1 2 Previous Next 19 Replies Latest reply on Dec 18, 2012 2:03 PM by nickarls

    Unable to exclude JBoss-provided module

    pstackle

      I am having trouble loading the correct version of a class when deploying my EAR file in JBoss AS 7.0.2. My EAR file contains 5 WAR files and 1 JAR file. I have a version of the xml security library that is older than the one included in the jboss/modules directory. My older version of the library is in the EAR's lib directory.

       

      {code}myapp.ear

      |

      |--- web1.war

      |

      |--- web2.war

      |

      |--- web3.war

      |

      |--- web4.war

      |

      |--- web5.war

      |

      |--- ejb1.jar

      |

      |--- lib

           |

           |--- xmlsec-old.jar

      |

      |--- META-INF

           |

           |--- jboss-deployment-structure.xml

       

      {code}

       

       

      I am attempting to load the version of a class out of my version of the library (xmlsec-old.jar) from a servlet in web1.war, but the class's classloader indicates that it loaded the class from the jboss/modules version of the library (jboss/modules/org/apache/santuario/xmlsec)

       

      {code}

          ClassLoader cl = org.apache.xml.security.Init.class.getClassLoader();

          System.out.println("Init's ClassLoader: " + cl.toString());

      {code}

      Output:

      Init's ClassLoader: ModuleClassLoader for Module "org.apache.santuario.xmlsec:main" from local module loader @624b035d (roots: /home/<username>/dev/servers/jboss-as-7.0.2/modules)

       

      Output when I print out the servlet's ClassLoader:

      StartupServlet ClassLoader: ModuleClassLoader for Module "deployment.myapp.ear.web1.war:main" from Service Module Loader

       

       

      Based on what I read about JBoss AS 7 class loading (https://docs.jboss.org/author/display/AS7/Class+Loading+in+AS7)

      I am attempting to use the following xml in my jboss-deployment-structure.xml file in my EAR's META-INF directory.

       

      {code:xml}

      <jboss-deployment-structure>

        <deployment>

          <exclusions>

            <module name="org.apache.santuario.xmlsec" />

          </exclusions>

          <dependencies>

            <module name="deployment.xmlsec" />

            <module name="system">

              <imports>

                <include-set>

                  <path name="sun/security/x509" />

                </include-set>

                <exclude-set>

                  <path name="org/apache/xml/security" />

                </exclude-set>

              </imports>

            </module>

          </dependencies>

        </deployment>

        <module name="deployment.xmlsec">

          <resources>

            <resource-root path="xmlsec-old.jar" />

          </resources>

        </module>

      </jboss-deployment-structure>

      {code}


      My theory is that I am indicating that I want to exclude the santuario.xmlsec module and depend on a new module that I create using my xmlsec-old.jar file. Despite trying a number of different combinations of things, I have been unable to load the correct version of the class. Can anyone point out what I am doing wrong or what else I could try? Thank you.

        • 1. Re: Unable to exclude JBoss-provided module
          beve

          Hi,

           

          I am attempting to load the version of a class out of my version of the library (xmlsec-old.jar) from a servlet in web1.war,

          I think that you need to configure this using the  sub-deployment element for  'web1.war' to excludes the module in question. Can you try something like this:

           

          <sub-deployment name="web1.war">
               <exclusions>
                <module name="org.apache.santuario.xmlsec" />
             </exclusions>
             <dependencies>
                <module name="deployment.xmlsec" />
                <module name="system">
                  <imports>
                    <include-set>
                      <path name="sun/security/x509" />
                    </include-set>
                    <exclude-set>
                      <path name="org/apache/xml/security" />
                    </exclude-set>
                  </imports>
                </module>
              </dependencies>
          </sub-deployment>
          
          

           

           

          Regards,

           

          /Daniel

          • 2. Re: Unable to exclude JBoss-provided module
            pstackle

            Thanks for your reply. I tried your suggestion, but unfortunately, I am still seeing the same behavior where the classloader for the org.apache.xml.security.Init is loading the JBoss module version of the class and not the one included in my EAR file's lib directory.

             

            I also want to use my included library across all of my sub-deployments, not just web1.war, so I thought it made more sense to exclude the module for the whole EAR. Is there a way to configure the classloader so that classes included in the EAR are loaded before JBoss-provided classes? I know in JBoss 5.x there is the java2ParentDelegation flag that you could set in a jboss-app.xml file (http://community.jboss.org/wiki/classloadingconfiguration). Is there an equivalent setting for JBoss 7?

             

            Any ideas as to why setting the module to be excluded in the jboss-deployment-structure.xml file isn't being respected?

