使用 Apache CXF 时 org.bouncycastle.asn1.x509.SubjectPublicKeyInfo 的 NoClassDefFoundError

NoClassDefFoundError for org.bouncycastle.asn1.x509.SubjectPublicKeyInfo when using Apache CXF

我在尝试使用我的应用程序传输 soap 请求时收到 NoClassDefFoundError。

我读到 NoClassDefFoundError 通常是由初始化有问题的 class 的异常引起的,但我查看了日志,这是应用程序报告的唯一错误。

我已经能够记录 class 名称:

val classPath = SubjectPublicKeyInfo::class.java.getResource(SubjectPublicKeyInfo::class.java.simpleName + ".class").toString()
log.info("Class: $classPath")

并验证了 bouncy castle 的版本是我的 Apache CXF 版本所期望的版本:

implementation("org.apache.cxf:apache-cxf:3.3.5")
implementation("org.bouncycastle:bcprov-jdk15on:1.54")

会不会是其他 class 加载器的问题?或者 Tomcat 正在做...一些奇怪的事情? Tomcat 版本是 7.0.76 并且 Java 是 java 8.

异常:

java.lang.NoClassDefFoundError: org/bouncycastle/asn1/x509/SubjectPublicKeyInfo
org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi.engineGeneratePublic(Unknown Source)
org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi.engineGeneratePublic(Unknown Source)
java.security.KeyFactory.generatePublic(KeyFactory.java:334)
sun.security.x509.X509Key.buildX509Key(X509Key.java:223)
sun.security.x509.X509Key.parse(X509Key.java:170)
sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
sun.security.x509.X509CertInfo.parse(X509CertInfo.java:667)
sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:167)
sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1804)
sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:195)
sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:102)
java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:716)
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
java.security.KeyStore.load(KeyStore.java:1445)
org.apache.wss4j.common.crypto.Merlin.load(Merlin.java:370)
org.apache.wss4j.common.crypto.Merlin.loadProperties(Merlin.java:228)
org.apache.wss4j.common.crypto.Merlin.<init>(Merlin.java:156)
org.apache.wss4j.common.crypto.CryptoFactory.getInstance(CryptoFactory.java:119)
org.apache.cxf.ws.security.wss4j.WSS4JUtils.loadCryptoFromPropertiesFile(WSS4JUtils.java:300)
org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor.loadCryptoFromPropertiesFile(AbstractWSS4JInterceptor.java:221)
org.apache.wss4j.dom.handler.WSHandler.loadCrypto(WSHandler.java:979)
org.apache.wss4j.dom.handler.WSHandler.loadSignatureCrypto(WSHandler.java:874)
org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:158)
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access0(WSS4JOutInterceptor.java:57)
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessageInternal(WSS4JOutInterceptor.java:275)
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:147)
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:132)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:441)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:356)
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:314)
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140)
com.sun.proxy.$Proxy197.bulkRequestTransmitter(Unknown Source)
com.myapp.transmission.irsservices.CXFWebServiceHelper.callTransmitterWebService(CXFWebServiceHelper.java:135)
com.myapp.transmission.controllers.SubmitController.doGet(SubmitController.java:131)
javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

我进一步调查后的一些额外信息:

JDK 版本为:

openjdk version "1.9.0_191"
OpenJDK Runtime Environment (build 1.8.0_191-b12)

使用Gradle构建项目。我还发现,当 运行 在本地使用它时,我会收到一个安全异常,该异常似乎会在该过程的后期出现。所以我认为 class 在本地 运行 时被正确加载,而不是在远程服务器上。但是我怎样才能在本地和远程无一例外地打印出 class 信息呢?

这是我的 build.gradle.kts 文件的完整依赖部分(注意我已经删除了直接的 bouncy castle 依赖。以任何一种方式提取相同的版本):

dependencies {
    implementation("org.mongodb:bson:3.6.4")
    implementation("org.apache.commons:commons-collections4:4.1")
    implementation("commons-fileupload:commons-fileupload:1.3.1")
    implementation("commons-io:commons-io:2.4")
    implementation("commons-lang:commons-lang:2.3")
    implementation("com.google.code.gson:gson:2.3.1")
    implementation("com.google.guava:guava:19.0")
    implementation("com.fasterxml.jackson.core:jackson-annotations:2.7.0")
    implementation("com.fasterxml.jackson.core:jackson-core:2.8.0.rc2")
    implementation("com.fasterxml.jackson.core:jackson-databind:2.8.0.rc2")
    implementation("ch.qos.logback:logback-classic:1.1.3")
    implementation("ch.qos.logback:logback-core:1.1.3")
    implementation("org.mongodb:mongodb-driver:3.6.4")
    implementation("org.mongodb:mongodb-driver-core:3.6.4")
    implementation("org.apache.pdfbox:pdfbox-app:2.0.17")
    implementation("org.slf4j:slf4j-api:1.7.7")
    implementation("org.apache.xmlbeans:xmlbeans:2.5.0")
    implementation("org.apache.cxf:apache-cxf:3.1.18")
    implementation("org.jetbrains:annotations:18.0.0")
    implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
    implementation("org.jetbrains.kotlin:kotlin-reflect")

    providedCompile("javax.servlet:javax.servlet-api:3.1.0")
    providedCompile("javax.mail:javax.mail-api:1.6.2")

    testImplementation("httpunit:httpunit:1.7")
}

您的应用程序中的库与 Tomcat 加载的库之间似乎存在依赖性冲突。请注意,Tomcat lib 文件夹中嵌入的所有库优先于应用中部署的库,因为 Tomcat 通过其通用类加载器提供它们。官方文档中的更多详细信息:https://tomcat.apache.org/tomcat-7.0-doc/class-loader-howto.html

乐于助人!