cxf | Apache CXF is an open source services framework | SOAP library

 by   apache Java Version: cxf-4.0.2 License: Apache-2.0

kandi X-RAY | cxf Summary

kandi X-RAY | cxf Summary

cxf is a Java library typically used in Web Services, SOAP applications. cxf has build file available, it has a Permissive License and it has high support. However cxf has 1258 bugs and it has 120 vulnerabilities. You can download it from GitHub.

Apache CXF is an open source services framework. CXF helps you build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. These services can speak a variety of protocols such as SOAP, XML/HTTP, RESTful HTTP, or CORBA and work over a variety of transports such as HTTP, JMS or JBI.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              cxf has a highly active ecosystem.
              It has 818 star(s) with 1380 fork(s). There are 91 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              cxf has no issues reported. There are 42 open pull requests and 0 closed requests.
              OutlinedDot
              It has a negative sentiment in the developer community.
              The latest version of cxf is cxf-4.0.2

            kandi-Quality Quality

              OutlinedDot
              cxf has 1258 bugs (44 blocker, 29 critical, 867 major, 318 minor) and 27507 code smells.

            kandi-Security Security

              OutlinedDot
              cxf has 12 vulnerability issues reported (2 critical, 4 high, 6 medium, 0 low).
              OutlinedDot
              cxf code analysis shows 108 unresolved vulnerabilities (91 blocker, 9 critical, 8 major, 0 minor).
              There are 881 security hotspots that need review.

            kandi-License License

              cxf is licensed under the Apache-2.0 License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              cxf releases are not available. You will need to build from source code and install.
              Build file is available. You can build the component from source.
              cxf saves you 1998274 person hours of effort in developing the same functionality from scratch.
              It has 823569 lines of code, 57823 functions and 9874 files.
              It has medium code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi has reviewed cxf and discovered the below as its top functions. This is intended to give you an instant insight into cxf implemented functionality, and help decide if they suit your requirements.
            • run one test test
            • Create extension element class .
            • Returns the next token .
            • Matches an AST node .
            • Build the tree .
            • Rebases the given endpoint reference .
            • Registers all builders .
            • Writes a resource method .
            • Creates the EclipseNamespaceMapper .
            • Create a W3E endpoint reference .
            Get all kandi verified functions for this library.

            cxf Key Features

            No Key Features are available at this moment for cxf.

            cxf Examples and Code Snippets

            No Code Snippets are available at this moment for cxf.

            Community Discussions

            QUESTION

            Bean Validation on Jax-RS Resource stops working while using CDI on Apache TomEE 8.0.10
            Asked 2022-Mar-16 at 22:46

            I'm having troubles getting bean validation to work with the following minimalised project consisting only of this three java files plus pom.xml. I'm using Apache TomEE 8.0.10.

            LoginMessage.java

            ...

            ANSWER

            Answered 2022-Mar-15 at 15:29

            This appears to be a bug in OpenWebBeans or TomEE. So what's happening is the first the actual instance of the bean is managed by JAX-RS, and the second, the bean is managed by the CDI container. In the second case, there needs to be some sort of interceptor the invokes the Bean Validation framework.

            I would start a discussion on the mailing list and open a bug on in the JIRA. If you can create a sample project that reproduces the problem it helps the devs out tremendously.

            As a workaround, you can @Inject private Validator validator and if there are any constraint violations returned, throw new ConstraintViolationException(constraintViolations);.

            Source https://stackoverflow.com/questions/71453728

            QUESTION

            Start a spring boot project witout the parent part
            Asked 2022-Mar-15 at 16:19

            I am currently working on migrating an appache CXF project to Spring BOOT.

            My problem is that this project depend on two other projects and in order to import them into maven I need to declare the parent project like this:

            ...

            ANSWER

            Answered 2022-Mar-10 at 09:54

            If you have to specify some other artifact as parent, then spring boot needs to be moved under dependencyManagement tag parallel to dependencies like this:

            Source https://stackoverflow.com/questions/71421969

            QUESTION

            NetBeans 12.6, Spring Boot / Maven, Cisco AXL Schema - Background scanning of projects
            Asked 2021-Dec-21 at 05:56

            Often related to Background scanning of projects people complain that this happens when NetBeans is started.

            I have a Spring Boot 2.6.x with Maven 3.8.2 project, using Cisco AXL Schema 12.5.

            With Apache CXF from this AXL Schema a lot of Java source code files are generated.

            When I do a Clean and Build on my project afterwards immediatly the Background scanning of projects starts.

            And it takes most of the times recently quite long.

            I see for example that it scans also

            ...

            ANSWER

            Answered 2021-Dec-21 at 05:56

            QUESTION

            Blueprint container error on OSGi bundle start up
            Asked 2021-Dec-08 at 19:22

            We have a Karaf OSGi server that has a bundle used for incoming web requests using CAMEL/CXF.

            Since the weekend, when the server starts, the bundle has been giving the following error:

            ...

            ANSWER

            Answered 2021-Dec-08 at 19:15

            It appears as though the http status code of 301 (moved permanently) being returned by the web site is not handled on the Java side. As a workaround, you can add "127.0.0.1 cxf.apache.org" to the hosts file, or block internet access using the operating system firewall.

            Source https://stackoverflow.com/questions/70239676

            QUESTION

            In C#, how can I create a SOAP integration for the Praxedo Business Event Attachment Manager?
            Asked 2021-Oct-15 at 15:30

            We use Praxedo and need to integrate it with our other solutions. Their API requires the use of SOAP, and moreover requires MTOM and Basic authentication.

