WebService客户端请求失败 can not create a secure xmlinputfactory

webService客户端请求失败：can not create a secure xmlinputfactory

对应的cxf版本为

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <cxf.version>3.2.14</cxf.version>
    </properties>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>org.apache.cxf</groupId>
                <artifactId>cxf-parent</artifactId>
                <version>${cxf.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
            <dependency>
                <groupId>org.apache.cxf</groupId>
                <artifactId>cxf</artifactId>
                <version>${cxf.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

找到源码对应位置(org.apache.cxf.staxutils.StaxUtils类的338行)

从以上源码不难看出，如果allowInsecureParser参数为true的话，就不会进入到抛出异常的逻辑。而allowInsecureParser参数是在类初始化的时候设置的。大致源码如下所示

public static final String ALLOW_INSECURE_PARSER =
    "org.apache.cxf.stax.allowInsecureParser";
    
private static boolean allowInsecureParser;

static{
	// ...
	String s = SystemPropertyAction.getPropertyOrNull(ALLOW_INSECURE_PARSER);
	if (!StringUtils.isEmpty(s)) {
	    allowInsecureParser = "1".equals(s) || Boolean.parseBoolean(s);
	}
	// ...
}

从上面不难看出如果ALLOW_INSECURE_PARSER对应的值不为空，而且为1或者true时，allowInsecureParser为true.
设置系统参数 -Dorg.apache.cxf.stax.allowInsecureParser=1再次启动，webservice请求不报错。