Issues getting XML Parsing Libraries Working

I’m developing a Confluence Data Center plugin using Java and am having trouble instantiating an DocumentBuilderFactory to parse the XML storage format. When I call this from within my plugin:

DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();

I get this error:

[INFO] [talledLocalContainer] java.lang.ClassCastException: class org.apache.xerces.jaxp.DocumentBuilderFactoryImpl cannot be cast to class javax.xml.parsers.DocumentBuilderFactory (org.apache.xerces.jaxp.DocumentBuilderFactoryImpl is in unnamed module of loader org.apache.catalina.loader.ParallelWebappClassLoader @37d61cea; javax.xml.parsers.DocumentBuilderFactory is in unnamed module of loader org.apache.felix.framework.BundleWiringImpl$BundleClassLoader @4e30df9f)
[INFO] [talledLocalContainer]   at javax.xml.parsers.DocumentBuilderFactory.newInstance(Unknown Source)
<stack trace trimmed for clarity>

From what I understand this appears to be some kind of OSGi issue; the implementing class in Apache Xerces is provided by the JVM, and is present in the parent classloader, but I need to do something to make it available to my bundle’s classloader. I’ve tried a few things in the <Import-Package> section of my confluence-maven-plugin configuration instructions, but can’t seem to get it working.

Any tips? How do I get XML parsing working in a plugin?


Hi Kashev,

I found some interesting stuff to look at in the source code of javax.xml.parser.DocumentBuilderFactory. Apparently the class


is a fallback classname for when it cannot find the standard class in the JRE.

I also the authors of DocumentBuilderFactory note that you can try to troubleshoot with the following flag upon start of the plugin: -Djaxp.debug=1

Other than this, our bundle has access to this class by default without any issues.
Below is our instructions in the atlassian maven plugin descriptor in our pom:

  <Export-Package />

Kantega SSO


Hello hello

When using XML libraries in Confluence ,

  1. you need to ensure their usage is secure
  2. you should use the atlassian-secure-xml dependency

Also the plugin descriptor describe in @EliasBrattliSorensen answer should do

Here is one of my fun memories dealing with XML libraries in Confluence How we stopped vulnerable code from landing in production - Atlassian Developer Blog

former Confluence person