Skip to Main Content
Forums

Oracle Database Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Can I delete $ORACLE_HOME/md/property_graph/lib/log4j-core-2.9.0.jar file?

We have a bit of a predicament, we are on 18c on Oracle Linux 7 and seems that Oracle will not be releasing any new patches for this release. We have a plan to upgrade to 19c, but that will take a few months to accomplish. Security scans flagged $ORACLE_HOME/md/property_graph/lib/log4j-core-2.9.0.jar file as a vulnerability with the recent announcement from apache. $ORACLE_HOME/md/... directory seems to be related to spatial or locator options, we don't use either one. Can we just delete this file? I've got a SR open with Oracle support, but they are just pointing to the "Apache Log4j Security Alert CVE-2021-44228 Products and Versions ( Doc ID 2827611.1 )" document. It states that db is not affected by this vulnerability, but security tools don't like the presence of that file.
This post has been answered by user13297735 on Dec 16 2021
Jump to Answer

Comments

Timo Hahn

User, the NoClassDefFoundError exception points to a class loader problem. Sometimes the problem is static code in a bean or it's the order of libraries loaded from your application and the server you are deploying to.

You can check https://examples.javacodegeeks.com/java-basics/exceptions/java-lang-noclassdeffounderror-how-to-solve-no-class-def-found… and https://www.youtube.com/watch?feature=player_detailpage&v=ArLTKapjV_8&app=desktop  which helps you understand the problem.

Timo

2752536

Hi Timo, thank you for fast response, and for the heads up for order of libraries.

I will watch through materials you provided and posted back.

What concerns me is that this problem occurs in the simplest kind o application as soon      Configuration.createRootApplicationModule("model.AppModuleImpl ", "AppModuleImplLocal");      is invoked (no static or anything).

If i remember correctly in 11g i had no problems with this specific use case.

2752536

I ve looked through links, and ill look more into cat. problem is that this Configuration class is from oracle.jbo.client.Configuration package on which I don't have any control. I will see what results cat give, but whatever they were I am not sure how to solve them

I am posting this link also so, you can see what I was doing

http://flexagon.com/2013/08/create-soap-webservices-using-bc4j/

2752536

@"Timo Hahn"

I was trying to fix my problem from yesterday but with no success although i have some additional information. I am hoping that you can point me in right direction.

I checked with ClassLoader Analysis Tool and it did not found any class conflicts.

I was researching a bit more, and found out that when I run my Web Service Class from inside JDeveloper everything works fine. It deploys application to integrated weblogic and web service is available and fully functional.

If I try to pack it inside a War and regardless of deployment method (console, enterprise manager, jdeveloper) or server (integrated, dedicated )result is always the same - deploys OK, available via ws_utc, but when some method is invoked i get ::

<oracle.dms.instrument.Noun> <Noun> <findOrCreateByPath> <Attempt to create pre-existing noun /DefaultDomain/DefaultServer/com.oracle.webservices.wls.ws-testclient-app-wls, of type wls_jaxrsapp_resources, with a conflicting type wls_ear.>

<com.sun.xml.ws.server.sei.TieHandler> <TieHandler> <createResponse> <oracle/jbo/client/Configuration>

java.lang.NoClassDefFoundError: oracle/jbo/client/Configuration

    at project1.WSClass.test(WSClass.java:32)

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

    at java.lang.reflect.Method.invoke(Method.java:497)

    at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:120)

    at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:93)

    at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:149)

    at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:88)

    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)

    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050)

    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019)

    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877)

    at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:419)

    at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:868)

    at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:422)

    at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:169)

    at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:229)

    at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:667)

    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:368)

    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:163)

    at weblogic.wsee.util.ServerSecurityHelper.authenticatedInvoke(ServerSecurityHelper.java:108)

    at weblogic.wsee.jaxws.HttpServletAdapter$3.run(HttpServletAdapter.java:286)

    at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:295)

    at weblogic.wsee.jaxws.JAXWSServlet.doRequest(JAXWSServlet.java:128)

    at weblogic.servlet.http.AbstractAsyncServlet.service(AbstractAsyncServlet.java:103)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:286)

    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:260)

    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:137)

    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:350)

    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25)

    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)

    at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:141)

    at java.security.AccessController.doPrivileged(Native Method)

    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)

    at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:649)

    at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:124)

    at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:232)

    at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:94)

    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)

    at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:224)

    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78)

    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3654)

    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3620)

    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:326)

    at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:196)

    at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)

    at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)

    at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2423)

    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2280)

    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2258)

    at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1626)

    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1586)

    at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:270)

    at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:348)

    at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:333)

    at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:54)

    at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)

    at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:617)

    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:397)

    at weblogic.work.ExecuteThread.run(ExecuteThread.java:346)

Judging by the first line, it should be the conflict, but i cant find anything inside CAT, and I would really appreciate any help regarding the issue .

On the link, i provide application example, very light, without datasoruce or anything, just 2 projects, one has app module with one method, second has ws with method to invoke method from app module.

Zippyshare.com - Application12.zip

2752536
Answer

Solved the issue by adding all needed libraries to WAR.

Obviously there was a problem with some sorf of conflict but CAT did not found anything, and its hard to understand why problem occurs in first place.

Marked as Answer by 2752536 · Sep 27 2020
1 - 5

Post Details

Added on Dec 15 2021
#general-database-discussions, #spatial
8 comments
13,815 views