In the default constructor of org.apache.cxf.rt.security.saml.xacml2.AbstractXACMLAuthorizingInterceptor
and the net.shibboleth.utilities.java.support.xml.BasicParserPool class is used in the OpenSAMLUtil.initSamlEngine() (wss4j version 2.1.2)
the ClassNotFoundException will be thrown when the default constructor of AbstractXACMLAuthorizingIntercept has been invoked.
It can be fixed by adding
into the wss4j feature in the apache-cxf-3.1.2-features.xml
Or maybe changes should be made on wss4j-ws-security-common bundle, which make net.shibboleth.utilities.java.support.xml packge not optional.