>.

chinthaka's picture
Eran Chinthaka
Software Engineer
WSO2 Inc.
<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
<soapenv:Header>
..................
.................
</soapenv:Header>
<soapenv:Body>
<soapenv:Fault>
.......................
.......................
<soapenv:Detail>
<Exception>org.apache.axis2.AxisFault:
Service not found operation terminated !!
at org.apache.axis2.engine.InstanceDispatcher.fillContextsFromSessionContext
(InstanceDispatcher.java:112)
at org.apache.axis2.engine.InstanceDispatcher.invoke(InstanceDispatcher.java:63)
at org.apache.axis2.engine.Phase.invoke(Phase.java:380)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:523)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:492)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest
(HTTPTransportUtils.java:284)
at org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:238)
at org.apache.axis2.transport.http.server.DefaultHttpServiceProcessor.doService
(DefaultHttpServiceProcessor.java:177)
at org.apache.http.protocol.HttpService.handleRequest(HttpService.java:123)
at org.apache.axis2.transport.http.server.DefaultHttpServiceProcessor.run
(DefaultHttpServiceProcessor.java:236)
..................................
</Exception>
</soapenv:Detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>

Stack traces are useful in a development setting, but is not a good idea in production environments for security reasons. In Axis2, It is very simple to switch this feature off. Just edit your axis2.xml and set "sendStacktraceDetailsWithFaults" parameter to false. We definitely recommend switching off stack traces in production environments.

<parameter name="sendStacktraceDetailsWithFaults" locked="false">false</parameter>

In addition to this, fault reason text contains a human readable explanation of the error occurred. If one has not explicitly set this, during the creation of the SOAP fault, the fault processor tries to get the message of the exception thrown and set that as the SOAP fault reason. But if this exception is wrapped several times, then the client may not get a meaningful error message. If you wish Axis2 to drill down in the exception hierarchy in order to find the proper message and set that as the SOAP fault reason, then set the "drillDownToRootCauseForFaultReason" parameter to true in the axis2.xml.

<parameter name="drillDownToRootCauseForFaultReason" locked="false">true</parameter>

Applies To:

Apache Axis2/Java 1.0