You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Freeman Yue Fang (Jira)" <ji...@apache.org> on 2021/07/21 17:49:00 UTC

[jira] [Commented] (CXF-8566) cxf-ws-rt-security & ehcache

    [ https://issues.apache.org/jira/browse/CXF-8566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17385023#comment-17385023 ] 

Freeman Yue Fang commented on CXF-8566:
---------------------------------------

Hi [~jgreffe],

Thanks for bringing this up.

This kind of message generally means that class org.apache.cxf.ws.security.tokenstore.SecurityToken are loaded by different classloaders, which means normally you have two bundles in Karaf container which both contain the org.apache.cxf.ws.security.tokenstore.SecurityToken class.

Could I get a reproducer?

Thanks!
Freeman

> cxf-ws-rt-security & ehcache
> ----------------------------
>
>                 Key: CXF-8566
>                 URL: https://issues.apache.org/jira/browse/CXF-8566
>             Project: CXF
>          Issue Type: Bug
>          Components: OSGi
>    Affects Versions: 3.4.3
>            Reporter: Julien Greffe
>            Assignee: Freeman Yue Fang
>            Priority: Major
>
> Hello,
> during some tests in Karaf container, we faced this exception
> {code}
> Caused by: java.lang.IllegalArgumentException: CacheTemplate 'org.apache.cxf.ws.security.tokenstore.TokenStore' declares value type of org.apache.cxf.ws.security.tokenstore.SecurityToken. Provided: class org.apache.cxf.ws.security.tokenstore.SecurityToken
> 	at org.ehcache.xml.ConfigurationParser.checkTemplateTypeConsistency(ConfigurationParser.java:279) ~[bundleFile:3.8.1 a19322e8d4b3f7157e878112c2afc0b6e3090fdd]
> 	at org.ehcache.xml.ConfigurationParser.access$000(ConfigurationParser.java:108) ~[bundleFile:3.8.1 a19322e8d4b3f7157e878112c2afc0b6e3090fdd]
> 	at org.ehcache.xml.ConfigurationParser$1.builderFor(ConfigurationParser.java:255) ~[bundleFile:3.8.1 a19322e8d4b3f7157e878112c2afc0b6e3090fdd]
> 	at org.ehcache.xml.XmlConfiguration.newCacheConfigurationBuilderFromTemplate(XmlConfiguration.java:277) ~[bundleFile:3.8.1 a19322e8d4b3f7157e878112c2afc0b6e3090fdd]
> 	at org.apache.cxf.ws.security.tokenstore.EHCacheTokenStore.<init>(EHCacheTokenStore.java:66) ~[bundleFile:3.4.3]
> 	at org.apache.cxf.ws.security.tokenstore.EHCacheTokenStoreFactory.newTokenStore(EHCacheTokenStoreFactory.java:45) ~[bundleFile:3.4.3]
> 	at org.apache.cxf.ws.security.tokenstore.TokenStoreUtils.getTokenStore(TokenStoreUtils.java:58) ~[bundleFile:3.4.3]
> 	at org.apache.cxf.ws.security.trust.DefaultSTSTokenCacher.storeToken(DefaultSTSTokenCacher.java:103) ~[bundleFile:3.4.3]
> 	at org.apache.cxf.ws.security.trust.STSTokenRetriever.getToken(STSTokenRetriever.java:117) ~[bundleFile:3.4.3]
> 	... 18 more
> {code}
>  
> It seems it's due to different class loaders for classes {{XmlConfiguration}} and {{SecurityToken.}}
> I tried to force the {{cacheClassLoaders}} from {{ehcache}} in {{EHCacheTokenStore}} (https://github.com/apache/cxf/blob/9387c3f65862bbe9356457ad4c111eda852fcc90/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/EHCacheTokenStore.java#L56-L76)
> {code:java}
> try {
>             // Exclude the endpoint info bit added in TokenStoreUtils when getting the template name
>             String template = key;
>             if (template.contains("-")) {
>                 template = key.substring(0, key.lastIndexOf('-'));
>             }
>             Map<String, ClassLoader> cacheClassLoaders = new HashMap<>();
>             cacheClassLoaders.put(template, SecurityToken.class.getClassLoader());
>             XmlConfiguration xmlConfig = new XmlConfiguration(configFileURL, ClassLoading.getDefaultClassLoader(),
>                     cacheClassLoaders);
>             CacheConfigurationBuilder<String, SecurityToken> configurationBuilder =
>                     xmlConfig.newCacheConfigurationBuilderFromTemplate(template,
>                             String.class, SecurityToken.class);
>             cacheManager = CacheManagerBuilder.newCacheManagerBuilder().withCache(key, configurationBuilder).build();
>             cacheManager.init();
>             cache = cacheManager.getCache(key, String.class, SecurityToken.class);
>         } catch (Exception e) {
>             throw new TokenStoreException(e);
>         }
> {code}
>  It seems to resolve the issue, but I'm not sure about the proper implementation, and the unit tests to set (?)
> Thanks,



--
This message was sent by Atlassian Jira
(v8.3.4#803005)