You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by "Spotts, Joel (ISS Atlanta)" <js...@us.ibm.com> on 2007/02/06 20:54:44 UTC
Gbean within a signed jar
I have a gbean packaged within a signed jar that is placed in my EAR.
Trouble is it seems that geronimo uses proxy classes on the gbean class
files, which results in the dreaded:
java.lang.SecurityException: class "..."'s signer information does not
match signer information of other classes in the same package
when geronimo attempts to start the gbean. Anyone have a solution to
this problem other than not signing the jar?
Thanks,
Yoel Spotts
Re: Gbean within a signed jar
Posted by Dain Sundstrom <da...@iq80.com>.
Alternatively, just change the code that complains about the
signature. We could add a flag to the Geronimo class loader to hide
all signing data.
-dain
On Feb 6, 2007, at 11:54 AM, Spotts, Joel (ISS Atlanta) wrote:
> I have a gbean packaged within a signed jar that is placed in my
> EAR. Trouble is it seems that geronimo uses proxy classes on the
> gbean class files, which results in the dreaded:
>
> java.lang.SecurityException: class "..."'s signer information does
> not match signer information of other classes in the same package
>
> when geronimo attempts to start the gbean. Anyone have a solution
> to this problem other than not signing the jar?
>
> Thanks,
>
> Yoel Spotts
>
Re: Gbean within a signed jar
Posted by Kevan Miller <ke...@gmail.com>.
On Feb 6, 2007, at 2:54 PM, Spotts, Joel ((ISS Atlanta)) wrote:
> I have a gbean packaged within a signed jar that is placed in my
> EAR. Trouble is it seems that geronimo uses proxy classes on the
> gbean class files, which results in the dreaded:
>
> java.lang.SecurityException: class "..."'s signer information does
> not match signer information of other classes in the same package
>
> when geronimo attempts to start the gbean. Anyone have a solution
> to this problem other than not signing the jar?
Hi Yoel,
Interesting. First I've heard of this problem, but it makes sense. I
don't really have a "solution" for you.
1) As you suggest, don't sign your jar... :-P
2) Turn off proxy generation in the server. This, however, has the
unfortunate side-effect of breaking the admin console. So, this
really isn't much of an option.
Perhaps somebody else can chime in...
--kevan
Re: Gbean within a signed jar
Posted by Aaron Mulder <am...@alumni.princeton.edu>.
Can you create a Jira issue to investigate that approach? I'm not
sure whether it would work but it sounds like it's worth following up
on. If you can attach a small example that demonstrates the problem,
that would be great too. (If nothing else, maybe we could just try
the repackaging approach if we notice that the original JAR was
signed.)
Thanks,
Aaron
On 2/16/07, Spotts, Joel (ISS Atlanta) <js...@us.ibm.com> wrote:
> Is it possible the geronimo code creates the proxy in the same package as the target class? If the proxy was created in a different package (like proxy.<targetclass proxy>), IIRC, no SecurityException would be thrown.
>
> Thanks,
>
> Yoel
>
> -----Original Message-----
> From: Dain Sundstrom [mailto:dain@iq80.com]
> Sent: Mon 2/12/2007 10:23 PM
> To: user@geronimo.apache.org
> Cc:
> Subject: Re: Gbean within a signed jar
>
>
>
> Alternatively, just change the code that complains about the
> signature. We could add a flag to the Geronimo class loader to hide
> all signing data.
>
> -dain
>
>
>
>
>
Re: Gbean within a signed jar
Posted by Kevan Miller <ke...@gmail.com>.
On Feb 20, 2007, at 11:08 AM, Spotts, Joel ((ISS Atlanta)) wrote:
> I am working on an example to highlight the issue, and will create
> a JIRA issue. I am having trouble figuring out how to attach a file
> to a JIRA issue. Where should I be looking?
>
Sounds great. Thanks Yoel.
For an existing Jira, there's an "Attach file to this issue"
operation (in left hand column). So, you'll need to create the issue
first, then attach...
--kevan
RE: Gbean within a signed jar
Posted by "Spotts, Joel (ISS Atlanta)" <js...@us.ibm.com>.
I am working on an example to highlight the issue, and will create a JIRA issue. I am having trouble figuring out how to attach a file to a JIRA issue. Where should I be looking?
Thanks,
Yoel
-----Original Message-----
From: ammulder@gmail.com on behalf of Aaron Mulder
Sent: Fri 2/16/2007 2:24 PM
To: user@geronimo.apache.org
Cc:
Subject: Re: Gbean within a signed jar
Can you create a Jira issue to investigate that approach? I'm not
sure whether it would work but it sounds like it's worth following up
on. If you can attach a small example that demonstrates the problem,
that would be great too. (If nothing else, maybe we could just try
the repackaging approach if we notice that the original JAR was
signed.)
Thanks,
Aaron
On 2/16/07, Spotts, Joel (ISS Atlanta) <js...@us.ibm.com> wrote:
> Is it possible the geronimo code creates the proxy in the same package as the target class? If the proxy was created in a different package (like proxy.<targetclass proxy>), IIRC, no SecurityException would be thrown.
>
> Thanks,
>
> Yoel
>
> -----Original Message-----
> From: Dain Sundstrom [mailto:dain@iq80.com]
> Sent: Mon 2/12/2007 10:23 PM
> To: user@geronimo.apache.org
> Cc:
> Subject: Re: Gbean within a signed jar
>
>
>
> Alternatively, just change the code that complains about the
> signature. We could add a flag to the Geronimo class loader to hide
> all signing data.
>
> -dain
>
>
>
>
>
RE: Gbean within a signed jar
Posted by "Spotts, Joel (ISS Atlanta)" <js...@us.ibm.com>.
Is it possible the geronimo code creates the proxy in the same package as the target class? If the proxy was created in a different package (like proxy.<targetclass proxy>), IIRC, no SecurityException would be thrown.
Thanks,
Yoel
-----Original Message-----
From: Dain Sundstrom [mailto:dain@iq80.com]
Sent: Mon 2/12/2007 10:23 PM
To: user@geronimo.apache.org
Cc:
Subject: Re: Gbean within a signed jar
Alternatively, just change the code that complains about the
signature. We could add a flag to the Geronimo class loader to hide
all signing data.
-dain