1

I'm using spring/wss4j for web service security in websphere 8.5. Wss4j requires xmlsec.jar and I've included xmlsec.jar under WEB-INF/lib/xmlsec-2.0.4.jar. But websphere classloader can't find DOMXMLSignatureFactory.

Caused by: java.lang.ClassNotFoundException: org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory
at java.net.URLClassLoader.findClass(URLClassLoader.java:599) ~[na:1.7.0]
at com.ibm.ws.bootstrap.ExtClassLoader.findClass(ExtClassLoader.java:204) ~[bootstrap.jar:WAS855.SERV1 [cf011339.02]]
at java.lang.ClassLoader.loadClassHelper(ClassLoader.java:760) ~[na:1.7.0]
at java.lang.ClassLoader.loadClass(ClassLoader.java:737) ~[na:1.7.0]
at com.ibm.ws.bootstrap.ExtClassLoader.loadClass(ExtClassLoader.java:119) ~[bootstrap.jar:WAS855.SERV1 [cf011339.02]]
at java.lang.ClassLoader.loadClass(ClassLoader.java:707) ~[na:1.7.0]
at com.ibm.ws.classloader.ProtectionClassLoader.loadClass(ProtectionClassLoader.java:62) ~[com.ibm.ws.runtime.jar:WAS855.SERV1 [cf011339.02]]
at com.ibm.ws.classloader.ProtectionClassLoader.loadClass(ProtectionClassLoader.java:58) ~[com.ibm.ws.runtime.jar:WAS855.SERV1 [cf011339.02]]
at com.ibm.ws.classloader.CompoundClassLoader.loadClass(CompoundClassLoader.java:616) ~[com.ibm.ws.runtime.jar:WAS855.SERV1 [cf011339.02]]
at java.lang.ClassLoader.loadClass(ClassLoader.java:707) ~[na:1.7.0]
at com.ibm.ws.classloader.CompoundClassLoader.loadClass(CompoundClassLoader.java:616) ~[com.ibm.ws.runtime.jar:WAS855.SERV1 [cf011339.02]]
at java.lang.ClassLoader.loadClass(ClassLoader.java:707) ~[na:1.7.0]
at javax.xml.crypto.dsig.XMLDSigSecurity.doGetImpl(XMLDSigSecurity.java:181) ~[na:na]
... 98 common frames omitted

I'm setting for both PARENT_LAST for both APPLICATION and MODULE. Xmlsec-2.0.4.jar is presented under "Class loader viewer". I've checked all my libs, there are no duplicate DOMXMLSignatureFactory classes. Could someone help me!

Trung Pham
  • 125
  • 7
  • Cross posting related question and answer by steveT listing known problematic jars. http://stackoverflow.com/questions/31110951/apache-cxf-2-7-11-on-websphere-8-5 – Revoman Jun 21 '16 at 12:21

2 Answers2

1

You'd probably have more success adding xmlsec.jar as an isolated shared library and associating it with your application.

covener
  • 17,402
  • 2
  • 31
  • 45
1

Root cause of the problem is older version of xmlsec jars had javax classes. We used the xmlsec-2.0.0 jars and it worked. We got the hint from the Santuario xmlsec jar issue https://issues.apache.org/jira/browse/SANTUARIO-358. I also noticed that latest CXF version 3.1.6 contains xmlsec-2.0.6.jar which doesn't contain the javax packages which is the real solution to this problem.

Please use latest cxf package (>3.0).

Nagaraj
  • 11
  • 1