11 Replies Latest reply on Aug 2, 2006 10:10 AM by magdalena.piller

Javassist throws SecurityException on new 4.0.4GA

phon Jul 4, 2006 11:38 AM

i just switched to from 4.0.3SP1 with EJB3 RC5 to 4.0.4GA with EJB3 RC8.
i develop a Swing application in Eclipse and deploy it using Java Webstart.

The server-side ear is still deploying fine on 4.0.4GA.
Running the client from inside my development environment (Eclipse) works great too!
Problems arise when i deploy the application with java webstart. Javassist seems to have problems with classes having the wrong signature. I sign my client jar and all the necessary libraries with the same certificate, i tripled checked this (i get no classnotfound errors in Eclipse, so i guess i have all the client libs).

The problem arises when i try to load a entity with some atributes lazy initialised. I get the following exception (i left out the MarshallException/RuntimeException part) :

Caused by: org.hibernate.HibernateException: Javassist Enhancement failed: com.acme.entities.contact.Dummy
 at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.getProxy(JavassistLazyInitializer.java:88)
 at org.hibernate.proxy.pojo.javassist.SerializableProxy.readResolve(SerializableProxy.java:54)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
 at java.lang.reflect.Method.invoke(Unknown Source)
 at java.io.ObjectStreamClass.invokeReadResolve(Unknown Source)
 at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
 at java.io.ObjectInputStream.readObject0(Unknown Source)
 at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
 at java.io.ObjectInputStream.readSerialData(Unknown Source)
 at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
 at java.io.ObjectInputStream.readObject0(Unknown Source)
 at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
 at java.io.ObjectInputStream.readSerialData(Unknown Source)
 at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
 at java.io.ObjectInputStream.readObject0(Unknown Source)
 at java.io.ObjectInputStream.readObject(Unknown Source)
 at java.util.ArrayList.readObject(Unknown Source)
 at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
 at java.lang.reflect.Method.invoke(Unknown Source)
 at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
 at java.io.ObjectInputStream.readSerialData(Unknown Source)
 at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
 at java.io.ObjectInputStream.readObject0(Unknown Source)
 at java.io.ObjectInputStream.readObject(Unknown Source)
 at org.jboss.aop.joinpoint.InvocationResponse.readExternal(InvocationResponse.java:122)
 at java.io.ObjectInputStream.readExternalData(Unknown Source)
 at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
 at java.io.ObjectInputStream.readObject0(Unknown Source)
 at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
 at java.io.ObjectInputStream.readSerialData(Unknown Source)
 at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
 at java.io.ObjectInputStream.readObject0(Unknown Source)
 at java.io.ObjectInputStream.readObject(Unknown Source)
 at org.jboss.remoting.serialization.impl.java.JavaSerializationManager.receiveObject(JavaSerializationManager.java:128)
 at org.jboss.remoting.marshal.serializable.SerializableUnMarshaller.read(SerializableUnMarshaller.java:66)
 at org.jboss.remoting.transport.socket.SocketClientInvoker.transport(SocketClientInvoker.java:279)
 ... 18 more
Caused by: java.lang.RuntimeException: by java.lang.SecurityException: class "com.acme.entities.contact.Dummy_$$_javassist_0"'s signer information does not match signer information of other classes in the same package
 at javassist.util.proxy.ProxyFactory.createClass(ProxyFactory.java:173)
 at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.getProxy(JavassistLazyInitializer.java:79)
 ... 56 more
Caused by: javassist.CannotCompileException: by java.lang.SecurityException: class "com.acme.entities.contact.Dummy_$$_javassist_0"'s signer information does not match signer information of other classes in the same package
 at javassist.util.proxy.FactoryHelper.toClass(FactoryHelper.java:125)
 at javassist.util.proxy.ProxyFactory.createClass(ProxyFactory.java:169)
 ... 57 more
Caused by: java.lang.SecurityException: class "com.acme.entities.contact.Dummy_$$_javassist_0"'s signer information does not match signer information of other classes in the same package
 at java.lang.ClassLoader.checkCerts(Unknown Source)
 at java.lang.ClassLoader.preDefineClass(Unknown Source)
 at java.lang.ClassLoader.defineClass(Unknown Source)
 at java.lang.ClassLoader.defineClass(Unknown Source)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
 at java.lang.reflect.Method.invoke(Unknown Source)
 at javassist.util.proxy.FactoryHelper.toClass(FactoryHelper.java:117)
 ... 58 more

No jars in the ear or the ear itself are signed (it wasn't necessary in 4.0.3SP1)
When i sign the .ear file, behaviour is tha same.
When i try signing the particular jar inside the ear that contains these classes i get following exception on deployment:

org.jboss.deployment.DeploymentException: Error in accessing application metadata: ; - nested throwable: (java.lang.SecurityException: SHA1 digest error for
 at org.jboss.deployment.DeploymentException.rethrowAsDeploymentException(DeploymentException.java:53)
 at org.jboss.deployment.EARDeployer.init(EARDeployer.java:275)
 at org.jboss.deployment.MainDeployer.init(MainDeployer.java:861)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:798)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:771)
 at sun.reflect.GeneratedMethodAccessor50.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
 at $Proxy8.deploy(Unknown Source)
 at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:421)
 at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:610)
 at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:263)
 at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.loop(AbstractDeploymentScanner.java:274)
 at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.run(AbstractDeploymentScanner.java:225)
Caused by: java.lang.SecurityException: SHA1 digest error for dummy-all.jar
 at sun.security.util.ManifestEntryVerifier.verify(ManifestEntryVerifier.java:196)
 at java.util.jar.JarVerifier.processEntry(JarVerifier.java:201)
 at java.util.jar.JarVerifier.update(JarVerifier.java:188)
 at java.util.jar.JarVerifier$VerifierStream.read(JarVerifier.java:403)
 at java.io.FilterInputStream.read(FilterInputStream.java:111)
 at java.io.FilterInputStream.read(FilterInputStream.java:90)
 at org.jboss.util.file.JarUtils.extractNestedJar(JarUtils.java:380)
 at org.jboss.deployment.EARDeployer.init(EARDeployer.java:211)

anyone knows what could cause this problem ? am i doing something wrong ?

thank you very much in advance!

