2 Replies Latest reply on Aug 2, 2006 10:16 AM by magdalena.piller

Javassist throws SecurityException on 4.0.4GA

phon Jul 7, 2006 3:25 AM

i just switched to from 4.0.3SP1 with EJB3 RC5 to 4.0.4GA with EJB3 RC8.
i develop a Swing application in Eclipse and deploy it using Java Webstart.

The server-side ear is still deploying fine on 4.0.4GA.
Running the client from inside my development environment (Eclipse) works great too!
Problems arise when i deploy the application with java webstart. Javassist seems to have problems with classes having the wrong signature. I sign my client jar and all the necessary libraries with the same certificate, i tripled checked this (i get no classnotfound errors in Eclipse, so i guess i have all the client libs).

The problem arises when i try to load a entity with some atributes lazy initialised. I get the following exception (i left out the MarshallException/RuntimeException part) :

Caused by: org.hibernate.HibernateException: Javassist Enhancement failed: com.acme.entities.contact
.Dummy
 at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.getProxy(JavassistLazyInitializer.ja
va:88)
 at org.hibernate.proxy.pojo.javassist.SerializableProxy.readResolve(SerializableProxy.java:54)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
 at java.lang.reflect.Method.invoke(Unknown Source)
 at java.io.ObjectStreamClass.invokeReadResolve(Unknown Source)
 at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
 at java.io.ObjectInputStream.readObject0(Unknown Source)
 at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
 at java.io.ObjectInputStream.readSerialData(Unknown Source)
 at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
 at java.io.ObjectInputStream.readObject0(Unknown Source)
 at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
 at java.io.ObjectInputStream.readSerialData(Unknown Source)
 at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
 at java.io.ObjectInputStream.readObject0(Unknown Source)
 at java.io.ObjectInputStream.readObject(Unknown Source)
 at java.util.ArrayList.readObject(Unknown Source)
 at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
 at java.lang.reflect.Method.invoke(Unknown Source)
 at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
 at java.io.ObjectInputStream.readSerialData(Unknown Source)
 at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
 at java.io.ObjectInputStream.readObject0(Unknown Source)
 at java.io.ObjectInputStream.readObject(Unknown Source)
 at org.jboss.aop.joinpoint.InvocationResponse.readExternal(InvocationResponse.java:122)
 at java.io.ObjectInputStream.readExternalData(Unknown Source)
 at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
 at java.io.ObjectInputStream.readObject0(Unknown Source)
 at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
 at java.io.ObjectInputStream.readSerialData(Unknown Source)
 at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
 at java.io.ObjectInputStream.readObject0(Unknown Source)
 at java.io.ObjectInputStream.readObject(Unknown Source)
 at org.jboss.remoting.serialization.impl.java.JavaSerializationManager.receiveObject(JavaSerializat
ionManager.java:128)
 at org.jboss.remoting.marshal.serializable.SerializableUnMarshaller.read(SerializableUnMarshaller.j
ava:66)
 at org.jboss.remoting.transport.socket.SocketClientInvoker.transport(SocketClientInvoker.java:279)
 ... 18 more
Caused by: java.lang.RuntimeException: by java.lang.SecurityException: class "com.acme.entities.contact.Dummy_$$_javassist_0"'s signer information does not match signer information of other classes in the same package
 at javassist.util.proxy.ProxyFactory.createClass(ProxyFactory.java:173)
 at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.getProxy(JavassistLazyInitializer.ja
va:79)
 ... 56 more
Caused by: javassist.CannotCompileException: by java.lang.SecurityException: class "com.acme.entities.contact.Dummy_$$_javassist_0"'s signer information does not match signer information of other classes in the same package
 at javassist.util.proxy.FactoryHelper.toClass(FactoryHelper.java:125)
 at javassist.util.proxy.ProxyFactory.createClass(ProxyFactory.java:169)
 ... 57 more
Caused by: java.lang.SecurityException: class "com.acme.entities.contact.Dummy_$$_javassist_0"'s signer information does not match signer information of other classes in the same package
 at java.lang.ClassLoader.checkCerts(Unknown Source)
 at java.lang.ClassLoader.preDefineClass(Unknown Source)
 at java.lang.ClassLoader.defineClass(Unknown Source)
 at java.lang.ClassLoader.defineClass(Unknown Source)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
 at java.lang.reflect.Method.invoke(Unknown Source)
 at javassist.util.proxy.FactoryHelper.toClass(FactoryHelper.java:117)
 ... 58 more

