jar files cause java.lang.NoClassDefFoundError

Question

Recently, my colleague resigned and left the company. He handovered a java program using struts2. However, he only provides the source code only. I don't have and don't find any documents about the program. Unfortunately, I am not good at java or struts2 and I would like to seek your advice please.

I notice the program uses various jars and I believe the program use struts is using Apache Struts2 version 2.3.24.1 because there are some jars called struts2-core-2.3.24.1, struts2-json-plugin-2.3.24.1, struts2-spring-plugin-2.3.24.1 and struts2-tiles-plugin-2.3.24.1.

I refer to these 3 articles 1,2 and 3, the Apache Struts2 has the vulnerability and I think I have to upgrade the program to version 2.3.32.

However I don't have confidence to upgrade to struts version 2.3.32 immediately, I backup the whole program and try to upgrade to struts version 2.3.24.3 because from this wesite, the next version for 2.3.24.1 is 2.3.24.3. Moreover, I try not to change any code in the program, so I begin to upgrade the jar files first.

Due to there are many jar filesHere are the jar files I upgraded for struts2 version 2.3.24.3

javassist-3.11.0.GA
ognl-3.0.6.1
struts2-core-2.3.24.3
struts2-dojo-plugin-2.3.24.3
struts2-json-plugin-2.3.24.3
struts2-spring-plugin-2.3.24.3
struts2-tiles-plugin-2.3.24.3
xwork-core-2.3.24.3

I clean the project and run the program. It runs properly(there is no exception occurs), so I start to upgrade jars files from 2.3.24.3 to 2.3.32.

So now here are upgraded jar files I add in the program, the previous version has been removed. The rest jars are remain same.

struts2-core-2.3.32
struts2-dojo-plugin-2.3.32
struts2-json-plugin-2.3.32
struts2-spring-plugin-2.3.32
struts2-tiles-plugin-2.3.32

I clean the project and run the program. This I get the error that is about java.lang.NoClassDefFoundError

Here is the error. I feel strange that there are "... 19 more" but I cannot find those 19 messages. I search the log files e.g. catalina.yyyy-mm-dd.log, localhost_access_log.yyyy-mm-dd/txt. Surprisingly, those log files contains log which is two days ago.

SEVERE: Error configuring application listener of class    org.apache.struts2.tiles.StrutsTilesListener
java.lang.NoClassDefFoundError:    org/apache/tiles/web/startup/AbstractTilesListener
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:800)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at org.apache.catalina.loader.WebappClassLoaderBase.findClassInternal(WebappClassLoaderBase.java:2472)
at  org.apache.catalina.loader.WebappClassLoaderBase.findClass(WebappClassLoaderBase .java:854)
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1274)
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1157)
at org.apache.catalina.core.DefaultInstanceManager.loadClass(DefaultInstanceManager.java:520)
at org.apache.catalina.core.DefaultInstanceManager.loadClassMaybePrivileged(DefaultInstanceManager.java:501)
at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:120)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4651)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5167)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1399)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ClassNotFoundException: org.apache.tiles.web.startup.AbstractTilesListener
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1305)
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1157)
... 19 more

Mar 14, 2017 11:58:38 AM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Skipped installing application listeners due to previous error(s)
Mar 14, 2017 11:58:38 AM org.apache.catalina.core.StandardContext startInternal
SEVERE: One or more listeners failed to start. Full details will be found in the appropriate container log file
Mar 14, 2017 11:58:38 AM org.apache.catalina.core.StandardContext startInternal
SEVERE: Context [/RIDW] startup failed due to previous errors
Mar 14, 2017 11:58:38 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-nio-8080"]
Mar 14, 2017 11:58:38 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-nio-8009"]
Mar 14, 2017 11:58:38 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 6698 ms

I have read these posts about how to solve the error post1, post2, post3 and post4.

But one thing I don't understand is when I apply jars for version from 2.3.24.1 to 2.3.24.3 . The program does not have error. Then I do the similar process (change jars from 2.3.24.3 to 2.3.32), the program occurs error when I run it. During this two process, I do not write or edit any code in the program, I just change jar files.

So should I compare each jar files 2.3.24.1 to 2.3.24.3 and find different jars, then use those different jars to compare to the original program jars to fix error? Grateful for your advice please. Thank you. (Please note, if this post is not appropriate to post here, would someone help me to remove it. Thanks)

update

I spend lots of time download jars and find the pom.xml file. But that file does not exist in the program, so I think this program needs to add or remove jars manually.

Here are the updated jars that I add in the program for upgrade to struts version 2.3.32

struts2-core-2.3.32
struts2-dojo-plugin-2.3.32
struts2-json-plugin-2.3.32
struts2-spring-plugin-2.3.32
struts2-tiles-plugin-2.3.32
commons-beanutils-1.8.0
commons-collections-3.2.2
commons-fileupload-1.3.2
commons-io-2.2
commons-logging-1.1.3
javassist-3.11.0.GA
jcl104-over-slf4j-1.5.8
ognl-3.0.19
slf4j-api-1.7.12
slf4j-jdk14-1.5.8
spring-test-3.0.5.RELEASE
spring-web-3.0.5.RELEASE
tiles-api-2.2.2
tiles-core-2.2.2
tiles-jsp-2.2.2

Although new jars and upgraded jars are put in the program, I still get the same error. I feel so confuse about the error.

If I upgrade version from 2.3.24.1 to 2.3.24.3. The program seems fine (I have not test any function yet, I just start the server and it can open the first page of the program).

But if I upgrade version from 2.3.24.1 to 2.3.32, the sever does not start properly and shows the error.

Also another thing make me feel strange is the error is still the same, there is no new error (maybe not occurs yet)

Answer 1

I recommend you to read the Apache Struts Migration Guide, before upgrading any JAR files.

In your case you have missed at least one important internal changes in Version 2.3.28 in which the tiles-plugin was updated to the newest version available at this point in time. (Error java.lang.NoClassDefFoundError: org/apache/tiles/web/startup/AbstractTilesListener)

General advice

JAR-files have often dependencies, so you can't (and shouldn't) just replace one JAR without any knowledge about their requirements. In this case the newer struts-tiles-plugin needs a newer tiles dependencies.

And before you do this all manually: there is a nice tool to help you with and many projects use it. It's called Maven. Is there a pom.xml in your project? With that you can handle all these dependencies very easily.