[
https://issues.apache.org/jira/browse/WSS-273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13028075#comment-13028075
]
Jeremy Tadman commented on WSS-273:
-----------------------------------
Fun times with the classloader.
It would seem that the classloader used to load the a JCE provider is what will
be used by that provider's implementation. This means that when you add a JCE
provider in application code and then restart the application, the provider
keeps a reference to the old application instance's classloader. This causes
some interesting side effects when doing an "instanceof" inside the STR
provider. There are two different classes called
"org.jcp.xml.dsig.internal.dom.DOMSubTreeData", one in the old classloader and
one in the new. The solution I've found to that is to remove the STRTransform
JCE provider before adding it.
i.e.
Security.removeProvider("STRTransform");
WSSConfig.setAddJceProviders(false);
WSSConfig.addJceProvider("XMLDSig",
"org.jcp.xml.dsig.internal.dom.XMLDSigRI"); // Add the XMLDSig provider in
position 2 in the provider list
WSSConfig.addJceProvider("BC",
"org.bouncycastle.jce.provider.BouncyCastleProvider"); // Add the BC provider
in position 2 in the provider list (makes XMLDSig go to position 3)
WSSConfig.appendJceProvider("STRTransform", new
org.apache.ws.security.transform.STRTransformProvider());
I'm surprised this doesn't happen on other platforms as well.
> org.apache.ws.security.transform.STRTransform causes ClassCastException when
> wss4j is running on IBM 1.6 JVM
> -------------------------------------------------------------------------------------------------------------
>
> Key: WSS-273
> URL: https://issues.apache.org/jira/browse/WSS-273
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.6
> Environment: Windows XP, IBM 1.6 JVM
> Reporter: Pär-Johan Lif
> Assignee: Colm O hEigeartaigh
>
> I have tried to use wss4j1.6 (alpha version) on IBM's 1.6 JVM. It works fine,
> except for when we are getting a SOAP-message where an STRTransform is used.
> Then we get the following exception below. (I should mention that it works
> on SUN's 1.6 JVM).
> java.lang.ClassCastException: org.apache.ws.security.transform.STRTransform
> incompatible with com.ibm.xml.crypto.dsig.dom.transform.TransformBase
> at
> com.ibm.xml.crypto.dsig.dom.Unmarshalling.unmarshalTransform(Unmarshalling.java:446)
> at
> com.ibm.xml.crypto.dsig.dom.Unmarshalling.unmarshalTransforms(Unmarshalling.java:422)
> at
> com.ibm.xml.crypto.dsig.dom.Unmarshalling.unmarshalReference(Unmarshalling.java:358)
> at
> com.ibm.xml.crypto.dsig.dom.Unmarshalling.unmarshalSignedInfo(Unmarshalling.java:272)
> at
> com.ibm.xml.crypto.dsig.dom.Unmarshalling.unmarshalSignature(Unmarshalling.java:196)
> at
> com.ibm.xml.crypto.dsig.dom.Unmarshalling.unmarshal(Unmarshalling.java:96)
> at
> com.ibm.xml.crypto.dsig.dom.FactoryImpl.unmarshalXMLSignature(FactoryImpl.java:217)
> at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:323)
> at
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:165)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:303)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:231)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:185)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
