For any bad XML, by default the Jersey - JaxB throws the following: Method failed: HTTP/1.1 400 Bad Request
My client(REST ws user) is insisting on giving a full blown info about the problem in the XML.
Is it wise to give the stack trace of the problem in the XML?
While debugging an application, it is fine to display a stack trace if it helps you to isolate a problem and fix it. When, however, the application reaches a production server, you should always disable the output of error messages, including stack traces.
Error messages and stack traces often include sensitive information in them. A hacker might use this information to learn about the environment, software versions, users, data, etc., knowledge of which might make it easier for a hacker to break into the system.
Unintentional information exposure through error messages, CWE-209, is among the top 25 common weaknesses in software as rated by CWE/SANS.