CXF 2.7.14 + WSS4J + Websphere 7 ClassCastExceptio

we are using WSS4JOutInterceptor to sign outgoing soap message from our application. We have tested the application on Tomcat without any problems, but on Websphere (7) we keep getting the ClassCastException:

java.lang.ClassCastException: org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory incompatible with javax.xml.crypto.dsig.XMLSignatureFactory
    at javax.xml.crypto.dsig.XMLSignatureFactory.findInstance(XMLSignatureFactory.java:202)
    at javax.xml.crypto.dsig.XMLSignatureFactory.getInstance(XMLSignatureFactory.java:292)
    at org.apache.ws.security.message.WSSecSignature.init(WSSecSignature.java:127)
    at org.apache.ws.security.message.WSSecSignature.<init>(WSSecSignature.java:120)
    at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:45)
    at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:232)
    at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:52)
    at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:260)
    at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:136)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
    at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
    at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
    at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
    at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
    at $Proxy1632.putDataOperation(Unknown Source)

I know this usually means that these two classes are loaded with different classloaders, but I am unable to prove this is our case.

Our classpath (printed by websphere administration console) looks like this:

file:PATH_TO_WEBAPP_WAR/WEB-INF/classes
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/FastInfoset-1.2.12.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/ISDSClient-1.0-SNAPSHOT.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/Jace-1.0.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/activation-1.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/antlr-2.7.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/aopalliance-1.0.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/asm-3.3.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/aspectjrt-1.7.4.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/aspectjweaver-1.7.4.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/avalon-framework-api-4.3.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/avalon-framework-impl-4.3.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/backport-util-concurrent-3.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/barbecue-1.5-beta1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-anim-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-awt-util-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-bridge-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-css-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-dom-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-ext-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-extension-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-gvt-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-js-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-parser-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-script-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-svg-dom-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-svggen-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-transcoder-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-util-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/batik-xml-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/bcmail-jdk16-1.45.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/bcprov-jdk16-1.45.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/bctsp-jdk16-1.45.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/c3p0-0.9.1.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cglib-2.2.2.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/classworlds-1.1-alpha-2.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/commons-beanutils-1.9.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/commons-codec-1.9.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/commons-collections-3.2.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/commons-io-1.3.2.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/commons-io-1.4.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/commons-lang-2.6.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/commons-logging-1.1.3.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/core-1.0-SNAPSHOT.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/core-interface-1.0-SNAPSHOT.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cxf-api-2.7.14.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cxf-rt-bindings-soap-2.7.14.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cxf-rt-bindings-xml-2.7.14.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cxf-rt-core-2.7.14.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cxf-rt-databinding-jaxb-2.7.14.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cxf-rt-frontend-jaxrs-2.7.14.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cxf-rt-frontend-jaxws-2.7.14.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cxf-rt-frontend-simple-2.7.14.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cxf-rt-rs-security-xml-2.7.14.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cxf-rt-transports-http-2.7.14.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cxf-rt-ws-policy-2.7.14.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cxf-rt-ws-security-2.7.14.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cz.dalvi.commons.common-0.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cz.dalvi.commons.crypto-0.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/cz.dalvi.commons.xml-0.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/dom4j-1.6.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/ecmcodes-ws-client-2.1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/ehcache-core-2.5.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/filenet-client-1.0-SNAPSHOT.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/flexjson-2.0.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/fontbox-1.8.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/fop-1.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/geronimo-javamail_1.4_spec-1.7.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/geronimo-ws-metadata_2.0_spec-1.1.2.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/gmbal-api-only-3.1.0-b001.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/ha-api-3.1.8.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/hibernate-commons-annotations-4.0.4.Final.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/hibernate-core-4.3.5.Final.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/hibernate-entitymanager-4.3.5.Final.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/hibernate-jpa-2.1-api-1.0.0.Final.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/iba-commons-core-1.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/iba-commons-util-1.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/ini4j-0.5.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/isds-client-1.0-SNAPSHOT.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/isds-proxy-1.0-SNAPSHOT.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/istack-commons-runtime-2.16.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jackson-annotations-2.0.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jackson-core-2.0.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jackson-databind-2.0.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jandex-1.1.0.Final.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/javassist-3.18.1-GA.