tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject Re: Cannot create a secure XMLInputFactory
Date Tue, 18 Oct 2016 16:14:00 GMT
for tomee embedded yes


Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> |  Blog
<https://blog-rmannibucau.rhcloud.com> | Old Wordpress Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
<http://www.tomitribe.com> | JavaEE Factory
<https://javaeefactory-rmannibucau.rhcloud.com>

2016-10-18 18:11 GMT+02:00 Steve Goldsmith <sgjava@gmail.com>:

> In other words, if I build a debug logging version of cxf how would I
> incorporate that into my TomEE embedded test? Can I just add the dependency
> in Maven or do I have to exclude the version bundled in TomEE?
>
> On Tue, Oct 18, 2016 at 11:52 AM, Romain Manni-Bucau <
> rmannibucau@gmail.com>
> wrote:
>
> > you should switch them I guess.
> >
> > Generally speaking if you include cxf dependencies in your application
> > there is a property in tomee to ask it to isolate the webapp from the
> > container for cxf - not sure I got your question right.
> >
> >
> > Romain Manni-Bucau
> > @rmannibucau <https://twitter.com/rmannibucau> |  Blog
> > <https://blog-rmannibucau.rhcloud.com> | Old Wordpress Blog
> > <http://rmannibucau.wordpress.com> | Github <https://github.com/
> > rmannibucau> |
> > LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
> > <http://www.tomitribe.com> | JavaEE Factory
> > <https://javaeefactory-rmannibucau.rhcloud.com>
> >
> > 2016-10-18 17:40 GMT+02:00 Steve Goldsmith <sgjava@gmail.com>:
> >
> > > Do I have to exclude current CXF in TomEE dependencies or just include
> > the
> > > debug version I'm building?
> > >
> > > On Tue, Oct 18, 2016 at 2:46 AM, Romain Manni-Bucau <
> > rmannibucau@gmail.com
> > > >
> > > wrote:
> > >
> > > > As mentionned in the previous answer this is not in tomee sources but
> > > CXF,
> > > > agree it should be logged at debug level but with current code
> > debugging
> > > is
> > > > the fastest.
> > > >
> > > > Side note: you dont need to build tomee from sources, just need to
> add
> > > > cxf-core.
> > > >
> > > >
> > > > Romain Manni-Bucau
> > > > @rmannibucau <https://twitter.com/rmannibucau> |  Blog
> > > > <https://blog-rmannibucau.rhcloud.com> | Old Wordpress Blog
> > > > <http://rmannibucau.wordpress.com> | Github <https://github.com/
> > > > rmannibucau> |
> > > > LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
> > > > <http://www.tomitribe.com> | JavaEE Factory
> > > > <https://javaeefactory-rmannibucau.rhcloud.com>
> > > >
> > > > 2016-10-18 3:31 GMT+02:00 Steve Goldsmith <sgjava@gmail.com>:
> > > >
> > > > > OK, I've built TomEE from source before, but I've not run it in
> debug
> > > > mode.
> > > > > Wouldn't it be just as easy to simply log vars f, p and o when I
> > build
> > > > the
> > > > > source?
> > > > >
> > > > > On Mon, Oct 17, 2016 at 5:09 PM, Romain Manni-Bucau <
> > > > rmannibucau@gmail.com
> > > > > >
> > > > > wrote:
> > > > >
> > > > > > cxf ones yes, that's as easy as adding cxf-core as provded
> > > dependency,
> > > > > > putting a breakpoint on the mentionned line normally and starting
> > > tomee
> > > > > in
> > > > > > debug mode. Surely the most efficient way to solve it.
> > > > > >
> > > > > >
> > > > > > Romain Manni-Bucau
> > > > > > @rmannibucau <https://twitter.com/rmannibucau> |  Blog
> > > > > > <https://blog-rmannibucau.rhcloud.com> | Old Wordpress
Blog
> > > > > > <http://rmannibucau.wordpress.com> | Github <https://github.com/
> > > > > > rmannibucau> |
> > > > > > LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
> > > > > > <http://www.tomitribe.com> | JavaEE Factory
> > > > > > <https://javaeefactory-rmannibucau.rhcloud.com>
> > > > > >
> > > > > > 2016-10-17 22:52 GMT+02:00 Steve Goldsmith <sgjava@gmail.com>:
> > > > > >
> > > > > > > You mean set a breakpoint in TomEE source?