            We've successfully integrated with multiple services, such as their Customer Manager. In the case of the Customer Manager, I can create the Customer Manager client like this, and it works:

            ...

            ANSWER

            Answered 2021-Oct-15 at 15:30

            We finally got this working!

            We created a value object to capture information about the file:

            Source https://stackoverflow.com/questions/69265927

            QUESTION

            Can I use CXF with Tomcat 10?
            Asked 2021-Sep-16 at 15:17

            I am getting the following error when using CXF with Tomcat 10:

            ...

            ANSWER

            Answered 2021-Sep-16 at 15:17

            There is no official version of CXF supporting Jakarta EE 9, however you can use the Tomcat Migration Tool for Jakarta EE to replace the namespace in the CXF jar files and your source code.

            This is the approach also chosen by TomEE (which uses CXF) for its 9.0 series, so it should be relatively safe.

            Tomcat 10.0 itself integrates the migration tool and can convert your WAR file before deployment if you put it in the webapps-javaee folder.

            Source https://stackoverflow.com/questions/69210431

            QUESTION

            SOAP client is not able to authenticate with mutual tls
            Asked 2021-Jul-09 at 23:01

            I have an Apache CXF client that is connecting a SOAP service, and authenticating with mutual TLS. The client fails during the TLS Handshake because the service sends an empty list of client certificates to the server. I am testing this with self-signed certs, and I can prove that my server works with a curl request and with postman. I am pretty sure that the certificates are setup correctly, and I am sure that I am missing a config step in the CXF client.

            Here is how I have my client setup

            ...

            ANSWER

            Answered 2021-Jul-09 at 23:01

            For anyone who stumbles upon this question, here's how I resolved it.

            Once I started playing with the CXF demo code, I was able to simplify it to just its bare minimum set of dependencies and configurations. From there I was able to sort out that it was a matter of a missing dependency in my project.

            For starters, we use dropwizard for the server, and we have a dependency on dropwizard-jaxws which brings in the cxf dependencies. I found by whittling away all of the layers, that the demo app only works if cxf-rt-transports-http-jetty is in the list of dependencies.

            The transitive dependencies that dropwizard-jaxws include are:

            Source https://stackoverflow.com/questions/68183526

            QUESTION

            Getting java.lang.NoClassDefFoundError: org/apache/catalina/connector/Connector in wildFly 21.x
            Asked 2021-Jun-30 at 22:17

            I am trying to run a spring boot project which runs perfectly on embedded tomcat but when deployed to wildfly 21.x throws java.lang.NoClassDefFoundError: org/apache/catalina/connector/Connector

            Any help would be appreciated.

            Below is my code snippet.

            Main file:-

            ...

            ANSWER

            Answered 2021-Jun-30 at 22:17

            The class org.apache.catalina.connector.Connector is part of Tomcat. In order for your application to work correctly on external servlet containers, the embedded copy of Tomcat must not be on the classpath of the web application (i.e. in /WEB-INF/lib). You set it correctly by setting the scope of the spring-boot-starter-tomcat to provided.

            However now you have a problem, because the CdPlaylistadapterApplication has Connector in one of its method signatures and Spring Boot fails while creating an instance of the CdPlaylistadapterApplication class.

            To solve it you need to move Tomcat specific configuration to another class (even nested) and protect it with the @ConditionalOnClass annotation:

            Source https://stackoverflow.com/questions/68199510

            QUESTION

            Progress PASOE - PUT Method with invoke operation throws 500 server error
            Asked 2021-May-26 at 08:02

            I am working with Progress PASOE technology to make REST requests but suddenly I am facing an unexpected and wierd issue.

            This is the PUT method that I was using:

            ...

            ANSWER

            Answered 2021-May-26 at 08:02

            Finally I managed to work this out. I am posting it here to help anyone else that could have the same problem.

            It seemed to be related to the adapters created in Production during the deploy process (located in PASOEContent\WEB-INF\adapters\rest). When I did this deploy, I probably included a business entity for table "extcli", which was not in the project anymore. So, I undeployed the application and deployed again with a new generated .war file from Developer Studio. This new file didn´t reference to a adapters that doesn´t exist, and that seemed to be enough.

            Source https://stackoverflow.com/questions/67684023

            QUESTION

            Vaadin with Apache CXF SOAP service
            Asked 2021-May-25 at 17:02

            I am new to Vaadin, just generated the application in Vaadin web site and built it locally. Then I added Apache CXF SOAP service to it, but I am unable to use the Tomcat that Vaadin is using, but instead I load SOAP in Jetty using:

            ...

            ANSWER

            Answered 2021-May-25 at 17:02

            I am not familiar with Apache CXF, but based on CXF docs and the sample project I think I got it to work.

            I downloaded a new Vaadin 14/Java 8 project from start.vaadin.com, and did the following:

            1. Added the dependency

            Source https://stackoverflow.com/questions/67686164

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.
            Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.
            Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter "rs.security.keystore.type" to "jwk". For this case all keys are returned in this file "as is", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. "oct" keys, which contain secret keys, are not returned at all.
            Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client.
            Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count".
            It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.

            Install cxf

            You can download it from GitHub.
            You can use cxf like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the cxf component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/apache/cxf.git

          • CLI

            gh repo clone apache/cxf

          • sshUrl

            git@github.com:apache/cxf.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular SOAP Libraries

            node-soap

            by vpulim

            savon

            by savonrb

            python-zeep

            by mvantellingen

            gowsdl

            by hooklift

            cxf

            by apache

            Try Top Libraries by apache

            echarts

            by apacheTypeScript

            superset

            by apacheTypeScript

            dubbo

            by apacheJava

            spark

            by apacheScala

            incubator-superset

            by apachePython