             

            Thanks for your help.

            • 3. Re: Unable to exclude JBoss-provided module
              beve

              Would you be able to attach your example or email it to me?

              • 4. Re: Unable to exclude JBoss-provided module
                pstackle

                Here is a very simple EAR file that reproduces the issue.

                 

                Despite having a jboss-deployment-structure.xml file as follows and including my own version of the xmlsec.jar, the org.apache.xml.security.Init class that is being loaded is the one out of the JBoss modules folder.

                 

                <jboss-deployment-structure>
                  <deployment>
                    <exclusions>
                      <module name="org.apache.santuario.xmlsec" />
                    </exclusions>
                    <dependencies>
                      <module name="system">
                        <imports>
                          <include-set>
                            <path name="sun/security/x509" />
                          </include-set>
                          <exclude-set>
                            <path name="org/apache/xml/security" />
                          </exclude-set>
                        </imports>
                      </module>
                    </dependencies>
                  </deployment>
                  <sub-deployment name="web1.war">
                    <exclusions>
                      <module name="org.apache.santuario.xmlsec" />
                    </exclusions>    
                  </sub-deployment>
                </jboss-deployment-structure>
                
                

                 

                Thanks very much for taking the time to help.

                • 5. Re: Unable to exclude JBoss-provided module
                  beve

                  Hi,

                   

                  I've modified jboss-deployment-structure.xml like this:

                   

                  <jboss-deployment-structure>
                    <deployment>
                      <exclusions>
                        <module name="javaee.api" />
                      </exclusions>
                      <dependencies>
                          <module name="org.apache.commons.logging" />
                      </dependencies>
                    </deployment>
                  
                  
                    <sub-deployment name="web1.war">
                      <exclusions>
                        <module name="javaee.api" />
                      </exclusions>    
                  
                      <dependencies>
                          <module name="javaee.api" >
                              <imports>
                                  <exclude-set>
                                      <path name="org/apache/xml/security"/>
                                  </exclude-set>
                              </imports>
                          </module>
                      </dependencies>
                    </sub-deployment>
                  
                  
                  </jboss-deployment-structure>
                  
                  

                   

                  When deploying the updated example.ear I get the following in the server console:

                   

                  11:06:02,916 INFO  [org.jboss.as.webservices.service.EndpointService] (MSC service thread 1-4) Starting service jboss.ws.endpoint.web1.Registration
                  11:06:02,933 INFO  [stdout] (MSC service thread 1-2) 2011-11-23 11:06:02,931 [MSC service thread 1-2] INFO  com.example.servlet.StartupServlet - init() initial startup
                  11:06:02,933 INFO  [stdout] (MSC service thread 1-2) 
                  11:06:02,935 INFO  [stdout] (MSC service thread 1-2) 
                  11:06:02,935 INFO  [stdout] (MSC service thread 1-2) -------------------
                  11:06:02,936 INFO  [stdout] (MSC service thread 1-2) 
                  11:06:02,936 INFO  [stdout] (MSC service thread 1-2) 
                  11:06:02,937 INFO  [stdout] (MSC service thread 1-2) Attempting to configure xml-security using config: /config/scm-xml-sec.xml
                  11:06:02,937 INFO  [stdout] (MSC service thread 1-2) SCMFactory ClassLoader: ModuleClassLoader for Module "deployment.example.ear:main" from Service Module Loader
                  11:06:02,938 INFO  [stdout] (MSC service thread 1-2) SCMFactory class's resource: vfs:/content/example.ear/lib/util.jar/config/scm-xml-sec.xml
                  11:06:02,938 INFO  [stdout] (MSC service thread 1-2) SCMFactory class's ClassLoader resource: vfs:/content/example.ear/lib/util.jar/config/scm-xml-sec.xml
                  11:06:02,938 INFO  [stdout] (MSC service thread 1-2) Init ClassLoader: ModuleClassLoader for Module "deployment.example.ear:main" from Service Module Loader
                  11:06:02,939 INFO  [stdout] (MSC service thread 1-2) Init class's resource: vfs:/content/example.ear/lib/util.jar/config/scm-xml-sec.xml
                  11:06:02,939 INFO  [stdout] (MSC service thread 1-2) Init class's classloader's resource: vfs:/content/example.ear/lib/util.jar/config/scm-xml-sec.xml
                  11:06:02,939 INFO  [stdout] (MSC service thread 1-2) StartupServlet ClassLoader: ModuleClassLoader for Module "deployment.example.ear.web1.war:main" from Service Module Loader
                  11:06:02,939 INFO  [stdout] (MSC service thread 1-2) StartupServlet class's resource: vfs:/content/example.ear/lib/util.jar/config/scm-xml-sec.xml
                  11:06:02,939 INFO  [stdout] (MSC service thread 1-2) StartupServlet class's classloader's resource: vfs:/content/example.ear/lib/util.jar/config/scm-xml-sec.xml
                  11:06:02,939 INFO  [stdout] (MSC service thread 1-2) 
                  11:06:02,939 INFO  [stdout] (MSC service thread 1-2) 
                  11:06:02,939 INFO  [stdout] (MSC service thread 1-2) -------------------
                  
