Re: Cannot create a secure XMLInputFactory

I've done a little more digging and the cxf-core jar I built is not throwing the "Cannot create a secure XMLInputFactory". Note the comment: private static boolean setRestrictionProperties(XMLInputFactory factory) { //For now, we can only support Woodstox 4.2.x and newer as none of

Re: Cannot create a secure XMLInputFactory

Yea, unfortunately this is one of those hard to reproduce stand alone apps since I rely on propritary services for the SOAP clients. I'll keep digging based on the error string. I'll check for all instances of it in CXF. On Tue, Oct 18, 2016 at 4:50 PM, Romain Manni-Bucau

Re: Cannot create a secure XMLInputFactory

maybe try to reproduce the issue and share a project on github, would probably be more efficient Romain Manni-Bucau @rmannibucau | Blog | Old Wordpress Blog | Github

Re: Cannot create a secure XMLInputFactory

This string also exists in createXMLInputFactory, but it's not logging there either (in the exception code) :) I added: public static XMLInputFactory createXMLInputFactory(boolean nsAware) { XMLInputFactory factory = null; try { factory =

Re: Cannot create a secure XMLInputFactory

Well i dont see this output as well Le 18 oct. 2016 20:28, "Steve Goldsmith" a écrit : > It didn't throw an exception there then because I added > System.out.println("setProperty error" + t.getStackTrace()); in the catch > section. This method swallows exceptions any ways, so

Re: Cannot create a secure XMLInputFactory

It didn't throw an exception there then because I added System.out.println("setProperty error" + t.getStackTrace()); in the catch section. This method swallows exceptions any ways, so it couldn't be the one throwing the exception? On Tue, Oct 18, 2016 at 2:18 PM, Romain Manni-Bucau

Re: Cannot create a secure XMLInputFactory

I dont see any error there or am i abused by gmail formatting? Le 18 oct. 2016 19:28, "Steve Goldsmith" a écrit : > OK, I made the change: > > private static boolean setProperty(XMLInputFactory f, String p, Object > o) { > try { >

Re: Cannot create a secure XMLInputFactory

OK, I made the change: private static boolean setProperty(XMLInputFactory f, String p, Object o) { try { System.out.println("setProperty f: " + f + " p: " + p + " o:" + o); f.setProperty(p, o); return true; } catch (Throwable t) {

Re: Cannot create a secure XMLInputFactory

for tomee embedded yes Romain Manni-Bucau @rmannibucau | Blog | Old Wordpress Blog | Github | LinkedIn |

Re: Cannot create a secure XMLInputFactory

In other words, if I build a debug logging version of cxf how would I incorporate that into my TomEE embedded test? Can I just add the dependency in Maven or do I have to exclude the version bundled in TomEE? On Tue, Oct 18, 2016 at 11:52 AM, Romain Manni-Bucau wrote: >

Re: Cannot create a secure XMLInputFactory

you should switch them I guess. Generally speaking if you include cxf dependencies in your application there is a property in tomee to ask it to isolate the webapp from the container for cxf - not sure I got your question right. Romain Manni-Bucau @rmannibucau

Re: Cannot create a secure XMLInputFactory

Do I have to exclude current CXF in TomEE dependencies or just include the debug version I'm building? On Tue, Oct 18, 2016 at 2:46 AM, Romain Manni-Bucau wrote: > As mentionned in the previous answer this is not in tomee sources but CXF, > agree it should be logged at

Re: Cannot create a secure XMLInputFactory

Nope, it's the same as the other services. I generate SOAP clients from wsimport and use them in my REST services. I'm not explicitly messing with threading or class loading. I'll see if I can get CXF debug logging in the method you pointed out. On Tue, Oct 18, 2016 at 10:04 AM, Romain

Re: Cannot create a secure XMLInputFactory

One thing that is weird is that it only effect one service on the same endpoint I calling other services. Shouldn't this be happening with all my services? On Tue, Oct 18, 2016 at 2:46 AM, Romain Manni-Bucau wrote: > As mentionned in the previous answer this is not in