> > > > > > >
> > > > > > > On Mon, Oct 17, 2016 at 4:43 PM, Romain Manni-Bucau <
> > > > > > rmannibucau@gmail.com
> > > > > > > >
> > > > > > > wrote:
> > > > > > >
> > > > > > > > If you can put a breakpoint at
> > > > > > > > https://github.com/apache/cxf/blob/
> > > eab841d5477c5e1ed21a49918defa7
> > > > > > > > 9a0f1ad533/core/src/main/java/org/apache/cxf/staxutils/
> > > > > > > StaxUtils.java#L381
> > > > > > > > then you would know immediately why the throwable
is thrown.
> > > > > > > >
> > > > > > > >
> > > > > > > > Romain Manni-Bucau
> > > > > > > > @rmannibucau <https://twitter.com/rmannibucau>
|  Blog
> > > > > > > > <https://blog-rmannibucau.rhcloud.com> | Old
Wordpress Blog
> > > > > > > > <http://rmannibucau.wordpress.com> | Github
<
> > https://github.com/
> > > > > > > > rmannibucau> |
> > > > > > > > LinkedIn <https://www.linkedin.com/in/rmannibucau>
|
> > Tomitriber
> > > > > > > > <http://www.tomitribe.com> | JavaEE Factory
> > > > > > > > <https://javaeefactory-rmannibucau.rhcloud.com>
> > > > > > > >
> > > > > > > > 2016-10-17 22:41 GMT+02:00 Steve Goldsmith <sgjava@gmail.com
> >:
> > > > > > > >
> > > > > > > > > OK, I made the following change and I still get
the error:
> > > > > > > > >
> > > > > > > > >         <dependency>
> > > > > > > > >             <groupId>org.jvnet.jaxb2_commons</groupId>
> > > > > > > > >             <artifactId>jaxb2-basics-runtime</artifactId>
> > > > > > > > >             <version>0.10.0</version>
> > > > > > > > >             <scope>provided</scope>
> > > > > > > > >         </dependency>
> > > > > > > > >
> > > > > > > > > I even tried:
> > > > > > > > >
> > > > > > > > >         <dependency>
> > > > > > > > >             <groupId>org.apache.tomee</groupId>
> > > > > > > > >             <artifactId>tomee-jaxrs</artifactId>
> > > > > > > > >             <version>${tomee.version}</version>
> > > > > > > > >             <scope>test</scope>
> > > > > > > > >             <exclusions>
> > > > > > > > >                 <exclusion>
> > > > > > > > >                     <groupId>com.sun.xml.bind</groupId>
> > > > > > > > >                     <artifactId>jaxb-impl</artifactId>
> > > > > > > > >                 </exclusion>
> > > > > > > > >             </exclusions>
> > > > > > > > >         </dependency>
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Mon, Oct 17, 2016 at 3:37 PM, Romain Manni-Bucau
<
> > > > > > > > rmannibucau@gmail.com
> > > > > > > > > >
> > > > > > > > > wrote:
> > > > > > > > >
> > > > > > > > > > well jaxb is provided and shouldnt be delivered
so you
> have
> > > to
> > > > > > remove
> > > > > > > > it
> > > > > > > > > > from WEB-INF/lib. scope=provided should
be fine too.
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Romain Manni-Bucau
> > > > > > > > > > @rmannibucau <https://twitter.com/rmannibucau>
|  Blog
> > > > > > > > > > <https://blog-rmannibucau.rhcloud.com>
| Old Wordpress
> > Blog
> > > > > > > > > > <http://rmannibucau.wordpress.com>
| Github <
> > > > https://github.com/
> > > > > > > > > > rmannibucau> |
> > > > > > > > > > LinkedIn <https://www.linkedin.com/in/rmannibucau>
|
> > > > Tomitriber
> > > > > > > > > > <http://www.tomitribe.com> | JavaEE
Factory
> > > > > > > > > > <https://javaeefactory-rmannibucau.rhcloud.com>
> > > > > > > > > >
> > > > > > > > > > 2016-10-17 20:07 GMT+02:00 Steve Goldsmith
<
> > sgjava@gmail.com
> > > >:
> > > > > > > > > >
> > > > > > > > > > > I need JAX-B runtime for code generated
by
> > > jaxws-maven-plugin
> > > > > and
> > > > > > > > XJC.
> > > > > > > > > > > Everything else is in test scope and
not used in the
> > > deployed
> > > > > > app.
