3.0 Migration Guide


  • JAX-RS 2.0 has been completely implemented.
  • JAX-RS WADL auto-generation code has been moved to a new cxf-rt-rs-service-description module.
  • JAX-RS 2.0 Client API and CXF specific WebClient and Proxy client code is now available in a new cxf-rt-rs-client module. Important: the namespace for jaxrs:client elements has changed from "http://cxf.apache.org/jaxrs" to "http://cxf.apache.org/jaxrs-client"
  • CXF RequestHandler and ResponseHandler filters have been removed, please use JAX-RS 2.0 ContainerRequestFilter and ContainerResponseFilter and also WriterInterceptor and ReaderInterceptor when needed.
  • CXF JAX-RS Form extension has been dropped, please use JAX-RS 2.0 Form.
  • CXF JAX-RS ParameterHandler has been dropped, please use JAX-RS 2.0 ParamConverterProvider.


  • Add new code generator frontend to add CXF specific constructors and methods. (pass "-fe cxf" to wsdl2java)
  • Make AbstractFeature subclass WebServiceFeature and update the JAX-WS frontend to look for them.
  • "jaxb-validation-event-handler"s now apply for both Reading and Writing. (previously only applied to Reading). There are separate jaxb-(reader|writer)-validation-event-handler properties if you need it set for only one direction.
  • If the WSDL location that is passed into CXF is not valid, previous versions of CXF *MAY* ignore the error and proceed as if "null" was passed for the WSDL.   3.0 will now throw an exception.
  • ClientProxy.getClient(proxy) is no longer needed for most use cases.  The client proxy instances now implement the Client API directly.   A direct cast to Client should work.


  • Support for the older JMS 1.0.2 API's has been removed.   Your JMS provider must support the 1.1 API's. 

Bean Validation

Bean Validation 1.1 interceptors and features have been introduced for JAX-RS and JAX-WS frontends.


  • The DefaultCryptoCoverageChecker now contains boolean properties to easily check if a WSS UsernameToken was signed and/or encrypted. The default is now that a UsernameToken must be encrypted.



Major dependency changes

  • Spring 3.2 or newer is required.   The calls to the API's that were deprecated in Spring 3.x have been removed.  This allows CXF 3.0 to work with Spring 4, but means it can no longer with with Spring 2.5.

CXF Module/Jar Changes

  • Combined api/core into just a cxf-core. All "wsdl" related stuff has been moved to a new cxf-wsdl bundle to remove the wsdl4j requirement for JAX-RS applications.
  • Dropped support for Karaf 2.2.x. Karaf 2.3.x is now required.
  • The direct dependency on a javax.mail implementation has been removed and the CXF maven poms will not pull one in transitively anymore. For MOST users, this is not a problem. However, if your application uses MTOM or Soap w/Attachments or similar that requires some of the DataContentHandlers that are part of the mail implementations, you may need to re-add this to your classpath.
  • DynamicClientFactory was moved from the JAXB databinding to the Simple frontend. However, users are strongly encouraged to use the JaxWsDynamicClientFactory subclass.

Removed/Changed API's

  • CXFBusImpl has been removed. The only subclass was the ExtensionMangerBus (SpringBus and Blueprint/osgi stuff subclassed that) so the functionality was pushed up into ExtensionMangerBus. Some of the "common" methods were put directly on the Bus interface to make using the Bus cleaner (no casts to the impl).
  • The unused "run()" method on Bus was removed.
  • Merge BaseDataReader/DataReader and the same for the writer getting rid of the "Base" versions that are unreferenced.
  • The 2 unused params on Destination.getBackChannel were removed. They were unused and normally passed in as null.
  • Remove QueryHandlers -> these were originally used for the ?wsdl processing (and is still used for ?js). However, that stuff is better done directly on the interceptor chains as interceptors to allow user supplied interceptors to also handle them. I'd like to just remove these. (obviously update the ?js stuff) Would simplify the CXFServlet a bit.
  • Removed all the /META-INF/cxf/cxf-extension-XYZ.xml files. They have been deprecated an not needed for a long time.
  • Updated ConduitInitiator and DestinationFactory to pass Bus as parameter to the various methods.
  • Removed support for the old bus-extensions.xml file (in favor of the current and much faster bus-extensions.txt)
  • Move ALL XML parsing and writing to StaxUtils and DOM based utilities to DOMUtils. The XMLUtils class that used SAX based parsing and Transformer based writing has been eliminated. This simplifies the code as well as increases security as we can provide better limits and have more control with the StAX based IO.
  • AddressingProperties has been turned from an interface to a concrete class that can be created directly with "new". AddressingPropertiesImpl has been removed.
  • Many of our interfaces/classes that held onto constants were either removed or moved. In particular XmlSchemaConstants was removed (use the Constants from the XmlSchema library directly), WSDLConstants was moved from api to rt-wsdl, SOAPConstants was removed (most are available in WSDLConstants). Goal is to reduce some memory usage and help startup time and reduce a lot of duplication.
  • AlternativeSelector and the PolicyEngine and other PolicyRelated classes have been updated to pass the current Message in (when appropriate) to allow using message contextual information to select the alternative. HOWEVER, keep in mind that the selected alternative is likely cached and thus if contextual information changes, the alternatively may not be recalculated.
  • FailoverTargetSelector will not activate the fail-over in cases when HTTP client errors are returned, only HTTP 404 and 503 statuses will be recognized. Set FailoverTargetSelector supportNotAvailableErrorsOnly property to false if the support for all HTTP errors is required.
  • ServletController will not override the endpoint addresses by default as it has side-effects when a given endpoint is accessed via multiple paths. Set CXFServlet "disable-address-updates" parameter to 'false' if required.
  • The long since deprecated org.apache.cxf.frontend.MethodDispatcher has been removed.  (It was replaced with org.apache.cxf.service.invoker.MethodDispatcher in 2.6)
  • The deprecated JAXBToStringBuilder and JAXBToStringStyle classes that were in cxf-rt-databindind-jaxb have been removed.  The functionality has been provided by cxf-xjc-runtime for a while now.
  • The deprecated URIMappingInterceptor has been removed.  This hasn't been on the default chain for some time due to a bunch of security related issues.
  • SchemaValidation annotation has had its deprecated "enabled" property removed. Please use its "type" property to control the validation.