11 Replies Latest reply on Jun 1, 2015 11:14 AM by pmm

    WildFly 8.2 classloading?

    wesssel

      Hey guys,

       

      When deploying my .war to WF 8.2 I get the following exception:

       

      Caused by: java.lang.RuntimeException: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'messageSource' defined in ServletContext resource [/WEB-INF/classes/odm-i18n.xml]: Unsatisfied dependency expressed through bean property 'bundleClassLoader': : Error loading class [org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy] for bean with name 'sas' defined in ServletContext resource [/WEB-INF/classes/odm-security.xml]: problem with class file or dependent class; nested exception is java.lang.IllegalAccessError: class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy cannot access its superclass org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Error loading class [org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy] for bean with name 'sas' defined in ServletContext resource [/WEB-INF/classes/odm-security.xml]: problem with class file or dependent class; nested exception is java.lang.IllegalAccessError: class org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy cannot access its superclass org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

       

      The war worked fine in EAP 6.3 / Tomcat6/7/8, and the code base is unchanged.

       

      Any clues? I'm thinking it has to do with a different method of classloading.

       

      Thanks in advance.

        • 1. Re: WildFly 8.2 classloading?
          wesssel

          I've checked the spring-security-web.jar and it actually has the classes in the same package. What could be going wrong here?

          • 2. Re: WildFly 8.2 classloading?
            pmm

            org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy cannot access its superclass org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy

             

            this is really strange, they should even be in the same JAR

            • 3. Re: WildFly 8.2 classloading?
              jaikiran

              It's possible that one of those classes was loaded by a different classloader than the one trying to load the other one. Enabling TRACE logging of org.jboss.modules package might give some hints.

              • 4. Re: WildFly 8.2 classloading?
                wesssel

                I will try this, however after reading Class Loading in WildFly - WildFly 8 - Project Documentation Editor I suspect this not to be the case. "The war is considered to be a single module, so classes defined in WEB-INF/lib are treated the same as classes in WEB-INF/classes. All classes packaged in the war will be loaded with the same class loader."

                • 5. Re: WildFly 8.2 classloading?
                  wesssel

                  It seems that the same class loader is loading them:

                   

                  2015-05-21 16:16:10,731 TRACE [org.jboss.modules] (MSC service thread 1-3) Loading class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy locally from Module "deployment.odm.war:main" from Service Module Loader

                  2015-05-21 16:16:10,741 TRACE [org.jboss.modules] (MSC service thread 1-3) Defined class org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy in Module "deployment.odm.war:main" from Service Module Loader

                   

                   

                  2015-05-21 16:16:15,537 TRACE [org.jboss.modules] (MSC service thread 1-3) Attempting to find resource org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.class in Module "deployment.odm.war:main" from Service Module Loader

                  • 6. Re: WildFly 8.2 classloading?
                    wesssel

                    Anyone have any suggestions on things to try to get this working / figure out the cause of the problem?

                    • 7. Re: WildFly 8.2 classloading?
                      pmm

                      Yes, basically you have to debug the classloading (this is going to suck). Write a servlet that contains the following code:

                       

                      ClassLoader loader1 = Class.forName("org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy", false, this.getClass().getClassLoader()).getClassLoader();
                      ClassLoader loader2 = Class.forName("org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy", false, this.getClass().getClassLoader()).getClassLoader();
                      

                       

                      Inspect the two class loaders. They should be the same and point to the same jar in WEB-INF/lib. It may be that this code actually triggers the same exception. In this case you have to use the debugger to figure out the defining classloader of SessionFixationProtectionStrategy and AbstractSessionFixationProtectionStrategy.

                      • 8. Re: WildFly 8.2 classloading?
                        wesssel

                        When debugging I see the same class loader loading both classes.

                        • 9. Re: WildFly 8.2 classloading?
                          pmm

                          Can you inspect it? Do you see to which JAR it "points"?

                          • 10. Re: WildFly 8.2 classloading?
                            wesssel

                            Bit of a learning curve here, I'll try to inspect the objects further.

                            • 11. Re: WildFly 8.2 classloading?
                              pmm

                              The easiest way to inspect the objects is in a debugger (Eclipse, IntelliJ, Netbeans). Also can you check if the following code in the servlet

                               

                              System.out.println(SessionFixationProtectionStrategy.class);

                               

                              Reproduces the exception?