1 Reply Latest reply on Apr 9, 2019 6:46 AM by lostiniceland

    [Wildfly 14] NoClassDefFoundError when using EE 8 Security-API

    lostiniceland

      Hello everyone

       

      I wanted to make use of the new JavaEE 8 Security-API. Therefore I implemented a custom javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism as  well as a javax.security.enterprise.CallerPrincipal.

       

      However, when running Wildfly 14 with my WAR, I get a NoClassDefFoundError during deployment for both API-types (HttpAuthenticationMechanism, CallerPrincipal).

      I've also added jboss-web.xml to activate the feature as mentioned in this post:

       

         jaspitest
      
      

       

      I wonder why Widlfy cannot link those files, since the JBoss-Module is available in my installation under <wildfly-install>\modules\system\layers\base\javax\security\enterprise\api\main and the jar contained within this module contains those classes.

      Am I missing something in order to make this module available to my WAR? Since it is JavaEE 8 I expected it to work out of the box.

       

      EDIT: what I find interesting is, that the deployment still continues. I would expect it to fail. Since it succeeded I tried to access my resource but then I get the following exception (but I guess since is just a followup because the custom authentication cannot be created)

       

      12:27:11,794 ERROR [org.jboss.security] (default task-1) [//] PBOX00374: Error getting ServerAuthContext for authContextId default-host /myroot and security domain jaspitest: javax.security.auth.message.AuthException

       

      regards

      Marc

        • 1. Re: [Wildfly 14] NoClassDefFoundError when using EE 8 Security-API
          lostiniceland

          Well, after adding the following dependencies to my WAR it is working.

           

          <dependency>

              <groupId>org.glassfish.soteria</groupId>

              <artifactId>javax.security.enterprise</artifactId>

              <version>1.0</version>

          </dependency>

          <dependency>

              <groupId>javax.security.enterprise</groupId>

              <artifactId>javax.security.enterprise-api</artifactId>

              <version>1.0</version>

          </dependency>

           

          This doesnt look right. Especially the api-jar should not be necessary in my application when using the javaee-8 full-profile dependency.