I have configured a Wss4jSecurityInterceptor with a SpringPlainTextPasswordValidationCallbackHandler. When I supply invalid credentials, the fault string returned in the response is more verbose than I would like, as it makes reference (redundently) to the underlying exceptions:

Code:
<SOAP-ENV:Fault>
<faultcode>SOAP-ENV:Client</faultcode>
<faultstring xml:lang="en">
The security token could not be authenticated or authorized; nested exception is:
org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized; nested exception is
org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized; nested exception is:
org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized
</faultstring>
</SOAP-ENV:Fault>
Thinking that this was being generated by the default endpoint exception resolver, I attempted to use a SoapFaultMappingExceptionResolver to provide my own fault string. When this didn't work, I studied the code and found that the security interceptor is catching the exception and generating the fault internally in AbstractWsSecurityInterceptor.handleValidationExce ption().

Thus, it looks like the only way to customize the fault string and avoid sending the above mess back to the client is to extend Wss4jSecurityInterceptor and override handleFaultException with a custom implementation. Is there a better alternative, and if not, should there be?

Thanks!

Marc