tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Goldsmith <sgj...@gmail.com>
Subject Re: Cannot create a secure XMLInputFactory
Date Mon, 17 Oct 2016 17:47:25 GMT
~/java/apache-maven-3.3.9/bin/mvn dependency:tree | egrep 'woo|xml|stax'
[INFO] |  |     +- javax.xml.bind:jaxb-api:jar:2.2.6:test
[INFO] |  |     \- com.sun.xml.bind:jaxb-impl:jar:2.2.6:test
[INFO] |  |     |     +- org.apache.santuario:xmlsec:jar:2.0.5:test
[INFO] |  |     |     |  |  +-
org.opensaml:opensaml-xmlsec-api:jar:3.1.1:test
[INFO] |  |     |     |  +- org.opensaml:opensaml-xmlsec-impl:jar:3.1.1:test
[INFO] |  |     +- org.apache.wss4j:wss4j-ws-security-stax:jar:2.1.4:test
[INFO] |  |     +-
org.apache.wss4j:wss4j-ws-security-policy-stax:jar:2.1.4:test
[INFO] |  |     |  +- xml-resolver:xml-resolver:jar:1.2:test
[INFO] |  |     |  +- org.apache.cxf:cxf-rt-bindings-xml:jar:3.1.6:test
[INFO] |  |     \- com.sun.xml.messaging.saaj:saaj-impl:jar:1.3.18:test
[INFO] |  |  |     +- org.codehaus.woodstox:woodstox-core-asl:jar:4.4.1:test
[INFO] |  |  |     |  \- org.codehaus.woodstox:stax2-api:jar:3.1.4:test
[INFO] |  |  |     \- org.apache.ws.xmlschema:xmlschema-core:jar:2.2.1:test
[INFO] +-
com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.7.4:test
[INFO] |  +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:2.7.4:test
[INFO] |  +- com.fasterxml.jackson.core:jackson-core:jar:2.7.4:test
[INFO] |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.7.4:test
[INFO] |  |  \-
com.fasterxml.jackson.core:jackson-annotations:jar:2.7.0:test
[INFO] |  \-
com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.7.4:test


On Mon, Oct 17, 2016 at 11:40 AM, Romain Manni-Bucau <rmannibucau@gmail.com>
wrote:

> mvn dependency:tree | egrep 'woo|xml|stax'
>
>
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> |  Blog
> <https://blog-rmannibucau.rhcloud.com> | Old Wordpress Blog
> <http://rmannibucau.wordpress.com> | Github <https://github.com/
> rmannibucau> |
> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
> <http://www.tomitribe.com> | JavaEE Factory
> <https://javaeefactory-rmannibucau.rhcloud.com>
>
> 2016-10-17 17:36 GMT+02:00 Steve Goldsmith <sgjava@gmail.com>:
>
> > My compile dependencies are (do you see anything that sticks out):
> >
> >         <dependency>
> >             <groupId>org.jsr107.ri</groupId>
> >             <artifactId>cache-annotations-ri-cdi</artifactId>
> >             <version>1.0.0</version>
> >         </dependency>
> >         <dependency>
> >             <groupId>org.jvnet.jaxb2_commons</groupId>
> >             <artifactId>jaxb2-basics-runtime</artifactId>
> >             <version>0.10.0</version>
> >         </dependency>
> >         <dependency>
> >             <groupId>org.slf4j</groupId>
> >             <artifactId>slf4j-api</artifactId>
> >             <version>${slf4j.version}</version>
> >         </dependency>
> >         <dependency>
> >             <groupId>ch.qos.logback</groupId>
> >             <artifactId>logback-classic</artifactId>
> >             <version>${logback.version}</version>
> >         </dependency>
> >         <dependency>
> >             <groupId>ch.qos.logback</groupId>
> >             <artifactId>logback-core</artifactId>
> >             <version>${logback.version}</version>
> >         </dependency>
> >         <dependency>
> >             <groupId>org.apache.commons</groupId>
> >             <artifactId>commons-pool2</artifactId>
> >             <version>2.4.2</version>
> >         </dependency>
> >         <dependency>
> >             <groupId>commons-configuration</groupId>
> >             <artifactId>commons-configuration</artifactId>
> >             <version>1.10</version>
> >         </dependency>
> >         <dependency>
> >             <groupId>org.jasypt</groupId>
> >             <artifactId>jasypt</artifactId>
> >             <version>1.9.3-SNAPSHOT</version>
> >         </dependency>
> >
> >
> > On Mon, Oct 17, 2016 at 11:30 AM, Romain Manni-Bucau <
> > rmannibucau@gmail.com>
> > wrote:
> >
> > > Hello
> > >
> > > can happen if you provide some xml libraries in your app - like
> woodstox
> > or
> > > stax*api - and it conflicts at some point.
> > >
> > >
> > > Romain Manni-Bucau
> > > @rmannibucau <https://twitter.com/rmannibucau> |  Blog
> > > <https://blog-rmannibucau.rhcloud.com> | Old Wordpress Blog
> > > <http://rmannibucau.wordpress.com> | Github <https://github.com/
> > > rmannibucau> |
> > > LinkedIn <https://www.linkedin.com/in/rmannibucau> | Tomitriber
> > > <http://www.tomitribe.com> | JavaEE Factory
> > > <https://javaeefactory-rmannibucau.rhcloud.com>
> > >
> > > 2016-10-17 17:18 GMT+02:00 sgjava <sgjava@gmail.com>:
> > >
> > > > Periodically I'm seeing "Cannot create a secure XMLInputFactory" in
> > TomEE
> > > > 7.0.2-SNAPSHOT. One solution is for CXF using
> > > > -Dorg.apache.cxf.stax.allowInsecureParser=1. This is an older 7.0.2
> > from
> > > > 7/4/16.
> > > >
> > > >
> > > >
> > > > --
> > > > View this message in context: http://tomee-openejb.979440.
> > > > n4.nabble.com/Cannot-create-a-secure-XMLInputFactory-tp4680348.html
> > > > Sent from the TomEE Users mailing list archive at Nabble.com.
> > > >
> > >
> >
> >
> >
> > --
> > Steven P. Goldsmith
> >
>



-- 
Steven P. Goldsmith

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message