> > > > > > > > > > >
> > > > > > > > > > >         <dependency>
> > > > > > > > > > >             <groupId>org.jvnet.jaxb2_commons</groupId>
> > > > > > > > > > >             <artifactId>jaxb2-basics-
> > runtime</artifactId>
> > > > > > > > > > >             <version>0.10.0</version>
> > > > > > > > > > >         </dependency>
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > On Mon, Oct 17, 2016 at 1:57 PM, Romain
Manni-Bucau <
> > > > > > > > > > rmannibucau@gmail.com
> > > > > > > > > > > >
> > > > > > > > > > > wrote:
> > > > > > > > > > >
> > > > > > > > > > > > yep so surely some part of the
app running in a
> > > conflicting
> > > > > > > > > > classloader.
> > > > > > > > > > > > Personally I'd just remove stax2-api,
woodstox and
> jaxb
> > > to
> > > > > > start
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > Romain Manni-Bucau
> > > > > > > > > > > > @rmannibucau <https://twitter.com/rmannibucau>
|
> Blog
> > > > > > > > > > > > <https://blog-rmannibucau.rhcloud.com>
| Old
> Wordpress
> > > > Blog
> > > > > > > > > > > > <http://rmannibucau.wordpress.com>
| Github <
> > > > > > https://github.com/
> > > > > > > > > > > > rmannibucau> |
> > > > > > > > > > > > LinkedIn <https://www.linkedin.com/in/rmannibucau>
|
> > > > > > Tomitriber
> > > > > > > > > > > > <http://www.tomitribe.com>
| JavaEE Factory
> > > > > > > > > > > > <https://javaeefactory-rmannibucau.rhcloud.com>
> > > > > > > > > > > >
> > > > > > > > > > > > 2016-10-17 19:47 GMT+02:00 Steve
Goldsmith <
> > > > sgjava@gmail.com
> > > > > >:
> > > > > > > > > > > >
> > > > > > > > > > > > > ~/java/apache-maven-3.3.9/bin/mvn
dependency:tree
> |
> > > > egrep
> > > > > > > > > > > 'woo|xml|stax'
> > > > > > > > > > > > > [INFO] |  |     +- javax.xml.bind:jaxb-api:jar:2.
> > > > 2.6:test
> > > > > > > > > > > > > [INFO] |  |     \- com.sun.xml.bind:jaxb-impl:
> > > > > jar:2.2.6:test
> > > > > > > > > > > > > [INFO] |  |     |     +-
> org.apache.santuario:xmlsec:
> > > > > > > > > jar:2.0.5:test
> > > > > > > > > > > > > [INFO] |  |     |     | 
|  +-
> > > > > > > > > > > > > org.opensaml:opensaml-xmlsec-api:jar:3.1.1:test
> > > > > > > > > > > > > [INFO] |  |     |     | 
+-
> > > org.opensaml:opensaml-xmlsec-
> > > > > > > > > > > > > impl:jar:3.1.1:test
> > > > > > > > > > > > > [INFO] |  |     +- org.apache.wss4j:wss4j-ws-
> > > > > > > > > > > > security-stax:jar:2.1.4:test
> > > > > > > > > > > > > [INFO] |  |     +-
> > > > > > > > > > > > > org.apache.wss4j:wss4j-ws-
> > > security-policy-stax:jar:2.1.