1. Re: Javassist throws SecurityException on new 4.0.4GA

wolfc Jul 4, 2006 1:54 PM (in response to phon)

Did the application work correctly in JBoss 4.0.3SP1 with webstart?
Actions
2. Re: Javassist throws SecurityException on new 4.0.4GA

phon Jul 5, 2006 3:17 AM (in response to phon)

yes it did, and i never signed the .ear files or any other file that i deployed on JBoss..
Actions
3. Re: Javassist throws SecurityException on new 4.0.4GA

wolfc Jul 5, 2006 4:19 AM (in response to phon)

But you did sign the application jar (for webstart) when running with JBoss 4.0.3SP1?
Actions
4. Re: Javassist throws SecurityException on new 4.0.4GA

phon Jul 5, 2006 5:45 AM (in response to phon)

thank you very much for replying!

yes all the client libs (my client jar as well as other necessary libs (ejb3,jboss,jasperreports, log4j, etc) were always signed, because otherwise the client isn't allowed to connect to external hosts, which is necessary to reach the jboss server..
Actions
5. Re: Javassist throws SecurityException on new 4.0.4GA

wolfc Jul 6, 2006 3:56 AM (in response to phon)

As of yet, I haven't got a clue.

Please try a post in the Javassist user forum, maybe they can help out.
Actions
6. Re: Javassist throws SecurityException on new 4.0.4GA

phon Jul 7, 2006 3:18 AM (in response to phon)

ok, thanks for the help
i post my question there
Actions
7. Re: Javassist throws SecurityException on new 4.0.4GA

phon Jul 10, 2006 2:05 AM (in response to phon)

i noticed the following in my log :

08:01:35,948 INFO [Environment] Hibernate 3.2 cr2
08:01:35,957 INFO [Environment] hibernate.properties not found
08:01:35,980 INFO [Environment] Bytecode provider name : javassist

is there any way to disable javassist or to switch it back to CGLib maybe ?
Actions
8. Re: Javassist throws SecurityException on new 4.0.4GA

epbernard Jul 10, 2006 7:34 AM (in response to phon)

change the java command line and add
-Dhibernate.bytecode.provider cglib
Actions
9. Re: Javassist throws SecurityException on new 4.0.4GA

phon Jul 10, 2006 9:14 AM (in response to phon)

thanks for the reply
i found the same solution in the source of the Environment class where it stated that it has this parameter and accept the value "javassist" and "cglib". Couldn't find this in any documentation though..

It solved my problem, so i'm happy :)
Actions
10. Re: Javassist throws SecurityException on new 4.0.4GA

ana_oleski Jul 24, 2006 9:32 AM (in response to phon)
Hi,

how in the world did you change your setting from javassist to cglib?
I've beeen fighting for hours with it now.

I've tried
-Dhibernate.bytecode.provider=cglib
when starting jboss and
<property name="hibernate.bytecode.provider" value="cglib" />
in persistence.xml to no avail

JBoss console:
[Environment] Bytecode provider name : javassist

I added a hibernate.properties to classpath with the entry

hibernate.bytecode.provider=cglib

JBoss console:
INFO [Environment] loaded properties from resource hibernate.properties: {hibernate.bytecode.use_reflection_optimizer=false, hibernate.bytecode.provider=cglib} INFO [Environment] Bytecode provider name : javassist

which is just as frustrating.

I've searched the jboss installation for the text "bytecode.provider" and found a file persistence.properties in ejb3.deployer/META-INF with the following lines
# I don't think this is honored, but EJB3Deployer uses it hibernate.bytecode.provider=javassist

By the way, is this file mentioned anywhere in the EJB3 documentation and I missed it? Anyway, I commented out the lines, hoping my application setting will then finally be considered, but still no success.

Then I figured that if no value is provided, javassist must be the default somewhere in jboss code so I changed the setting to

hibernate.bytecode.provider=cglib

and then jboss finally said

INFO [Environment] Bytecode provider name : cglib

Surely there must be a way to make changing this setting easier ...

Ana
Actions
11. Re: Javassist throws SecurityException on new 4.0.4GA

magdalena.piller Aug 2, 2006 10:10 AM (in response to phon)

Unfortunately, if using standard JBoss and Hibernate (no EJB3), the use of javassist is forced in the Hibernate MBean (createService() method of org.jboss.hibernate.jmx.Hibernate by hardcoding the property.
To work around this I patched two classes:
1. Hibernate.java (remove createService() method or change the System.setProperty(..) line from javassist to cglib)
2. HibernateMBean (no changes, needed because Hibernate.java implements it).
I don't know if there is an easier way to solve this, but at least it works.
I can now send lazy Hibernate pojos (containing proxies) to the client without exceptions crashing down on me...
htah
Actions

Go to original post