OpenSAML throws java.lang.NoClassDefFoundError only on weblogic

Question

Im trying to implement a SAML SSO using the opensaml library. Ive managed to do so and successfully and deploy my simple authorization request on tomcat 7 but when i moved my application to weblogic server 10.3.5 it throws the following error:

java.lang.NoClassDefFoundError: Could not initialize class org.opensaml.xml.XMLConfigurator

Im using Gradle 1.12 to build the project, and im requesting the following dependencies:

dependencies { 
compile 'org.apache.logging.log4j:log4j-core:2.2'
compile 'org.slf4j:slf4j-api:1.7.12'    
compile 'org.slf4j:slf4j-log4j12:1.7.12'
compile group: 'org.opensaml', name: 'opensaml', version: '2.6.4'
compile group: 'commons-collections', name: 'commons-collections', version: '3.2'
    testCompile group: 'junit', name: 'junit', version: '4.+'
}

I was searching the web and found that some people solved this problem by telling weblogic to use their libs, but it didn't work for me. My deployment file weblogic.xml has this:

    <?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-web-app xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.7/weblogic-web-app.xsd">
    <prefer-application-packages>
        <package-name>org.opensaml.*</package-name>
    </prefer-application-packages>
    <prefer-web-inf-classes>true</prefer-web-inf-classes>
</wls:weblogic-web-app>

Weblogic console stacktrace:

    java.lang.NoClassDefFoundError: Could not initialize class org.opensaml.xml.XMLConfigurator
    at org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:220)
    at org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:207)
    at org.opensaml.DefaultBootstrap.bootstrap(DefaultBootstrap.java:100)
    at com.saml.ServiceProvider.<init>(ServiceProvider.java:37)
    at com.saml.WebServices.auth(WebServices.java:20)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:92)
    at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:74)
    at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:151)
    at com.sun.xml.ws.server.sei.EndpointMethodHandlerImpl.invoke(EndpointMethodHandlerImpl.java:268)
    at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:100)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:815)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:778)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:680)
    at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:403)
    at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:532)
    at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:253)
    at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:140)
    at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:171)
    at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:708)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
    at weblogic.wsee.util.ServerSecurityHelper.authenticatedInvoke(ServerSecurityHelper.java:103)
    at weblogic.wsee.jaxws.HttpServletAdapter$3.run(HttpServletAdapter.java:311)
    at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:336)
    at weblogic.wsee.jaxws.JAXWSServlet.doRequest(JAXWSServlet.java:95)
    at weblogic.servlet.http.AbstractAsyncServlet.service(AbstractAsyncServlet.java:99)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3717)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
java.lang.NoClassDefFoundError: Could not initialize class org.opensaml.xml.XMLConfigurator
    at org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:220)
    at org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:207)
    at org.opensaml.DefaultBootstrap.bootstrap(DefaultBootstrap.java:100)
    at com.saml.ServiceProvider.<init>(ServiceProvider.java:37)
    at com.saml.WebServices.auth(WebServices.java:20)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:92)
    at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:74)
    at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:151)
    at com.sun.xml.ws.server.sei.EndpointMethodHandlerImpl.invoke(EndpointMethodHandlerImpl.java:268)
    at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:100)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:866)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:815)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:778)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:680)
    at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:403)
    at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:532)
    at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:253)
    at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:140)
    at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:171)
    at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:708)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
    at weblogic.wsee.util.ServerSecurityHelper.authenticatedInvoke(ServerSecurityHelper.java:103)
    at weblogic.wsee.jaxws.HttpServletAdapter$3.run(HttpServletAdapter.java:311)
    at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:336)
    at weblogic.wsee.jaxws.JAXWSServlet.doRequest(JAXWSServlet.java:95)
    at weblogic.servlet.http.AbstractAsyncServlet.service(AbstractAsyncServlet.java:99)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3717)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

Ive managed to overcome this problem by removing the libraries:

com.bea.core.bea.opensaml2_1.0.0.0_6-1-0-0

com.bea.core.bea.opensaml_1.0.0.0_6-1-0-0

Is it possible to disable the libraries instead of removing them?

@anat0lius I had to remove the libraries – João Gomes Sep 26 '18 at 16:11 — João Gomes, Sep 26 '18 at 16:11

score 1 · Answer 1 · edited Mar 28 '23 at 11:28

yes you can change classloader priority, check this documentation : https://docs.oracle.com/middleware/1213/wls/WLPRG/classloading.htm#WLPRG289

The idea is to skip using weblogic lib for you application, look at this part: prefer-web-inf-classes Element

Configuring a Filtering ClassLoader To configure the FilteringClassLoader to specify that a certain package is loaded from an application, add a prefer-application-packages descriptor element to weblogic-application.xml which details the list of packages to be loaded from the application. The following example specifies that org.apache.log4j.* and antlr.* packages are loaded from the application, not the system classloader:
<prefer-application-packages>
  <package-name>org.apache.log4j.*</package-name>
  <package-name>antlr.*</package-name>
</prefer-application-packages> 
The prefer-application-packages descriptor element can also be defined in weblogic.xml. For more information, see "prefer-application-packages".

You can specify that a certain package be loaded for a WAR file included within an EAR file by configuring the FilteringClassLoader in the weblogic.xml file of the WAR file.

For example, A.ear contains B.war. A.ear defines the FilteringClassLoader in weblogic-application.xml, and B.war defines a different FilteringClassLoader in weblogic.xml. When you deploy A.ear, B.war loads the package defined in the FilteringClassLoader in weblogic.xml. The WAR-level FilteringClassLoader has priority over the EAR-level FilteringClassLoader for this WAR file.

For aid in configuring filtering classloaders, see Using the Classloader Analysis Tool (CAT).

Can you please add main parts of that documentation here in te answer? If in a future that external link is broken this answer will be wrong. Thanks — acostela, Sep 14 '16 at 14:08

OpenSAML throws java.lang.NoClassDefFoundError only on weblogic

1 Answers1