CXF 2.7.x Woodstox Compatibility via Maven

Question

In the CXF's documentation it is said that the 2.7.x version requires the Woodstox jars not under the 4.2.0 version to be available in the classpath.

Can somebody, please, suggest Maven dependencies for Woodstox to work with CXF?

The main problem is when I try to use the cxf's client, an exception "Cannot create a secure XMLInputFactory" is raised. According to different forums (for example), it is possible to use the "org.apache.cxf.stax.allowInsecureParser" system property to solve the problem, but it seems not a good way. So that maven dependencies are the way to go...

Thanks in advance.

Answer 1

Well, finally I've got a solution. First of all I'd like to thank StaxMan for a help.

My environment is: Weblogic 11g, CXF 2.7.5

The problem is WLS already contains implementations for StAX API and xml parsers that is why an application doesn't see the Woodstox parser when using CXF.

Here is the pom.xml:

        <!-- CXF -->
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-api</artifactId>
        </dependency>

        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-frontend-jaxws</artifactId>
        </dependency>

        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-transports-http</artifactId>
        </dependency>

and the main part -- the weblogic-application.xml located in the resources/META-INF/ :

    <prefer-application-packages>
        <package-name>com.ctc.wstx.*</package-name>
        <package-name>org.apache.*</package-name>
    </prefer-application-packages>

Be aware of the fact that if do so there may occure the "NoClassDefinition" errors. If so, please, add maven dependencies that contain missing classes.

Hope this helps somebody.

Answer 2

This worked for me without prefer-application-packages impl:

<dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-frontend-jaxws</artifactId>
            <version>${cxf.version}</version>
            <exclusions>
                <exclusion>
                    <groupId>com.sun.xml.bind</groupId>
                    <artifactId>jaxb-impl</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

        <dependency>
            <groupId>com.sun.xml.bind</groupId>
            <artifactId>jaxb-impl</artifactId>
            <version>2.2.2</version>
        </dependency>
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-transports-http</artifactId>
            <version>${cxf.version}</version>
        </dependency>
        <!-- Jetty is needed if you're using the CXFServlet -->
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-transports-http-jetty</artifactId>
            <version>${cxf.version}</version>
        </dependency>

Answer 3

The only way for now I can solve the problem is to add such lines in the spring's context:

<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
    <property name="targetObject">
        <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
            <property name="targetClass" value="java.lang.System" />
            <property name="targetMethod" value="getProperties" />
        </bean>
    </property>
    <property name="targetMethod" value="putAll" />
    <property name="arguments">
        <util:properties>
            <prop key="org.apache.cxf.stax.allowInsecureParser">true</prop>
        </util:properties>
    </property>
</bean>