7 Replies Latest reply on May 29, 2015 2:40 AM by Alessio Soldano

    OpenSAML classloading issue

    Frank Cornelis Apprentice



      Seems like there are some classloading issues when trying to use OpenSAML to construct an STS and at the same time (within the same WAR) doing a SAML Browser POST using OpenSAML.

      I can only get one of the two stable. For example, if I embed OpenSAML within my WAR, I get the following STS error:

      loader constraint violation: when resolving method "org.apache.ws.security.saml.ext.AssertionWrapper.getSaml2()Lorg/opensaml/saml2/core/Assertion;"

      If I don't embed OpenSAML within my WAR, then the Browser POST explodes with:

      java.lang.ClassNotFoundException: org.apache.velocity.app.Velocity from [Module "org.opensaml:main" from local module loader 

      I tried to "fix" org/opensaml/main/module.xml to include velocity, xerces, servlet api, esapi, bcprov, but I still get weird exceptions.

      As work-around I'll do my own SAML library just using JAXB and JSR 105. Anyway, using OpenSAML should not be this painful, so maybe someone from JBoss can dive into this classloading issue.

      Although JBoss EAP 6/WildFly is already far less painful as it comes to classloading issues (compared to JBoss AS 5/6), the fight continues for libraries that nest themselves rather deep (via META-INF/services loading, or security providers). Isn't there really a solution to get rid of classloading issues within Java once and for all?


      Kind Regards,