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/javax.annotation-api-1.2-b03.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/javax.mail-1.4.4.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/javax.ws.rs-api-2.0-m10.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/javax.xml.soap-api-1.3.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jaxb-api-2.2.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jaxb-core-2.2.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jaxb-impl-2.2.7-b41.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jaxb-jxc-2.2.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jaxb-xjc-2.2.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jaxp-api-1.4.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jaxp-ri-1.4.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jaxws-api-2.1-1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jaxws-maven-plugin-2.3.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jaxws-rt-2.2.8-promoted-b146.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jaxws-spring-1.9.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jaxws-tools-2.2.8.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jboss-logging-3.1.3.GA.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jboss-logging-annotations-1.2.0.Beta1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jboss-transaction-api_1.2_spec-1.0.0.Final.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jcl-over-slf4j-1.7.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jempbox-1.8.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/joda-time-2.3.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jsr181-api-1.0-MR1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jsr250-api-1.0.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/jstl-1.2.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/liquibase-core-3.3.0.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/log4j-1.2.17.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/management-api-3.0.0-b012.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/maven-artifact-2.2.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/maven-artifact-manager-2.2.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/maven-model-2.2.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/maven-plugin-api-3.0.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/maven-plugin-registry-2.2.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/maven-profile-2.2.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/maven-project-2.2.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/maven-repository-metadata-2.2.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/maven-settings-2.2.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/mimepull-1.8.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/neethi-3.0.2.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/opensaml-2.5.1-1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/openws-1.4.2-1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/pbs-client-1.0-SNAPSHOT.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/pdfbox-1.8.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/plexus-classworlds-2.4.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/plexus-component-annotations-1.5.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/plexus-container-default-1.0-alpha-9-stable-1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/plexus-interpolation-1.11.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/plexus-utils-3.0.10.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/policy-2.3.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/quartz-2.2.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/saaj-api-1.3.4.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/saaj-impl-1.3.18.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/sisu-guava-0.9.9.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/sisu-guice-3.1.0-no_aop.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/sisu-inject-bean-2.3.0.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/sisu-inject-plexus-2.3.0.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/slf4j-api-1.7.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/slf4j-log4j12-1.7.6.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/snakeyaml-1.13.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-aop-4.0.3.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-beans-4.0.3.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-context-4.0.3.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-context-support-4.0.3.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-core-4.0.3.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-expression-4.0.3.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-jdbc-4.0.3.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-ldap-core-1.3.2.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-orm-4.0.3.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-oxm-3.1.1.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-security-config-3.2.4.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-security-core-3.2.4.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-security-ldap-3.2.4.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-security-web-3.2.4.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-tx-4.0.3.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-web-4.0.3.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-webmvc-4.0.3.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-ws-core-2.0.5.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-ws-security-2.0.5.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/spring-xml-2.0.5.RELEASE.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/sta-client-1.0-SNAPSHOT.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/stax-api-1.0-2.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/stax-api-1.0.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/stax-ex-1.7.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/stax2-api-3.1.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/streambuffer-1.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/usertype.core-3.1.0.GA.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/usertype.spi-3.1.0.GA.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/velocity-1.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/wagon-provider-api-1.0-beta-6.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/woodstox-core-asl-4.4.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/ws-api-1.0-SNAPSHOT.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/wsdl4j-1.6.3.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/wsit-rt-1.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/wss4j-1.6.17.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/xalan-2.6.0.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/xbean-spring-3.14.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/xercesImpl-2.11.0.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/xlxpScanner-1.0.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/xlxpScannerUtils-1.0.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/xml-apis-1.4.01.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/xml-apis-ext-1.3.04.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/xmlgraphics-commons-1.5.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/xmlschema-core-2.1.0.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/xmlsec-1.5.7.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/xmltooling-1.3.2-1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/xpp3_min-1.1.4c.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/xstream-1.3.1.jar
file:PATH_TO_WEBAPP_WAR/WEB-INF/lib/xws-security-1.3.1.jar
file:PATH_TO_WEBAPP_WAR

Our webapp is configured to use local classloader first (through WAS administration).