                  

                   

                  Can you give this a try and see if it works for you?

                   

                  Regards,

                   

                  /Daniel

                  • 6. Re: Unable to exclude JBoss-provided module
                    pstackle

                    Thanks so much! That seems to have fixed that issue.

                    • 7. Re: Unable to exclude JBoss-provided module
                      phantom_john

                      Just for whoever later on landed on this topic, here is another little cleaner solution (no need to tweak the WAR sub-deployment):

                       

                       

                      {code:xml}

                      <?xml version="1.0" encoding="UTF-8"?>

                       

                      <jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.1">

                       

                          <ear-subdeployments-isolated>true</ear-subdeployments-isolated>

                       

                          <deployment>

                              <dependencies>

                                  <module name="deployment.javaee.api" />

                              </dependencies>

                       

                              <exclusions>

                                  <module name="javaee.api" />

                              </exclusions>

                          </deployment>

                       

                          <module name="deployment.javaee.api">

                              <dependencies>

                                  <module name="javaee.api" export="true">

                                      <imports>

                                          <exclude path="org/apache/xml/security/**" />

                                      </imports>

                                  </module>

                              </dependencies>

                          </module>

                       

                      </jboss-deployment-structure>

                      {code}

                       

                       

                      That is tested on JBoss AS 7.1.1.Final

                      • 8. Re: Unable to exclude JBoss-provided module
                        phantom_john

                        Furthermore, modifying the module.xml of module javaee.api as follows would eliminate the necessity of using the jboss-deployment-structure.xml in this case.

                         

                        {code:xml}

                        ...

                                <module name="org.apache.santuario.xmlsec" export="true">

                                    <exports>

                                        <include-set>

                                            <path name="javax/xml/crypto"/>

                                            <path name="javax/xml/crypto/dom"/>

                                            <path name="javax/xml/crypto/dsig"/>

                                            <path name="javax/xml/crypto/dsig/dom"/>

                                            <path name="javax/xml/crypto/dsig/keyinfo"/>

                                            <path name="javax/xml/crypto/dsig/spec"/>

                                        </include-set>

                                        <exclude path="org/apache/xml/security/**" /> <!-- Added to explicitly exclude classes in org.apache.xml.security and its sub-packages -->

                                    </exports>

                                </module>

                        ...

                        {code}

                         

                        • 9. Re: Unable to exclude JBoss-provided module
                          stijnvp

                          I'm having the same problem but the resolutions in this post didn't fix mine

                           

                          I've still got this exception:

                           

                           

                          Caused by: java.lang.NoSuchMethodError: org.apache.xml.security.keys.KeyInfo.init()V

                               at org.apache.xml.security.Init.init(Unknown Source) [xmlsec-1.3.0.jar:]

                               at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:72) [wss4j-1.5.1.jar:]

                               at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:95) [wss4j-1.5.1.jar:]

                               at org.apache.ws.security.WSSConfig.<clinit>(WSSConfig.java:47) [wss4j-1.5.1.jar:]

                               at org.apache.ws.security.WSSecurityEngine.<clinit>(WSSecurityEngine.java:51) [wss4j-1.5.1.jar:]

                               at org.apache.ws.security.handler.WSHandler.<clinit>(WSHandler.java:62) [wss4j-1.5.1.jar:]

                           

                           

                           

                          And my jboss-deployment-structure.xml looks like this:

                           

                          <?xml version="1.0" encoding="UTF-8"?>

                          <jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.1">

                                    <deployment>

                                              <!-- Exclusions allow you to prevent the server from automatically adding

                                                        some dependencies -->

                                              <exclusions>

                                                        <module name="org.apache.log4j" />

                                                        <module name="org.jboss.logging" />

                                                        <module name="org.jboss.logging.jul-to-slf4j-stub" />

                                                        <module name="org.jboss.logmanager" />

                                                        <module name="org.jboss.logmanager.log4j" />

                                                        <module name="org.slf4j" />

                                                        <module name="javaee.api" />

                                                        <module name="org.apache.santuario.xmlsec" />

                                              </exclusions>

                           