> > > > > > 4:test
> > > > > > > > > > > > > [INFO] |  |     |  +-
> xml-resolver:xml-resolver:jar:
> > > > > 1.2:test
> > > > > > > > > > > > > [INFO] |  |     |  +- org.apache.cxf:cxf-rt-
> > > > > > > > > > > bindings-xml:jar:3.1.6:test
> > > > > > > > > > > > > [INFO] |  |     \- com.sun.xml.messaging.saaj:
> > > > > > > > > > > saaj-impl:jar:1.3.18:test
> > > > > > > > > > > > > [INFO] |  |  |     +- org.codehaus.woodstox:
> > > > > > > > > > > woodstox-core-asl:jar:4.4.1:
> > > > > > > > > > > > > test
> > > > > > > > > > > > > [INFO] |  |  |     |  \-
> org.codehaus.woodstox:stax2-
> > > > > > > > > > > api:jar:3.1.4:test
> > > > > > > > > > > > > [INFO] |  |  |     \- org.apache.ws.xmlschema:
> > > > > > > > > > > > > xmlschema-core:jar:2.2.1:test
> > > > > > > > > > > > > [INFO] +-
> > > > > > > > > > > > > com.fasterxml.jackson.jaxrs:
> > > jackson-jaxrs-json-provider:
> > > > > > > > > > jar:2.7.4:test
> > > > > > > > > > > > > [INFO] |  +- com.fasterxml.jackson.jaxrs:
> > > > > > > > > > jackson-jaxrs-base:jar:2.7.4:
> > > > > > > > > > > > test
> > > > > > > > > > > > > [INFO] |  +- com.fasterxml.jackson.core:
> > > > > > > > > jackson-core:jar:2.7.4:test
> > > > > > > > > > > > > [INFO] |  +- com.fasterxml.jackson.core:
> > > > > > > > > jackson-databind:jar:2.7.4:
> > > > > > > > > > > test
> > > > > > > > > > > > > [INFO] |  |  \-
> > > > > > > > > > > > > com.fasterxml.jackson.core:
> > > > jackson-annotations:jar:2.7.0:
> > > > > > test
> > > > > > > > > > > > > [INFO] |  \-
> > > > > > > > > > > > > com.fasterxml.jackson.module:jackson-module-jaxb-
> > > > > > > > > > > > > annotations:jar:2.7.4:test
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > On Mon, Oct 17, 2016 at 11:40
AM, Romain
> Manni-Bucau
> > <
> > > > > > > > > > > > > rmannibucau@gmail.com>
> > > > > > > > > > > > > wrote:
> > > > > > > > > > > > >
> > > > > > > > > > > > > > mvn dependency:tree
| egrep 'woo|xml|stax'
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Romain Manni-Bucau
> > > > > > > > > > > > > > @rmannibucau <https://twitter.com/rmannibucau>
|
> > > Blog
> > > > > > > > > > > > > > <https://blog-rmannibucau.rhcloud.com>
| Old
> > > Wordpress
> > > > > > Blog
> > > > > > > > > > > > > > <http://rmannibucau.wordpress.com>
| Github <
> > > > > > > > https://github.com/
> > > > > > > > > > > > > > rmannibucau> |
> > > > > > > > > > > > > > LinkedIn <https://www.linkedin.com/in/
> rmannibucau>
> > |
> > > > > > > > Tomitriber
> > > > > > > > > > > > > > <http://www.tomitribe.com>
| JavaEE Factory
> > > > > > > > > > > > > > <https://javaeefactory-rmannibucau.rhcloud.com>
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > 2016-10-17 17:36 GMT+02:00
Steve Goldsmith <
> > > > > > sgjava@gmail.com
> > > > > > > >:
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > > My compile dependencies
are (do you see
> anything
> > > that
> > > > > > > sticks
> > > > > > > > > > out):
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > >         <dependency>
> > > > > > > > > > > > > > >             <groupId>org.jsr107.ri</groupId>
> > > > > > > > > > > > > > >             <artifactId>cache-annotations-
> > > > > > > > ri-cdi</artifactId>
> > > > > > > > > > > > > > >             <version>1.0.0</version>
> > > > > > > > > > > > > > >         </dependency>
> > > > > > > > > > > > > > >         <dependency>
> > > > > > > > > > > > > > >             <groupId>org.jvnet.jaxb2_
> > > > commons</groupId>
> > > > > > > > > > > > > > >             <artifactId>jaxb2-basics-
> > > > > > runtime</artifactId>
> > > > > > > > > > > > > > >             <version>0.10.0</version>
> > > > > > > > > > > > > > >         </dependency>
> > > > > > > > > > > > > > >         <dependency>
> > > > > > > > > > > > > > >             <groupId>org.slf4j</groupId>
> > > > > > > > > > > > > > >             <artifactId>slf4j-api</artifactId>
> > > > > > > > > > > > > > >             <version>${slf4j.version}</
> version>
> > > > > > > > > > > > > > >         </dependency>
> > > > > > > > > > > > > > >         <dependency>
> > > > > > > > > > > > > > >             <groupId>ch.qos.logback</groupId>
> > > > > > > > > > > > > > >             <artifactId>logback-classic</
> > > artifactId>
> > > > > > > > > > > > > > >             <version>${logback.version}</
> > version>
> > > > > > > > > > > > > > >         </dependency>
> > > > > > > > > > > > > > >         <dependency>
> > > > > > > > > > > > > > >             <groupId>ch.qos.logback</groupId>
