I'm experiencing a version incompatibility between the XMLSEC (Santuario) and XALAN libraries used by Jboss. The error comes at the point where XMLSEC attempts to instatiate an XpathContext object. The XpathContext, in urn, has a private DTMManager which is being created by newInstance(). The newInstance returns an instance of org.apache.xml.dtm.ref.DTMManagerDefault which canot be cast to org.apache.xml.dtm.DTMManager. The XMLSecurityRuntimeException forgets to mention the original cause of ClassCastException.
So, I'd rather use my own versions of XMLSEC and XALAN. I saw how JBoss uses it's own version of XMLSEC. It even replaces the version incorporated into the JDK. Here is the snippet from definition of javaee.api
|<module name="org.apache.santuario.xmlsec" export="true">|
I read the advice given at https://community.jboss.org/message/637818
So, I tried my hand. In jboss-deployment-structure.xml I excluded the XmlSec used by Jboss
<module name="org.apache.xalan" />
<module name="javaee.api" >
For some reason, it did not work. I can still see in the stack trace xmlsec.1.5.1 which is the JBoss version