                           

                                              <dependencies>

                                                        <module name="javaee.api">

                                                                  <imports>

                                                                            <exclude-set>

                                                                                      <path name="org/apache/xml/security" />

                                                                                      <path name="org/apache/ws/security" />

                                                                            </exclude-set>

                                                                  </imports>

                                                        </module>

                                              </dependencies>

                           

                           

                                    </deployment>

                          </jboss-deployment-structure>

                           

                           

                          Whats the point of adding the /** after the exclude set math names? They give me a different result:

                           

                          Caused by: java.lang.NoSuchMethodError: org.apache.xml.security.transforms.Transform.init()V
                          at org
                          .apache.ws.security.WSSConfig.<init>(WSSConfig.java:81) [wss4j-1.5.1.jar:]
                          at org
                          .apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:95) [wss4j-1.5.1.jar:]
                          at org
                          .apache.ws.security.WSSConfig.<clinit>(WSSConfig.java:47) [wss4j-1.5.1.jar:]
                          at org
                          .apache.ws.security.WSSecurityEngine.<clinit>(WSSecurityEngine.java:51) [wss4j-1.5.1.jar:]
                          at org
                          .apache.ws.security.handler.WSHandler.<clinit>(WSHandler.java:62) [wss4j-1.5.1.jar:]
                          at com
                          .realdolmen.forens2.service.kbo.impl.KBOConsultServiceImpl.signRequest(KBOConsultServiceI

                          • 10. Re: Unable to exclude JBoss-provided module
                            nickarls

                            The * is probably all files in the package while /** is all files in package and recursive subpackages.

                             

                            You are apparently still picking up mixing versions since the class is found but the method is not.

                            • 11. Re: Unable to exclude JBoss-provided module
                              stijnvp

                              Is it possible to see all the modules who are loaded for my application?

                              • 12. Re: Unable to exclude JBoss-provided module
                                nickarls

                                if you crank up the jboss modules log levels to trace, I would guess it shows them.

                                • 13. Re: Unable to exclude JBoss-provided module
                                  stijnvp

                                  Based on the comments from above I've tried this approach

                                   

                                   

                                  <?xml version="1.0" encoding="UTF-8"?>

                                  <jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.1">

                                            <deployment>

                                                      <!-- Exclusions allow you to prevent the server from automatically adding

                                                                some dependencies -->

                                                      <exclusions>

                                                                <module name="org.apache.log4j" />

                                                                <module name="org.jboss.logging" />

                                                                <module name="org.jboss.logging.jul-to-slf4j-stub" />

                                                                <module name="org.jboss.logmanager" />

                                                                <module name="org.jboss.logmanager.log4j" />

                                                                <module name="org.slf4j" />

                                                                <module name="javaee.api" />

                                                                <module name="org.apache.santuario.xmlsec" />

                                                      </exclusions>

                                   

                                   

                                                      <dependencies>

                                                                <module name="deployment.javaee.api" />

                                                      </dependencies>

                                   

                                   

                                            </deployment>

                                   

                                   

                                   

                                   

                                            <module name="deployment.javaee.api">

                                                      <dependencies>

                                                                <module name="javaee.api" export="true">

                                                                          <imports>

                                                                                    <exclude path="org/apache/xml/security/**" />

                                                                                    <exclude path="org/apache/xs/security/**" />

                                                                          </imports>

                                                                </module>

                                                      </dependencies>

                                            </module>

                                   

                                   

                                  </jboss-deployment-structure>

                                   

                                   

                                  Which results in

                                   

                                  Original Exception was java.lang.NullPointerException

                                            at org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(Unknown Source) [xmlsec-1.3.0.jar:]

                                            at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:331) [wss4j-1.5.1.jar:]

                                            at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:703) [wss4j-1.5.1.jar:]

                                            at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:54) [wss4j-1.5.1.jar:]

                                            at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:192) [wss4j-1.5.1.jar:]

                                            at org.codehaus.xfire.security.wss4j.WSS4JOutHandler.invoke(WSS4JOutHandler.java:158) [xfire-all-1.2.6.jar:]

                                   

                                   

                                  :-(

                                  • 14. Re: Unable to exclude JBoss-provided module
                                    nickarls

                                    Attach output from jar -tf for all the deployment archives, you might have some extra stuff in there (e.g. WS-related jars) included that interfere with the server-side-versions.

                                    1 2 Previous Next