Solved: NoClassDefFoundError in java callout - WS-Security... - Page 2

vlalbahadur1 · 01-27-2021 09:04 AM

Hi,

We have written a custom java code to verify XML digital signatures in the incoming SOAP request. Code is running fine on local machine but we are getting below runtime exception when deployed on Apigee in a shared flow. I have verified and mentioned class is available in "wss4j-1.6.19.jar" which is present in shared flow.

Exception(deployment is successful, getting error on runtime):

java.lang.NoClassDefFoundError :: org/apache/ws/security/util/WSSecurityUtil

Libraries used(Available in shared flow)-

wss4j-1.6.19.jar

xmlsec-2.1.0.jar

commons-logging-1.1.1.jar

slf4j-api-1.6.1.jar

slf4j-log4j12-1.6.1.jar

Apigee private cloud version-

4.19.06.07

JDK Version-

openjdk version "1.8.0_275"

Note: There are no other jars available at Orgnization or Environment level in Apigee.

Thanks,

Lal

dchiesa1

Yep

There are problems using some JARs within Apigee. Specifically around permissions in the Apigee Message Processor. You're using OPDK, so perhaps you've relaxed the permissions to allow various JARs to execute. If that's the case, then I would suggest looking more closely at the system.log for the MP in question to understand what is leading to the NoClassDefFound. It could be a dependent class.

Also, are you aware that there is an existing callout that works in Apigee SaaS?

https://github.com/DinoChiesa/Apigee-Java-WsSec-Signature-2

It should also work in OPDK. It does verification of XML signatures for WS-Security. I wrote it specifically because I could not get wss4j to work within Apigee. This callout does not depend on wss4j, but you can use it to verify signatures. It may be of help to you.

View solution in original post

NoClassDefFoundError in java callout - WS-Security STR-Transform