Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-660

Classloading issue when having WSS4J in 2 different WARs on the same Tomcat

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.2.4
    • None
    • WSS4J Core
    • None

    Description

      Hi,

      I'm struggling with a classloading issue, if wss4j-ws-security-dom.jar is contained in more than one web application (WAR) running on the same Tomcat.

      So assume I have 2 webapplications "wa1" and "wa2", which both contain a servlet "/sign" that does some WSS signing. First I am calling "/wa1/sign" (all good), than "/wa2/sign" (also good) and finall again "/wa1/sign" and here it breaks with an "InvalidAlgorithmParameterException" in "org.apache.wss4j.dom.transform.AttachmentContentSignatureTransform.init(AttachmentContentSignatureTransform.java:70)"

      The reason is, that the expected class "AttachmentTransformParameterSpec" and the provided class "AttachmentTransformParameterSpec" come from different class loaders.

      The problem is the "WSSConfig.init()" method. Currenty I am calling this statically once per web application. This method indirectly calls the global "Security.addProvider()" which also registers the "AttachmentContentSignatureTransformProvider", but removes any previous matching provider. And therefore the registration of "/wa2" wins, because it is called second.

      This is btw. the full stack trace of the second call to "/wa1/sign", with a slightly pimped exception message to compare the classloaders:
      java.security.InvalidAlgorithmParameterException: Expected AttachmentTransformParameterSpec from ParallelWebappClassLoader
      context: cl2
      delegate: false
      ----------> Parent Classloader:
      java.net.URLClassLoader@335eadca

      but got org.apache.wss4j.dom.transform.AttachmentTransformParameterSpec from ParallelWebappClassLoader
      context: cl1
      delegate: false
      ----------> Parent Classloader:
      java.net.URLClassLoader@335eadca
      instead
      This class (AttachmentContentSignatureTransform) was loaded by ParallelWebappClassLoader
      context: cl2
      delegate: false
      ----------> Parent Classloader:
      java.net.URLClassLoader@335eadca

      org.apache.wss4j.dom.transform.AttachmentContentSignatureTransform.init(AttachmentContentSignatureTransform.java:70)
      org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.newTransform(DOMXMLSignatureFactory.java:316)
      org.apache.wss4j.dom.message.WSSecSignatureBase.addAttachmentReferences(WSSecSignatureBase.java:298)
      org.apache.wss4j.dom.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:119)
      org.apache.wss4j.dom.message.WSSecSignature.addReferencesToSign(WSSecSignature.java:426)
      org.apache.wss4j.dom.message.WSSecSignature.build(WSSecSignature.java:400)

       

      Here is the stacktrace, how the "AttachmentContentSignatureTransform" constructor is called:
      Thread [qtp1843289228-22] (Suspended (breakpoint at line 66 in AttachmentContentSignatureTransform))
      AttachmentContentSignatureTransform.<init>() line: 66
      NativeConstructorAccessorImpl.newInstance0(Constructor<?>, Object[]) line: not available [native method]
      NativeConstructorAccessorImpl.newInstance(Object[]) line: 62
      DelegatingConstructorAccessorImpl.newInstance(Object[]) line: 45
      Constructor<T>.newInstance(Object...) line: 423
      Provider$Service.newInstance(Object) line: 1595
      GetInstance.getInstance(Service, Class<?>) line: 236
      TransformService.getInstance(String, String) line: 166
      DOMXMLSignatureFactory.newTransform(String, TransformParameterSpec) line: 312
      WSSecSignature(WSSecSignatureBase).addAttachmentReferences(WSEncryptionPart, DigestMethod, XMLSignatureFactory) line: 298
      WSSecSignature(WSSecSignatureBase).addReferencesToSign(Document, List<WSEncryptionPart>, WSDocInfo, XMLSignatureFactory, boolean, String) line: 119
      WSSecSignature.addReferencesToSign(List<WSEncryptionPart>) line: 426
      WSSecSignature.build(Crypto) line: 400

      Any suggestions on what I can do to work around that issue?

      Thanks, Philip

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            coheigea Colm O hEigeartaigh
            phax Philip Helger

            Dates

              Created:
              Updated:

              Slack

                Issue deployment