cxf 2way ssl not webservice Give无法创建安全的XMLInputFactory
[英]cxf 2way ssl not webservice give Cannot create a secure XMLInputFactory
问题描述
In my client of a web service which developed by cxf like this , and is supposed to be a 2-way ssl implementation I get the following exception. 
在我这通过像CXF开发的Web服务客户端此 ,并且应该是一个双向SSL实现我得到下面的异常。
java.lang.RuntimeException: Cannot create a secure XMLInputFactory
Unless I set the following environment property with value 1. 除非我将以下环境属性设置为值1。
org.apache.cxf.stax.allowInsecureParser
But I guess it means that the connection will be insecure. 但是我想这意味着连接将不安全。 Am I right? 我对吗?
2 个解决方案
解决方案1
0 2015-02-05 00:43:15
That exception has nothing to do with SSL. 该异常与SSL无关。
If your service consumes XML content and is accessed by untrusted clients (for example, it is exposed to the Internet), it will be vulnerable to an XXE attack . 如果您的服务使用XML内容并且被不受信任的客户端访问(例如,它暴露于Internet),那么它很容易受到XXE攻击 。 To mitigate, you need to have Woodstox 4.2.0 or later on the classpath. 为了缓解这种情况,您需要在类路径上使用Woodstox 4.2.0或更高版本。 See WSTX-285 . 参见WSTX-285 。
If your service doesn't accept XML content, you should be OK. 如果您的服务不接受XML内容,则应该可以。
解决方案2
0 2016-10-28 21:54:58
I added these three lines and worked fine 我添加了这三行,并且工作正常
Properties props = System.getProperties(); 属性props = System.getProperties(); props.setProperty("org.apache.cxf.stax.allowInsecureParser", "1"); props.setProperty(“ org.apache.cxf.stax.allowInsecureParser”,“ 1”); props.setProperty("UseSunHttpHandler", "true"); props.setProperty(“ UseSunHttpHandler”,“ true”);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.