I have two WARs deployed to the same Tomcat 7 instance, and both use CXF + WSS4J. The two apps communicate via SOAP, and WSS4J interceptors handle SAML assertions in the SOAP headers. When testing each war in isolation everything works fine, but when both apps are deployed and one app sends a SOAP message to the other, I receive the following ClassCastException:
java.lang.ClassCastException: org.apache.ws.security.WSDocInfo cannot be cast to org.apache.ws.security.WSDocInfo
To me, this implies a class loader issue, but what in specific I cant figure out. Each app has its own copy of WSS4J in their respective WEB-INF/lib folders, and I don't see any WSS4J library in Tomcat's common libraries.
In production these two apps will most likely never use the same JVM let al开发者_StackOverflow社区one be in the same Tomcat instance, but I will feel more comfortable when I get to the bottom of this issue. It also helps to launch both apps from the same Tomcat instance in development. Does anyone have any ideas what the issue might be?
UPDATE 1: I deployed each war in separate Tomcat instances that both use the same JVM and the ClassCastException goes away. Must be something I don't understand with Tomcat class loading?
From the WSS4J issue tracker:
https://issues.apache.org/jira/browse/WSS-282
STRTransform JCE provider throws java.lang.ClassCastException: org.jcp.xml.dsig.internal.dom.DOMSubTreeData incompatible with javax.xml.crypto.OctetStreamData in Websphere
Affected versions: 1.6
Ick...
精彩评论