Re: Cannot create a secure XMLInputFactory

> From: Steve Goldsmith <sgj...@gmail.com> > To: users@tomee.apache.org, > Date: 18.10.2016 03:31 > Subject: Re: Cannot create a secure XMLInputFactory > > OK, I've built TomEE from source before, but I've not run it in debug mode. > Wouldn't it be just as easy to

Re: Cannot create a secure XMLInputFactory

As mentionned in the previous answer this is not in tomee sources but CXF, agree it should be logged at debug level but with current code debugging is the fastest. Side note: you dont need to build tomee from sources, just need to add cxf-core. Romain Manni-Bucau @rmannibucau

Re: Cannot create a secure XMLInputFactory

OK, I've built TomEE from source before, but I've not run it in debug mode. Wouldn't it be just as easy to simply log vars f, p and o when I build the source? On Mon, Oct 17, 2016 at 5:09 PM, Romain Manni-Bucau wrote: > cxf ones yes, that's as easy as adding cxf-core as

Re: Cannot create a secure XMLInputFactory

cxf ones yes, that's as easy as adding cxf-core as provded dependency, putting a breakpoint on the mentionned line normally and starting tomee in debug mode. Surely the most efficient way to solve it. Romain Manni-Bucau @rmannibucau | Blog

Re: Cannot create a secure XMLInputFactory

You mean set a breakpoint in TomEE source? On Mon, Oct 17, 2016 at 4:43 PM, Romain Manni-Bucau wrote: > If you can put a breakpoint at > https://github.com/apache/cxf/blob/eab841d5477c5e1ed21a49918defa7 >

Re: Cannot create a secure XMLInputFactory

If you can put a breakpoint at https://github.com/apache/cxf/blob/eab841d5477c5e1ed21a49918defa79a0f1ad533/core/src/main/java/org/apache/cxf/staxutils/StaxUtils.java#L381 then you would know immediately why the throwable is thrown. Romain Manni-Bucau @rmannibucau

Re: Cannot create a secure XMLInputFactory

OK, I made the following change and I still get the error: org.jvnet.jaxb2_commons jaxb2-basics-runtime 0.10.0 provided I even tried: org.apache.tomee tomee-jaxrs ${tomee.version}

Re: Cannot create a secure XMLInputFactory

well jaxb is provided and shouldnt be delivered so you have to remove it from WEB-INF/lib. scope=provided should be fine too. Romain Manni-Bucau @rmannibucau | Blog | Old Wordpress Blog |

Re: Cannot create a secure XMLInputFactory

I need JAX-B runtime for code generated by jaxws-maven-plugin and XJC. Everything else is in test scope and not used in the deployed app. org.jvnet.jaxb2_commons jaxb2-basics-runtime 0.10.0 On Mon, Oct 17, 2016 at 1:57 PM, Romain Manni-Bucau

Re: Cannot create a secure XMLInputFactory

~/java/apache-maven-3.3.9/bin/mvn dependency:tree | egrep 'woo|xml|stax' [INFO] | | +- javax.xml.bind:jaxb-api:jar:2.2.6:test [INFO] | | \- com.sun.xml.bind:jaxb-impl:jar:2.2.6:test [INFO] | | | +- org.apache.santuario:xmlsec:jar:2.0.5:test [INFO] | | | | | +-

Re: Cannot create a secure XMLInputFactory

My compile dependencies are (do you see anything that sticks out): org.jsr107.ri cache-annotations-ri-cdi 1.0.0 org.jvnet.jaxb2_commons jaxb2-basics-runtime 0.10.0

Re: Cannot create a secure XMLInputFactory

Hello can happen if you provide some xml libraries in your app - like woodstox or stax*api - and it conflicts at some point. Romain Manni-Bucau @rmannibucau | Blog | Old Wordpress Blog |