make replacement of cxf easier #203
Description
Hi,
I try to get rid of BingAds's cxf dependencies.
CXF is not a good product. it's not thread safe, I get these exceptions from time to time:
Interceptor for {https://reporting.api.bingads.microsoft.com/Reporting/v13}WebClient has thrown exception, unwin
ding now
org.apache.cxf.interceptor.Fault: null
at org.apache.cxf.jaxrs.client.WebClient$BodyWriter.doWriteBody(WebClient.java:1227)
at org.apache.cxf.jaxrs.client.AbstractClient$AbstractBodyWriter.handleMessage(AbstractClient.java:1223)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.jaxrs.client.AbstractClient.doRunInterceptorChain(AbstractClient.java:710)
at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1085)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:931)
at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:900)
at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:460)
at org.apache.cxf.jaxrs.client.SyncInvokerImpl.method(SyncInvokerImpl.java:150)
at org.apache.cxf.jaxrs.client.SyncInvokerImpl.method(SyncInvokerImpl.java:145)
at org.apache.cxf.jaxrs.client.SyncInvokerImpl.post(SyncInvokerImpl.java:85)
at org.apache.cxf.jaxrs.client.spec.InvocationBuilderImpl.post(InvocationBuilderImpl.java:152)
at com.microsoft.bingads.internal.restful.RestfulServiceClient.getResponseInfo(RestfulServiceClient.java:182)
at com.microsoft.bingads.internal.restful.ReportingService.sendRequest(ReportingService.java:58)
at com.microsoft.bingads.internal.restful.ReportingService.submitGenerateReport(ReportingService.java:89)
...
Caused by: java.util.ConcurrentModificationException: null
at java.base/java.util.ArrayList$Itr.checkForComodification(ArrayList.java:1096)
at java.base/java.util.ArrayList$Itr.next(ArrayList.java:1050)
at org.apache.cxf.jaxrs.provider.ProviderFactory.createMessageBodyWriter(ProviderFactory.java:570)
at org.apache.cxf.jaxrs.provider.ProviderFactory.createMessageBodyWriterInterceptor(ProviderFactory.java:465)
at org.apache.cxf.jaxrs.client.AbstractClient.writeBody(AbstractClient.java:519)
at org.apache.cxf.jaxrs.client.WebClient$BodyWriter.doWriteBody(WebClient.java:1222)
... 28 common frames omitted
and with the version 4.0.2 it also includes a vulnerability: CVE-2024-28752 8.3 Transitive Server-Side Request Forgery (SSRF) vulnerability with High severity found
I tried to exclude all artifacts of group org.apache.cxf and to use jersey instead. Unfortunately that doesn't work, because com.microsoft.bingads.HttpClientProviderhas direct (GZIPFeature) and indirect (CxfUtils) dependencies to CXF, which leads (when using spring) to
Caused by: java.lang.IllegalStateException: Failed to introspect Class [com.microsoft.bingads.HttpClientProvider] from ClassLoader [jdk.internal.loader.ClassLoaders$AppClassLoader@4e0e2f2a]
at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:483)
at org.springframework.util.ReflectionUtils.doWithLocalMethods(ReflectionUtils.java:320)
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.checkLookupMethods(AutowiredAnnotationBeanPostProcessor.java:476)
... 14 more
Caused by: java.lang.NoClassDefFoundError: org/apache/cxf/ext/logging/LoggingFeature
at java.base/java.lang.Class.getDeclaredMethods0(Native Method)
at java.base/java.lang.Class.privateGetDeclaredMethods(Class.java:3578)
at java.base/java.lang.Class.getDeclaredMethods(Class.java:2676)
at org.springframework.util.ReflectionUtils.getDeclaredMethods(ReflectionUtils.java:465)
... 16 more
Caused by: java.lang.ClassNotFoundException: org.apache.cxf.ext.logging.LoggingFeature
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
... 20 more
I would be great, if you could get rid of the cxf-references at HttpClientProvider, so it's possible to remove all cxf dependencies