Software Development

Log Unencrypted SoapFault Messages in Apache CXF

This post demonstrates how to log unencrypted SoapFault messages in client applications. WS-Security is in used especially encryption and decryption.


  • SOAP 1.2
  • Java 8
  • Apache CXF 2.7.18
    • cxf-bundle version 2.7.18
  • Encryption and decryption on the client application work


Consider the following log fragment. It shows the stacktrace of an Exception.


Usually, there are no other details are logged except for the short message plus the faultCode and an encrypted SOAP response message (SoapFault) with Response-Code: 500.

Fault Interceptors

To log the unencrypted SoapFault messages, we need to configure our org.apache.cxf.endpoint.Client object to use interceptors to handle faults. For our purpose, we can use 2 interceptors – a custom interceptor and org.apache.cxf.binding.soap.interceptor.Soap12FaultInInterceptor.


This interceptor generally sets the “Exception” content of the incoming SoapMessage object. The incoming message is a basically an Exception (a Fault). See line 47 on the screenshot below.

For SOAP1.1, please use org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.

A Custom Interceptor

In this custom interceptor, we used Phase.POST_INVOKE. For Soap12FaultInInterceptor,  the codes use the “unmarshalled” String object. These mean that our custom interceptor is used after the Soap12FaultInInterceptor.

Configure Client

We then need to configure our Client object by adding the interceptor objects to the list of “InFault” interceptors.

Sample Log

You Might Also Like