[OpenSAML] OpenSAML/ Weblogic exception -> NoClassDefFoundError: org/apache/xml/security/Init exception

2,405 views
Skip to first unread message

Michael

unread,
Jan 10, 2011, 5:06:17 PM1/10/11
to mace-open...@internet2.edu
Hello
I am running into a problem when trying to sign the SAML assertion on WebLogic
10.3. The application deployes as a war file.
Here is the exception:
java.lang.NoClassDefFoundError: org/apache/xml/security/Init
at
org.opensaml.DefaultBootstrap.initializeXMLSecurity(DefaultBootstrap.java:103)

at org.opensaml.DefaultBootstrap.bootstrap(DefaultBootstrap.java:79)
at servlets.CreateRequestServlet.(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
.........

This exception occurs when DefaultBootstrap attempts to load a default
configuration:
DefaultBootstrap.bootstrap();

I did some home work - I tried all fixes that were mentioned on the different
forums:
I created endorsed directories under the jre/lib and copied there the
following jares:
opensaml-2.2.3.jar
resolver-2.9.1.jar
serializer-2.7.1.jar
xalan-2.7.1.jar
xercesImpl-2.9.1.jar
xml-apis-2.9.1.jar
xmlsec-2.0.jar
I attached these jares to the classpath in the startWeblogic script and have
added the weblogic.class.path property with all nessessary jars attached to
it.
Also I added the following jars to the WEB-INF/lib folder:
catalina-root.jar
commons-codec-1.3.jar
jdom.jar
opensaml-2.2.3.jar
xmldsig.jar
xmlsec-2.0.jar
xmltooling-1.2.0.jar
and updated weblogic.xml with the following part:
<wls:container-descriptor>
<wls:prefer-web-inf-classes>true</wls:prefer-web-inf-classes>
</wls:container-descriptor>
All these attempts led me to the same result - runtime exception.
At this point I think that I need help to resolve this issue.

Please, help... I am running out of time ...

Thank you,

Michael

Chad La Joie

unread,
Jan 10, 2011, 5:09:43 PM1/10/11
to mace-open...@internet2.edu
If you are starting a new topic please don't respond to an existing thread.

What you're seeing is a classpath issues. Be sure that all the jars
bundled with opensaml are on the classpath. In particular the xmlsec
jar contains the class you're seeing in the error. I have no experience
with WebLogic so I have no idea how you do that.

Also, in regards to endorsement, you should only have the jars located
in the "endorsed" directory that comes with OpenSAML within your
JVM/container endorsed directory. Copying everything over is not a good
thing and will likely lead to other errors.

--
Chad La Joie
http://itumi.biz
trusted identities, delivered

Brent Putman

unread,
Jan 10, 2011, 6:51:24 PM1/10/11
to mace-open...@internet2.edu


> Also I added the following jars to the WEB-INF/lib folder:
> catalina-root.jar
> commons-codec-1.3.jar
> jdom.jar
> opensaml-2.2.3.jar
> xmldsig.jar
> xmlsec-2.0.jar
> xmltooling-1.2.0.jar
> and updated weblogic.xml with the following part:
> <wls:container-descriptor>
> <wls:prefer-web-inf-classes>true</wls:prefer-web-inf-classes>
> </wls:container-descriptor>
> All these attempts led me to the same result - runtime exception.
> At this point I think that I need help to resolve this issue.

IIRC, the prefer-web-inf-classes = true means in general you want to
load your app-specific jars in you webapp WEB-INF/lib. That's could. I
think that's preferable.

In that case, to reiterate what Chad said all 20+ (approximately) jars
shipped in the OpenSAML dist's /lib directory need to be added to your
webapp's WEB-INF/lib (and not to any endorsed directory, only the ones
we indicate as such should be endoresed). The above list isn't remotely
complete, I think you're missing a bunch.

But in particular you list:

xmldsig.jar
xmlsec-2.0.jar


I'm not sure what xmldsig.jar is (unless it's maybe a JSR-106 Security
provider jar? which you don't need at all). And the version on the
xmlsec-2.0.jar can not be right, if that is in fact supposed to be the
jar from the Apache Santuario project. There is no v2.0 of that. The
absolute latest release is 1.4.4. I checked and opensaml 2.2.3 which
you are using shipped with xmlsec-1.4.2.jar.

So your dependencies appear to be incomplete and/or messed up. I'd
reassess what you are doing and start over...

Brent Putman

unread,
Jan 10, 2011, 6:56:27 PM1/10/11
to mace-open...@internet2.edu

On 1/10/11 6:51 PM, Brent Putman wrote:
>
> I'm not sure what xmldsig.jar is (unless it's maybe a JSR-106 Security
> provider jar? which you don't need at all).

Meant to say JSR-105 - that was for XML signature. JSR-106 was for XML
Encryption.

Reply all
Reply to author
Forward
0 new messages