No jars in the ear or the ear itself are signed (it wasn't necessary in 4.0.3SP1)
When i sign the .ear file, behaviour is tha same.
When i try signing the particular jar inside the ear that contains these classes i get following exception on deployment:

org.jboss.deployment.DeploymentException: Error in accessing application metadata: ; - nested throwa
ble: (java.lang.SecurityException: SHA1 digest error for
 at org.jboss.deployment.DeploymentException.rethrowAsDeploymentException(DeploymentException
.java:53)
 at org.jboss.deployment.EARDeployer.init(EARDeployer.java:275)
 at org.jboss.deployment.MainDeployer.init(MainDeployer.java:861)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:798)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:771)
 at sun.reflect.GeneratedMethodAccessor50.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterce
ptor.java:142)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
 at $Proxy8.deploy(Unknown Source)
 at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:421)
 at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:610)
 at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeplo
ymentScanner.java:263)
 at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.loop(AbstractDeploym
entScanner.java:274)
 at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.run(AbstractDeployme
ntScanner.java:225)
Caused by: java.lang.SecurityException: SHA1 digest error for dummy-all.jar
 at sun.security.util.ManifestEntryVerifier.verify(ManifestEntryVerifier.java:196)
 at java.util.jar.JarVerifier.processEntry(JarVerifier.java:201)
 at java.util.jar.JarVerifier.update(JarVerifier.java:188)
 at java.util.jar.JarVerifier$VerifierStream.read(JarVerifier.java:403)
 at java.io.FilterInputStream.read(FilterInputStream.java:111)
 at java.io.FilterInputStream.read(FilterInputStream.java:90)
 at org.jboss.util.file.JarUtils.extractNestedJar(JarUtils.java:380)
 at org.jboss.deployment.EARDeployer.init(EARDeployer.java:211)

anyone knows what could cause this problem ? am i doing something wrong ?

thank you very much in advance!

1. Re: Javassist throws SecurityException on 4.0.4GA

peter_p Jul 26, 2006 1:43 AM (in response to phon)
Hi,

I've made similar experiences. Instead of EJB3 I'm directly working
with hibernate and using the JBoss Hibernate MBean to bind my
sessionfactory to the JNDI Tree.
My Client is a webstart application and I'am forced to sign my classes.
In the EJB3 Forum this error is posted, too. The thread suggests to
switch back to cglib in order to solve this problem. One should use the
-Dhibernate.bytecode.provide=cglib Option to change the implementation
to cglib.
Using this switch together with the Hibernate MBean you will see that it
is ignored because the MBean overrides it on construction:

protected void createService() throws Exception { log.trace( "forcing bytecode provider -> javassist" ); // todo : really need a much better solution for this... System.setProperty( Environment.BYTECODE_PROVIDER, "javassist" ); }

Thus, I suppose javassist is the prefered way to do bytecode enhancement.
Does anybody know a workaround for this error?

Are there plans to fix this error?

regards
Peter
Actions
2. Re: Javassist throws SecurityException on 4.0.4GA

magdalena.piller Aug 2, 2006 10:16 AM (in response to phon)

See http://www.jboss.org/index.html?module=bb&op=viewtopic&t=86117

You can override Hibernate.java and HibernateMBean.java and change the createService() method to your likings.
Actions

Go to original post