cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Schyma <psch...@adeece.com>
Subject OSGi (karaf) ClassLoader problems after update from CXF (STS) 2.7.0 to 2.7.1
Date Mon, 07 Jan 2013 11:21:12 GMT
Hi,

we are using Fediz IDP (1.1-SNAPSHOT) with CXF STS in Karaf 2.3.0. Both 
are deployed as separate bundles in the same karaf instance (together 
with other bundles which also use CXF). In order to avoid problems with 
the shared default bus from the CXF bundles we already use a named bus 
in each bundle to configure bundle specific aspects.

But after upgrading the karaf features to CXF 2.7.1 we always get a 
ClassCastException at the STS when the IDP requests the token for the RP:
java.lang.ClassCastException: 
org.jcp.xml.dsig.internal.dom.DOMKeyInfoFactory cannot be cast to 
javax.xml.crypto.dsig.keyinfo.KeyInfoFactory
     at 
javax.xml.crypto.dsig.keyinfo.KeyInfoFactory.findInstance(KeyInfoFactory.java:158)
     at 
javax.xml.crypto.dsig.keyinfo.KeyInfoFactory.getInstance(KeyInfoFactory.java:142)
     at 
org.apache.ws.security.saml.SAMLUtil.getCredentialDirectlyFromKeyInfo(SAMLUtil.java:380)
     at 
org.apache.ws.security.saml.ext.AssertionWrapper.verifySignature(AssertionWrapper.java:541)
     at 
org.apache.cxf.sts.token.validator.SAMLTokenValidator.validateToken(SAMLTokenValidator.java:177)[168:org.apache.cxf.services.sts.core:2.7.1]
     at 
org.apache.cxf.sts.operation.AbstractOperation.validateReceivedToken(AbstractOperation.java:554)[168:org.apache.cxf.services.sts.core:2.7.1]
     at 
org.apache.cxf.sts.operation.TokenIssueOperation.issueSingle(TokenIssueOperation.java:114)[168:org.apache.cxf.services.sts.core:2.7.1]
     at 
org.apache.cxf.sts.operation.TokenIssueOperation.issue(TokenIssueOperation.java:70)[168:org.apache.cxf.services.sts.core:2.7.1]



After tracing this down we finally discovered that the issue is 
originated from a failing JCE Provider registration in wss4j. wss4j 
attempts to register the "ApacheXMLDSig" provider from xmlsec jar but 
fails because this class is not visible to the class loader which it 
tries to use: currentThread#contextClassLoader which is an instance of 
org.apache.cxf.bus.blueprint.BundleDelegatingClassLoader. The delegate 
for the class loader is the class loader from another bundle which uses 
CXF and is started prior to our STS bundle.

wss4j ignores the failed registration attempt of the provider and later 
tries to use it. But since the provider is not available, wss4j requests 
the default provider. This request leads to the ClassCastException above.

We are using latest Java 7 from Oracle and OpenJDK and both fail with 
the above ClassCastException.

Using CXF 2.7.0 the order in which our bundles are started does not matter.

Greetings
Peter

Mime
View raw message