Interresting fact is: After restart of WAS server with our webapp, the signing of WS requests works just fine. But when the application is restarted (without server restart) the problem emerges.

Any ideas what could be possibly checked for problem?

Thanks, Shimon

标签： spring web-services cxf websphere-7 ws-security

2条回答

别忘想泡老子

2楼-- · 2019-03-04 14:32

Root cause of the problem is xmlsec jars has javax packages. We used the xmlsec-2.0.0 jars and it worked. We got the hint from the Santuario xmlsec jar issue https://issues.apache.org/jira/browse/SANTUARIO-358. I also noticed that latest CXF version 3.1.6 contains xmlsec-2.0.6.jar which doesn't contain the javax packages which is the real solution to this problem. Please use latest cxf package (>3.0)

0人赞添加讨论(0) 举报

Juvenile、少年°

3楼-- · 2019-03-04 14:51

After some research I have found this CXF issue which might be helpful: https://issues.apache.org/jira/browse/CXF-4603

According to the comments you should set

WSSConfig.setAddJceProviders(false)

before WSS4J is initialized.

This could be done using context loader listener, like this:

public class ProviderInitializationListener implements ServletContextListener {

    @Override
    public void contextInitialized(ServletContextEvent servletContextEvent) {
        WSSConfig.setAddJceProviders(false);
    }

    @Override
    public void contextDestroyed(ServletContextEvent servletContextEvent) {
        //To change body of implemented methods use File | Settings | File Templates.
    }
}

and register it in web.xml:

<listener>
        <listener-class>com.test.security.listener.ProviderInitializationListener</listener-class>
</listener>

Then there is the Websphere documentation, which describes recommended approach to use third part JAX-WS engine (like CXF) - here

Coppied from the manual:

Set the class loader policy to Classes loaded with local class loader first (parent last) at the module level.

Changing the class loader policy to parent last ensures that the external third-party JAX-WS run time and their dependent library JAR files are first in the class loader search path, thereby ensuring that the third-party implementation is used instead of the WebSphere Application Server.
- In the administrative console, click Applications > Application Types > WebSphere enterprise applications > application_name > Class loading and update detection.
- Under Class reloading options, select Override class reloading settings for Web and EJB modules .
- Under Class loader order, select Class loader order property to Classes loaded with local class loader first (parent last).
- Click OK, and then Save to save your changes.
Turn off Web services annotation scanning.

Annotation scanning can be turned off at the application level or at the server level. To turn off annotation scanning at the application level, set the DisableIBMJAXWSEngine property in the META-INF/MANIFEST.MF of a WAR file or EJB module to true. Example:
```
Manifest-Version: 1.0
DisableIBMJAXWSEngine: true
```
To turn off Web services annotation scanning at the server level:
- In the administrative console, go to the Custom properties page for the Java virtual machine.
  
  Servers > Server Types > WebSphere application servers > server_name, and then, under Server Infrastructure, click Java and process management > Process definition > Java virtual machine > Custom properties
- Set the com.ibm.websphere.webservices.DisableIBMJAXWSEngine property to true
- If this property does not already exist for your configuration, click New, and add com.ibm.websphere.webservices.DisableIBMJAXWSEngine in the Name field and true in the Value field.

After all these settings and server restart, the exception dissapeared. BUT repeared after some redeployments of the application. Apparently IBM still loads it's own security provider, despite the fact, that the addJCEProviders is set to false. In our case, this is acceptable state (restart of WAS server is needed to make it work)

Hope this would be helpful for somebody.

0人赞添加讨论(0) 举报

CXF 2.7.14 + WSS4J + Websphere 7 ClassCastExceptio

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间