分类:
版权声明:本文为博主原创文章,未经博主允许不得转载。
需求是这样的:现在写了一个调用webservice的程序,而需要将这个程序部署到jboss5.x服务器上来供前端调用,在本地调用webservice没有问题,但是部署到服务器上就会报这个错误了。
java.lang.RuntimeException: Cannot create a secure XMLInputFactory
at org.apache.cxf.staxutils.StaxUtils.createXMLInputFactory(StaxUtils.java:315)
at org.apache.cxf.staxutils.StaxUtils.getXMLInputFactory(StaxUtils.java:265)
at org.apache.cxf.staxutils.StaxUtils.createXMLStreamReader(StaxUtils.java:1701)
at org.apache.cxf.interceptor.StaxInInterceptor.handleMessage(StaxInInterceptor.java:123)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:802)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1638)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1527)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1330)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:638)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
网上众说纷纭,也不知道该如何解决,看来还是直接看源码吧。
public static XMLInputFactory createXMLInputFactory(boolean nsAware) {
XMLInputFactory factory = null;
try {
factory = XMLInputFactory.newInstance();
} catch (Throwable t) {
factory = null;
}
if (factory == null || !setRestrictionProperties(factory)) {
try {
factory = createWoodstoxFactory();
} catch (Throwable t) {
//ignore for now
}
if (!setRestrictionProperties(factory)) {
if (allowInsecureParser) {
LOG.log(Level.WARNING, "INSECURE_PARSER_DETECTED", factory.getClass().getName());
} else {
throw new RuntimeException("Cannot create a secure XMLInputFactory");
}
}
}
setProperty(factory, XMLInputFactory.IS_NAMESPACE_AWARE, nsAware);
setProperty(factory, XMLInputFactory.SUPPORT_DTD, Boolean.FALSE);
setProperty(factory, XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.FALSE);
setProperty(factory, XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
factory.setXMLResolver(new XMLResolver() {
public Object resolveEntity(String publicID, String systemID,
String baseURI, String namespace)
throws XMLStreamException {
throw new XMLStreamException("Reading external entities is disabled");
}
});
return factory;
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
从源代码可以看出,抛出异常的原因是allowInsecureParser为false,那我们再看看allowInsecureParser到底是何方神圣。
static {
int i = getInteger("org.apache.cxf.staxutils.pool-size", 20);
NS_AWARE_INPUT_FACTORY_POOL = new ArrayBlockingQueue<XMLInputFactory>(i);
OUTPUT_FACTORY_POOL = new ArrayBlockingQueue<XMLOutputFactory>(i);
//old names
innerElementCountThreshold = getInteger(INNER_ELEMENT_COUNT_SYSTEM_PROP, innerElementCountThreshold);
innerElementLevelThreshold = getInteger(INNER_ELEMENT_LEVEL_SYSTEM_PROP, innerElementLevelThreshold);
//new names
innerElementCountThreshold = getInteger(MAX_CHILD_ELEMENTS, innerElementCountThreshold);
innerElementLevelThreshold = getInteger(MAX_ELEMENT_DEPTH, innerElementLevelThreshold);
maxAttributeCount = getInteger(MAX_ATTRIBUTE_COUNT, maxAttributeCount);
maxAttributeSize = getInteger(MAX_ATTRIBUTE_SIZE, maxAttributeSize);
maxTextLength = getInteger(MAX_TEXT_LENGTH, maxTextLength);
maxElementCount = getLong(MAX_ELEMENT_COUNT, maxElementCount);
maxXMLCharacters = getLong(MAX_XML_CHARACTERS, maxXMLCharacters);
**String s = SystemPropertyAction.getPropertyOrNull(ALLOW_INSECURE_PARSER);**
if (!StringUtils.isEmpty(s)) {
allowInsecureParser = "1".equals(s) || Boolean.parseBoolean(s);
}
XMLInputFactory xif = null;
try {
xif = createXMLInputFactory(true);
String xifClassName = xif.getClass().getName();
if (!xifClassName.contains("ctc.wstx") && !xifClassName.contains("xml.xlxp")
&& !xifClassName.contains("xml.xlxp2") && !xifClassName.contains("bea.core")) {
xif = null;
}
} catch (Throwable t) {
//ignore, can always drop down to the pooled factories
xif = null;
}
SAFE_INPUT_FACTORY = xif;
XMLOutputFactory xof = null;
try {
xof = XMLOutputFactory.newInstance();
String xofClassName = xof.getClass().getName();
if (!xofClassName.contains("ctc.wstx") && !xofClassName.contains("xml.xlxp")
&& !xofClassName.contains("xml.xlxp2") && !xofClassName.contains("bea.core")) {
xof = null;
}
} catch (Throwable t) {
//ignore, can always drop down to the pooled factories
}
SAFE_OUTPUT_FACTORY = xof;
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
####从源代码可以看出,allowInsecureParser是类StaxUtils的一个静态变量,而这个变量的值取决于SystemPropertyAction.getPropertyOrNull(ALLOW_INSECURE_PARSER);
继续往下走,我们可以看看SystemPropertyAction是什么(SystemPropertyAction.Java):
public final class SystemPropertyAction implements PrivilegedAction<String> {
private static final Logger LOG = LogUtils.getL7dLogger(SystemPropertyAction.class);
private final String property;
private final String def;
private SystemPropertyAction(String name) {
property = name;
def = null;
}
private SystemPropertyAction(String name, String d) {
property = name;
def = d;
}
/* (non-Javadoc)
* @see java.security.PrivilegedAction#run()
*/
public String run() {
if (def != null) {
return System.getProperty(property, def);
}
return System.getProperty(property);
}
public static String getProperty(String name) {
return AccessController.doPrivileged(new SystemPropertyAction(name));
}
public static String getProperty(String name, String def) {
try {
return AccessController.doPrivileged(new SystemPropertyAction(name, def));
} catch (SecurityException ex) {
LOG.log(Level.FINE, "SecurityException raised getting property " + name, ex);
return def;
}
}
/**
* Get the system property via the AccessController, but if a SecurityException is
* raised, just return null;
* @param name
*/
public static String getPropertyOrNull(String name) {
try {
return AccessController.doPrivileged(new SystemPropertyAction(name));
} catch (SecurityException ex) {
LOG.log(Level.FINE, "SecurityException raised getting property " + name, ex);
return null;
}
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
从代码中可以看出,实际上最后返回的值时System.getProperty(ALLOW_INSECURE_PARSER)。而这种方式得到的值需要在JVM Options中添加-D($ALLOW_INSECURE_PARSER)=true,其中ALLOW_INSECURE_PARSER=org.apache.cxf.stax.allowInsecureParser。这个值需要在jboss的run.conf中添加。
-
顶
- 0
-
踩
- 0
相关文章推荐
- • 解决CXF webService 调用报错: “Cannot create a secure XMLInputFactory”
- • Cannot create a secure XMLInputFactory cxf写的服务端 客户端调用出异常
- • CXF报安全性错误 Cannot create a secure XMLInputFactory
- • CXF webService 调用报错: “Cannot create a secure XMLInputFactory”
- • Cannot create a secure XMLInputFactory --CXF调用出错
- • webservcie生成客户端代码报错----javax.xml.ws.soap.SOAPFaultException: Cannot create a secure XMLInputFactory
- • WebService客户端调用一直报java.lang.RuntimeException: Cannot create a secure XMLInputFactory错误
- • weblogic下部署cxf服务端Cannot create a secure XMLInputFactory
- • CXF部署到WebLogic的问题
- • javax.xml.ws.soap.SOAPFaultException: Cannot create a secure XMLInputFactory