> > > > > > > > > > > > > > >             <artifactId>logback-core</
> > artifactId>
> > > > > > > > > > > > > > >             <version>${logback.version}</
> > version>
> > > > > > > > > > > > > > >         </dependency>
> > > > > > > > > > > > > > >         <dependency>
> > > > > > > > > > > > > > >             <groupId>org.apache.commons</
> > groupId>
> > > > > > > > > > > > > > >             <artifactId>commons-pool2</
> > artifactId>
> > > > > > > > > > > > > > >             <version>2.4.2</version>
> > > > > > > > > > > > > > >         </dependency>
> > > > > > > > > > > > > > >         <dependency>
> > > > > > > > > > > > > > >             <groupId>commons-
> > > configuration</groupId>
> > > > > > > > > > > > > > >             <artifactId>commons-
> > > > > > configuration</artifactId>
> > > > > > > > > > > > > > >             <version>1.10</version>
> > > > > > > > > > > > > > >         </dependency>
> > > > > > > > > > > > > > >         <dependency>
> > > > > > > > > > > > > > >             <groupId>org.jasypt</groupId>
> > > > > > > > > > > > > > >             <artifactId>jasypt</artifactId>
> > > > > > > > > > > > > > >             <version>1.9.3-SNAPSHOT</version>
> > > > > > > > > > > > > > >         </dependency>
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > On Mon, Oct 17,
2016 at 11:30 AM, Romain
> > > Manni-Bucau
> > > > <
> > > > > > > > > > > > > > > rmannibucau@gmail.com>
> > > > > > > > > > > > > > > wrote:
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > Hello
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > can happen
if you provide some xml libraries
> in
> > > > your
> > > > > > app
> > > > > > > -
> > > > > > > > > like
> > > > > > > > > > > > > > woodstox
> > > > > > > > > > > > > > > or
> > > > > > > > > > > > > > > > stax*api -
and it conflicts at some point.
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > Romain Manni-Bucau
> > > > > > > > > > > > > > > > @rmannibucau
<https://twitter.com/
> rmannibucau>
> > |
> > > > > Blog
> > > > > > > > > > > > > > > > <https://blog-rmannibucau.rhcloud.com>
| Old
> > > > > Wordpress
> > > > > > > > Blog
> > > > > > > > > > > > > > > > <http://rmannibucau.wordpress.com>
| Github
> <
> > > > > > > > > > https://github.com/
> > > > > > > > > > > > > > > > rmannibucau>
|
> > > > > > > > > > > > > > > > LinkedIn <https://www.linkedin.com/in/
> > > rmannibucau>
> > > > |
> > > > > > > > > > Tomitriber
> > > > > > > > > > > > > > > > <http://www.tomitribe.com>
| JavaEE Factory
> > > > > > > > > > > > > > > > <https://javaeefactory-
> rmannibucau.rhcloud.com
> > >
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > 2016-10-17
17:18 GMT+02:00 sgjava <
> > > > sgjava@gmail.com
> > > > > >:
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > > Periodically
I'm seeing "Cannot create a
> > secure
> > > > > > > > > > > XMLInputFactory"
> > > > > > > > > > > > in
> > > > > > > > > > > > > > > TomEE
> > > > > > > > > > > > > > > > > 7.0.2-SNAPSHOT.
One solution is for CXF
> using
> > > > > > > > > > > > > > > > > -Dorg.apache.cxf.stax.
> allowInsecureParser=1.
> > > > This
> > > > > is
> > > > > > > an
> > > > > > > > > > older
> > > > > > > > > > > > > 7.0.2
> > > > > > > > > > > > > > > from
> > > > > > > > > > > > > > > > > 7/4/16.
> > > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > > --
> > > > > > > > > > > > > > > > > View
this message in context:
> > > > > > > > http://tomee-openejb.979440.
> > > > > > > > > > > > > > > > > n4.nabble.com/Cannot-create-a-
> > > > > > secure-XMLInputFactory-
> > > > > > > > > > > > > tp4680348.html
> > > > > > > > > > > > > > > > > Sent
from the TomEE Users mailing list
> > archive
> > > at
> > > > > > > > > Nabble.com.
> > > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > --
> > > > > > > > > > > > > > > Steven P. Goldsmith
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > --
> > > > > > > > > > > > > Steven P. Goldsmith
> > > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > --
> > > > > > > > > > > Steven P. Goldsmith
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Steven P. Goldsmith
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > Steven P. Goldsmith
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Steven P. Goldsmith
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Steven P. Goldsmith
> > >
> >
>
>
>
> --
> Steven P. Goldsmith
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message