cannot access class com.sun.org.apache.xml.internal.security.Init (in module java.xml.crypto) because module java.xml.crypto does not export
search cancel

cannot access class com.sun.org.apache.xml.internal.security.Init (in module java.xml.crypto) because module java.xml.crypto does not export

book

Article ID: 404683

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

After upgrading to Gateway 11.1, a policy using a custom assertion is failing. 

The policy fails when the custom assertion is executed and the following error is returned and seen in the gateway logs:

status="class com.l7tech.fcb.custom.xpathxmlsignature.assertion.SoapSignatureClient (in unnamed module @0x3126cd59) cannot access class com.sun.org.apache.xml.internal.security.Init (in module java.xml.crypto) because module java.xml.crypto does not export com.sun.org.apache.xml.internal.security to unnamed module @0x3126cd59"
                    xmlns:l7="http://www.layer7tech.com/ws/policy/fault" xmlns:l7p="http://www.layer7tech.com/ws/policy">

 

Environment

CA API Gateway 11.0, 11.1

Java 11, Java 17

Cause

The CustomAssertion.jar file is complied with older Java version.

Resolution

Add the following to the /opt/SecureSpan/Gateway/runtime/etc/profile.d/ssgruntimedefs.sh file:

NOTE: if there is an existing line like below on the file

default_java_opts="$default_java_opts --add-exports java.xml.crypto/com.sun.org.apache.xml.internal.security=ALL-UNNAMED"

add a new line like this:

default_java_opts="$default_java_opts --add-opens java.xml.crypto/com.sun.org.apache.xml.internal.security=ALL-UNNAMED"

This should resolve the mentioned error without recompiling the assertion.

Powered by Wolken Software