In our application, we are trying to upgrade to Spring boot 2,
We are using spring-security-saml2-core:1.0.4.RELEASE, while running application we are getting following exception. It seems, there are two jars xmltooling-1.4.6 and opensaml-core-3.3.0 on classpaath, who have same file default-config.xml
. In this case a classloader happens to put opensaml-core-3.3.0 ahead of xmltooling-1.4.6.jar and wrong default-config.xml
getting loaded
<ObjectProviders>
<ObjectProvider qualifiedName="xt:DEFAULT">
<BuilderClass className="org.opensaml.core.xml.schema.impl.XSAnyBuilder"/>
<MarshallingClass className="org.opensaml.core.xml.schema.impl.XSAnyMarshaller"/>
<UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSAnyUnmarshaller"/>
</ObjectProvider> </ObjectProviders>
java.lang.ClassCastException: org.opensaml.core.xml.schema.impl.XSAnyBuilder cannot be cast to org.opensaml.xml.XMLObjectBuilder
at org.opensaml.xml.XMLConfigurator.initializeObjectProviders(XMLConfigurator.java:236)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:182)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:166)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:143)
at org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:203)
at org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:186)
at org.opensaml.DefaultBootstrap.bootstrap(DefaultBootstrap.java:92)
at org.opensaml.PaosBootstrap.bootstrap(PaosBootstrap.java:27)
at org.springframework.security.saml.SAMLBootstrap.postProcessBeanFactory(SAMLBootstrap.java:42).
Can somebody help here. Please..
Refer https://issues.shibboleth.net/jira/browse/OSJ-152
opensaml
V2 version usesxmltooling.jar
.opensaml
V3 version usesopensaml-soap-impl.jar
which has different package name compared toxmltooling.jar
Example:
opensaml-soap-impl.jar
uses -->org.opensaml.core.xml.XMLObjectBuilder
xmltooling.jar
uses -->org.opensaml.xml.XMLObjectBuilder
Root causue: your classpath has both v2 and v3 versions of
opensaml
. This is reason forclasscast
exception.Solution:
Ideally you don't need to have both versions of
opensaml
. it might happen accidentally due to maven dependency management. Remove one of them.opensamlv2
version and if you don't want to upgrade, please excludeopesamlv3
jars as below.opensamlV2
related jars