This rule flags calls to the methods that retrieve SOAP faults and strings. The default fault codes and strings returned by the web services runtime environments changed in WebSphere Application Server V8.
Specifically, the following methods are flagged
The changes to the default fault codes and strings were made to fix a potential security exposure related to web services using XML encryption. As part of the fix, detailed information is removed from any SOAP fault generated by the web services runtime environment. By default in Version 8, the web service runtime environments unify all faults generated by the runtime environment to a single type of fault containing a fault code of soapenv:Server and a fault string of Internal Error .
If your application expects detailed information from runtime environment fault codes or strings, you may need to modify your application. You can also use the webservices.unify.faults Java virtual machine custom property to change the default behavior. To revert to the behavior of the previous release, set webservices.unify.faults to false .
Prior to WebSphere Application Server V8, the default behavior is to return detailed information in the fault code or string. This issue was fixed also in the services streams including 6.0.2, 6.1, and 7.0, but the default behavior in those releases remains unchanged. For the service releases, webservices.unify.faults has a default value of false . Change that value to true to get the same behavior as Version 8 in those releases.
JAX-WS example:In both of these examples, calls to the getFaultCode() and getFaultString() methods would be flagged.
For additional information see: