Frequently Asked Questions
Can CXF run with JDK 1.8/Java 8?
Most of CXF 3.0.0 can run with Java 8. Building CXF cannot currently be done with Java8 due to problems with various Maven plugins, problems with JIBX, etc... The tooling may require a -Djavax.xml.accessExternalSchema=file VM argument to allow JAXB to process and parse schemas. Many of the CXF tests fail for the same reason. We are hoping that with CXF 3.0.1, we can fix a majority of the issues (JIBX issues are still outstanding) via updates to tests, new version of JAXB, etc....
Can CXF run with JDK 1.7/Java 7?
Yes. CXF supports Java 7. Since Java 7 contains the 2.2.x versions of both JAXB and JAX-WS API jars, using CXF with Java 7 is much easier than with Java 6.
Can CXF run with JDK 1.6?
JDK 1.6 incorporates the JAXB reference implementation. However, it incorporates an old version of the RI. CXF does not support this version. As of 1.6_04, this is easy to deal with: you must put the versions of JAXB RI (the 'impl' and 'xjc' jars) that we include with CXF in your classpath. As of this writing, these are version 2.2.10.
The current plan is that CXF 3.1 will no longer support Java 6 and will require Java 7 or newer. Users are strongly encouraged to start moving to Java 7.
Can CXF run with JDK 1.5?
Yes for CXF 2.6.x and older. Keep in mind though that Java 2 SE 5.0 with JDK 1.5 has reached end of life (EOL). CXF 2.7.x no longer supports Java 5. In order to upgrade to 2.7.x, you must be using Java 6 (or newer).
There is one more planned release for the 2.6.x series of CXF. After that, there are no more planned releases of CXF that will support Java 5. Users are strongly encouraged to start moving to Java 7 and to start migrating to newer versions of CXF.
Can CXF run without the Sun reference SAAJ implementation?
In many cases, CXF can run without an SAAJ implementation. However, some features such as JAX-WS handlers and WS-Security do require an SAAJ implementation. By default, CXF ships with the Sun SAAJ implementation, but CXF also supports axis2-saaj version 1.4.1 as an alternative. When using a Java6 JRE, CXF can also use the SAAJ implementation built into Java.
Are there commercial offerings of CXF that provide services, support, and additional features?
Several companies provide services, training, documentation, support, etc... on top of CXF. Some of those companies also produce products that are either based on Apache CXF or include Apache CXF. See the Commercial CXF Offerings page for a list of companies and the services they provide.
Is there an Apache CXF certification program?
No, but Oracle's SCDJWS certification covers the web services stack and related areas. Note, that the popular SCJP certification is a prerequisite to the SCDJWS. Also, check out the SCDJWS Forum at the Java Ranch for healthy discussions in regards to the certification. Study notes can be found at SCDJWS 5.0 Study Guide, WikiBooks and Ivan A. Krizsan Study Notes. Java Ranch also provides and information page in regards to the certification.
The parts in my generated wsdl have names of the form "arg0", "arg1", ... Why don't the parts (and Java generated from them) use the nice parameter names I typed into the interface definition?
Official answer: The JAX-WS spec (specifically section 3.6.1) mandates that it be generated this way. To customize the name, you have to use an @WebParam(name = "blah") annotation to specify better names. (You can use @WebResult for the return value, but you'll only see the results if you look at the XML.)
Reason: One of the mysteries of java is that abstract methods (and thus interface methods) do NOT get their parameter names compiled into them even with debug info. Thus, when the service model is built from an interface, there is no way to determine the names that were using in the original code.
If the service is built from a concrete class (instead of an interface) AND the class was compiled with debug info, we can get the parameter names. The simple frontend does this. However, this could cause potential problems. For example, when you go from developement to production, you may turn off debug information (remove -g from javac flags) and suddenly the application may break since the generated wsdl (and thus expect soap messages) would change. Thus, the JAX-WS spec writers went the safe route and mandate that you have to use the @WebParam annotations to specify the more descriptive names.
There are several ways to do this depending on how your project is written (code first or wsdl first) and requirements such as portability.
- The "JAX-WS" standard way to do this is to write a SOAP Handler that will add the headers to the SOAP message and register the handler on the client/server. This is completely portable from jax-ws vendor to vendor, but is also more difficult and can have performance implications. You have to handle the conversion of the JAXB objects to XML yourself. It involves having the entire soap message in a DOM which breaks streaming. Requires more memory. etc... However, it doesn't require any changes to wsdl or SEI interfaces.
- JAX-WS standard "java first" way: if doing java first development, you can just add an extra parameter to the method and annotate it with @WebParam(header = true). If it's a response header, make it a Holder and add the mode = Mode.OUT to @WebParam.
- wsdl first way: you can add elements to the message in the wsdl and then mark them as soap:headers in the soap:binding section of the wsdl. The wsdl2java tool will generate the @WebParam(header = true) annotations as above. With CXF, you can also put the headers in their own message (not the same message as the request/response) and mark them as headers in the soap:binding, but you will need to pass the -exsh true flag to wsdl2java to get the paramters generated. This is not portable to other jax-ws providers. Processing headers from other messages it optional in the jaxws spec.
- CXF proprietary way: In the context (BindingProvider.getRequestContext() on client, WebServiceContext on server), you can add a List<org.apache.cxf.headers.Header> with the key Header.HEADER_LIST. The headers in the list are streamed at the appropriate time to the wire according to the databinding object found in the Header object. Like option 1, this doesn't require changes to wsdl or method signatures. However, it's much faster as it doesn't break streaming and the memory overhead is less.
List<Header> headers = new ArrayList<Header>();
Header dummyHeader = new Header(new QName("uri:org.apache.cxf", "dummy"), "decapitated",
How can I turn on schema validation for jaxws endpoint?
For the client side
<entry key="schema-validation-enabled" value="true" />
You may also do this programmatically:
For the server side
<entry key="schema-validation-enabled" value="true" />
Starting with CXF 2.3 you have the additional option of using the org.apache.cxf.annotations.SchemaValidation annotation.
Are JAX-WS client proxies thread safe?
Official JAX-WS answer: No. According to the JAX-WS spec, the client proxies are NOT thread safe. To write portable code, you should treat them as non-thread safe and synchronize access or use a pool of instances or similar.
CXF answer: CXF proxies are thread safe for MANY use cases. The exceptions are:
Use of ((BindingProvider)proxy).getRequestContext() - per JAX-WS spec, the request context is PER INSTANCE. Thus, anything set there will affect requests on other threads. With CXF, you can do:
and future calls to getRequestContext() will use a thread local request context. That allows the request context to be threadsafe. (Note: the response context is always thread local in CXF)
- Settings on the conduit - if you use code or configuration to directly manipulate the conduit (like to set TLS settings or similar), those are not thread safe. The conduit is per-instance and thus those settings would be shared. Also, if you use the FailoverFeature and LoadBalanceFeatures, the conduit is replaced on the fly. Thus, settings set on the conduit could get lost before being used on the setting thread.
- Session support - if you turn on sessions support (see jaxws spec), the session cookie is stored in the conduit. Thus, it would fall into the above rules on conduit settings and thus be shared across threads.
- WS-Security tokens - If use WS-SecureConversation or WS-Trust, the retrieved token is cached in the Endpoint/Proxy to avoid the extra (and expensive) calls to the STS to obtain tokens. Thus, multiple threads will share the token. If each thread has different security credentials or requirements, you need to use separate proxy instances.
For the conduit issues, you COULD install a new ConduitSelector that uses a thread local or similar. That's a bit complex though.
For most "simple" use cases, you can use CXF proxies on multiple threads. The above outlines the workarounds for the others.
The generated wsdl (GET request on the ?wsdl address) doesn't contain the messages, types, portType, etc... What did I do wrong?
Usually this means the wsdl at that address contains the service and binding, but uses a <wsdl:import> element to import another wsdl (usually at ?wsdl=MyService1.wsdl type address) that defines the types, messages, and portType. The cause of this is different targetNamespaces for the Service Interface (mapped to the port type) and the service implementation (mapped to the Service/Binding). By default, the targetNamespace is derived from the package of each of those, so if they are in different packages, you will see this issue. Also, if you define a targetNamespace attribute on the @WebService annotation on one of them, but not the other, you will likely see this as well. The easiest fix is to update the @WebService annotation on BOTH to have the exact same targetNamespace defined.
When using Spring AOP to enable things like transactions and security, the generated WSDL is very messed up with wrong namespaces, part names, etc...
Reason: When using Spring AOP, spring injects a proxy to the bean into CXF instead of the actual bean. The Proxy does not have the annotations on it (like the @WebService annotation) so we cannot query the information directly from the object like we can in the non-AOP case. The "fix" is to also specify the actual serviceClass of the object in the spring config: