ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Philip Helger (Jira)" <j...@apache.org>
Subject [jira] [Created] (WSS-660) Classloading issue when having WSS4J in 2 different WARs on the same Tomcat
Date Fri, 29 Nov 2019 19:04:00 GMT
Philip Helger created WSS-660:
---------------------------------

             Summary: Classloading issue when having WSS4J in 2 different WARs on the same
Tomcat
                 Key: WSS-660
                 URL: https://issues.apache.org/jira/browse/WSS-660
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Core
    Affects Versions: 2.2.4
            Reporter: Philip Helger
            Assignee: Colm O hEigeartaigh


Hi,

I'm struggling with a classloading issue, if wss4j-ws-security-dom.jar is contained in more
than one web application (WAR) running on the same Tomcat.

So assume I have 2 webapplications "wa1" and "wa2", which both contain a servlet "/sign" that
does some WSS signing. First I am calling "/wa1/sign" (all good), than "/wa2/sign" (also good)
and finall again "/wa1/sign" and here it breaks with an "InvalidAlgorithmParameterException"
in "org.apache.wss4j.dom.transform.AttachmentContentSignatureTransform.init(AttachmentContentSignatureTransform.java:70)"

The reason is, that the expected class "AttachmentTransformParameterSpec" and the provided
class "AttachmentTransformParameterSpec" come from different class loaders.

The problem is the "WSSConfig.init()" method. Currenty I am calling this statically once per
web application. This method indirectly calls the global "Security.addProvider()" which also
registers the "AttachmentContentSignatureTransformProvider", but removes any previous matching
provider. And therefore the registration of "/wa2" wins, because it is called second.

This is btw. the full stack trace of the second call to "/wa1/sign", with a slightly pimped
exception message to compare the classloaders:
java.security.InvalidAlgorithmParameterException: Expected AttachmentTransformParameterSpec
from ParallelWebappClassLoader
context: cl2
delegate: false
----------> Parent Classloader:
java.net.URLClassLoader@335eadca
 
but got org.apache.wss4j.dom.transform.AttachmentTransformParameterSpec from ParallelWebappClassLoader
context: cl1
delegate: false
----------> Parent Classloader:
java.net.URLClassLoader@335eadca
instead
This class (AttachmentContentSignatureTransform) was loaded by ParallelWebappClassLoader
context: cl2
delegate: false
----------> Parent Classloader:
java.net.URLClassLoader@335eadca
 
org.apache.wss4j.dom.transform.AttachmentContentSignatureTransform.init(AttachmentContentSignatureTransform.java:70)
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.newTransform(DOMXMLSignatureFactory.java:316)
org.apache.wss4j.dom.message.WSSecSignatureBase.addAttachmentReferences(WSSecSignatureBase.java:298)
org.apache.wss4j.dom.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:119)
org.apache.wss4j.dom.message.WSSecSignature.addReferencesToSign(WSSecSignature.java:426)
org.apache.wss4j.dom.message.WSSecSignature.build(WSSecSignature.java:400)

 Here is the stacktrace, how the "AttachmentContentSignatureTransform" constructor is called:
Thread [qtp1843289228-22] (Suspended (breakpoint at line 66 in AttachmentContentSignatureTransform))
AttachmentContentSignatureTransform.<init>() line: 66
NativeConstructorAccessorImpl.newInstance0(Constructor<?>, Object[]) line: not available
[native method]
NativeConstructorAccessorImpl.newInstance(Object[]) line: 62
DelegatingConstructorAccessorImpl.newInstance(Object[]) line: 45
Constructor<T>.newInstance(Object...) line: 423
Provider$Service.newInstance(Object) line: 1595
GetInstance.getInstance(Service, Class<?>) line: 236
TransformService.getInstance(String, String) line: 166
DOMXMLSignatureFactory.newTransform(String, TransformParameterSpec) line: 312
WSSecSignature(WSSecSignatureBase).addAttachmentReferences(WSEncryptionPart, DigestMethod,
XMLSignatureFactory) line: 298
WSSecSignature(WSSecSignatureBase).addReferencesToSign(Document, List<WSEncryptionPart>,
WSDocInfo, XMLSignatureFactory, boolean, String) line: 119
WSSecSignature.addReferencesToSign(List<WSEncryptionPart>) line: 426
WSSecSignature.build(Crypto) line: 400
 

Any suggestions on what I can do to work around that issue?

Thanks, Philip



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message