You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Freeman Yue Fang (Jira)" <ji...@apache.org> on 2021/07/21 17:49:00 UTC
[jira] [Commented] (CXF-8566) cxf-ws-rt-security & ehcache
[ https://issues.apache.org/jira/browse/CXF-8566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17385023#comment-17385023 ]
Freeman Yue Fang commented on CXF-8566:
---------------------------------------
Hi [~jgreffe],
Thanks for bringing this up.
This kind of message generally means that class org.apache.cxf.ws.security.tokenstore.SecurityToken are loaded by different classloaders, which means normally you have two bundles in Karaf container which both contain the org.apache.cxf.ws.security.tokenstore.SecurityToken class.
Could I get a reproducer?
Thanks!
Freeman
> cxf-ws-rt-security & ehcache
> ----------------------------
>
> Key: CXF-8566
> URL: https://issues.apache.org/jira/browse/CXF-8566
> Project: CXF
> Issue Type: Bug
> Components: OSGi
> Affects Versions: 3.4.3
> Reporter: Julien Greffe
> Assignee: Freeman Yue Fang
> Priority: Major
>
> Hello,
> during some tests in Karaf container, we faced this exception
> {code}
> Caused by: java.lang.IllegalArgumentException: CacheTemplate 'org.apache.cxf.ws.security.tokenstore.TokenStore' declares value type of org.apache.cxf.ws.security.tokenstore.SecurityToken. Provided: class org.apache.cxf.ws.security.tokenstore.SecurityToken
> at org.ehcache.xml.ConfigurationParser.checkTemplateTypeConsistency(ConfigurationParser.java:279) ~[bundleFile:3.8.1 a19322e8d4b3f7157e878112c2afc0b6e3090fdd]
> at org.ehcache.xml.ConfigurationParser.access$000(ConfigurationParser.java:108) ~[bundleFile:3.8.1 a19322e8d4b3f7157e878112c2afc0b6e3090fdd]
> at org.ehcache.xml.ConfigurationParser$1.builderFor(ConfigurationParser.java:255) ~[bundleFile:3.8.1 a19322e8d4b3f7157e878112c2afc0b6e3090fdd]
> at org.ehcache.xml.XmlConfiguration.newCacheConfigurationBuilderFromTemplate(XmlConfiguration.java:277) ~[bundleFile:3.8.1 a19322e8d4b3f7157e878112c2afc0b6e3090fdd]
> at org.apache.cxf.ws.security.tokenstore.EHCacheTokenStore.<init>(EHCacheTokenStore.java:66) ~[bundleFile:3.4.3]
> at org.apache.cxf.ws.security.tokenstore.EHCacheTokenStoreFactory.newTokenStore(EHCacheTokenStoreFactory.java:45) ~[bundleFile:3.4.3]
> at org.apache.cxf.ws.security.tokenstore.TokenStoreUtils.getTokenStore(TokenStoreUtils.java:58) ~[bundleFile:3.4.3]
> at org.apache.cxf.ws.security.trust.DefaultSTSTokenCacher.storeToken(DefaultSTSTokenCacher.java:103) ~[bundleFile:3.4.3]
> at org.apache.cxf.ws.security.trust.STSTokenRetriever.getToken(STSTokenRetriever.java:117) ~[bundleFile:3.4.3]
> ... 18 more
> {code}
>
> It seems it's due to different class loaders for classes {{XmlConfiguration}} and {{SecurityToken.}}
> I tried to force the {{cacheClassLoaders}} from {{ehcache}} in {{EHCacheTokenStore}} (https://github.com/apache/cxf/blob/9387c3f65862bbe9356457ad4c111eda852fcc90/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java#L56-L76)
> {code:java}
> try {
> // Exclude the endpoint info bit added in TokenStoreUtils when getting the template name
> String template = key;
> if (template.contains("-")) {
> template = key.substring(0, key.lastIndexOf('-'));
> }
> Map<String, ClassLoader> cacheClassLoaders = new HashMap<>();
> cacheClassLoaders.put(template, SecurityToken.class.getClassLoader());
> XmlConfiguration xmlConfig = new XmlConfiguration(configFileURL, ClassLoading.getDefaultClassLoader(),
> cacheClassLoaders);
> CacheConfigurationBuilder<String, SecurityToken> configurationBuilder =
> xmlConfig.newCacheConfigurationBuilderFromTemplate(template,
> String.class, SecurityToken.class);
> cacheManager = CacheManagerBuilder.newCacheManagerBuilder().withCache(key, configurationBuilder).build();
> cacheManager.init();
> cache = cacheManager.getCache(key, String.class, SecurityToken.class);
> } catch (Exception e) {
> throw new TokenStoreException(e);
> }
> {code}
> It seems to resolve the issue, but I'm not sure about the proper implementation, and the unit tests to set (?)
> Thanks,
--
This message was sent by Atlassian Jira
(v8.3.4#803005)