2 Replies Latest reply on Sep 25, 2015 7:15 AM by pouget

    SecurityException when deploying Jars

    pouget
    pouget Sep 23, 2015 10:16 AM

      Hi,

       

      We have been trying to get CA DevTest agent to work on JBoss platform. It works fine, when there are no application deployments done on JBoss. And the applications deploy and work fine without the agent. However, when we try to deploy the applications when starting JBoss the following exception is caught:

       

      13:39:00,354 WARN  [org.jboss.modules] (ServerService Thread Pool -- 58) Failed to define class org.codehaus.janino.ClassBodyEvaluator in Module "xx.jboss.service.platform:5.0" from local module loader @490ab6fa (finder: local module finder @5e72fc8c (roots: /opt/platform/service/current/jboss/modules,/opt/platform/service/current/jboss/modules/system/layers/base/.overlays/layer-base-jboss-eap-6.3.2.CP,/opt/platform/service/current/jboss/modules/system/layers/base)): java.lang.SecurityException: class "org.codehaus.janino.ClassBodyEvaluator"'s signer information does not match signer information of other classes in the same package

        at java.lang.ClassLoader.checkCerts(ClassLoader.java:952) [rt.jar:1.7.0_55]

        at java.lang.ClassLoader.preDefineClass(ClassLoader.java:666) [rt.jar:1.7.0_55]

        at java.lang.ClassLoader.defineClass(ClassLoader.java:794) [rt.jar:1.7.0_55]

        at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:361) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:482) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:277) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:92) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.Module.loadModuleClass(Module.java:568) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:205) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:459) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:408) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:389) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:134) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at java.lang.ClassLoader.defineClass1(Native Method) [rt.jar:1.7.0_55]

        at java.lang.ClassLoader.defineClass(ClassLoader.java:800) [rt.jar:1.7.0_55]

        at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:361) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:482) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:277) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:92) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.Module.loadModuleClass(Module.java:568) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:205) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:459) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:408) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:389) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:134) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at ch.qos.logback.core.boolex.JaninoEventEvaluatorBase.start(JaninoEventEvaluatorBase.java:57) [logback-core-1.0.13.jar:]

        at ch.qos.logback.core.joran.action.NestedComplexPropertyIA.end(NestedComplexPropertyIA.java:167) [logback-core-1.0.13.jar:]

        at ch.qos.logback.core.joran.spi.Interpreter.callEndAction(Interpreter.java:317) [logback-core-1.0.13.jar:]

        at ch.qos.logback.core.joran.spi.Interpreter.endElement(Interpreter.java:196) [logback-core-1.0.13.jar:]

        at ch.qos.logback.core.joran.spi.Interpreter.endElement(Interpreter.java:182) [logback-core-1.0.13.jar:]

        at ch.qos.logback.core.joran.spi.EventPlayer.play(EventPlayer.java:62) [logback-core-1.0.13.jar:]

        at ch.qos.logback.core.joran.GenericConfigurator.doConfigure(GenericConfigurator.java:149) [logback-core-1.0.13.jar:]

        at ch.qos.logback.core.joran.GenericConfigurator.doConfigure(GenericConfigurator.java:135) [logback-core-1.0.13.jar:]

        at ch.qos.logback.core.joran.GenericConfigurator.doConfigure(GenericConfigurator.java:99) [logback-core-1.0.13.jar:]

        at ch.qos.logback.core.joran.GenericConfigurator.doConfigure(GenericConfigurator.java:76) [logback-core-1.0.13.jar:]

        at ch.qos.logback.core.joran.GenericConfigurator.doConfigure(GenericConfigurator.java:68) [logback-core-1.0.13.jar:]

        at xx.logging.LogbackConfigurator.configureLogback(LogbackConfigurator.java:103) [xx-core-4.9.jar:]

        at xx.logging.LogbackConfigurator.configure(LogbackConfigurator.java:69) [xx-core-4.9.jar:]

        at xx.petclinicentity.service.v1.logging.PetclinicEntityServiceLoggingInitializationBean.initialize(PetclinicEntityServiceLoggingInitializationBean.java:33) [petclinicentity-service-1.11.jar:]

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_55]

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_55]

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_55]

        at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_55]

        at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptor.java:96) [jboss-as-ee-7.4.2.Final-redhat-2.jar:7.4.2.Final-redhat-2]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]

        at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]

        at org.jboss.as.ee.component.ComponentInstantiatorInterceptor.processInvocation(ComponentInstantiatorInterceptor.java:76) [jboss-as-ee-7.4.2.Final-redhat-2.jar:7.4.2.Final-redhat-2]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]

        at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]

        at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.4.2.Final-redhat-2.jar:7.4.2.Final-redhat-2]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]

        at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:272) [jboss-as-ejb3-7.4.2.Final-redhat-2.jar:7.4.2.Final-redhat-2]

        at org.jboss.as.ejb3.tx.CMTTxInterceptor.requiresNew(CMTTxInterceptor.java:368) [jboss-as-ejb3-7.4.2.Final-redhat-2.jar:7.4.2.Final-redhat-2]

        at org.jboss.as.ejb3.tx.LifecycleCMTTxInterceptor.processInvocation(LifecycleCMTTxInterceptor.java:66) [jboss-as-ejb3-7.4.2.Final-redhat-2.jar:7.4.2.Final-redhat-2]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]

        at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.4.2.Final-redhat-2.jar:7.4.2.Final-redhat-2]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]

        at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:70) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]

        at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]

        at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]

        at org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:162) [jboss-as-ee-7.4.2.Final-redhat-2.jar:7.4.2.Final-redhat-2]

        at org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:135) [jboss-as-ee-7.4.2.Final-redhat-2.jar:7.4.2.Final-redhat-2]

        at org.jboss.as.ee.component.BasicComponent.createInstance(BasicComponent.java:90) [jboss-as-ee-7.4.2.Final-redhat-2.jar:7.4.2.Final-redhat-2]

        at org.jboss.as.ejb3.component.singleton.SingletonComponent.getComponentInstance(SingletonComponent.java:122) [jboss-as-ejb3-7.4.2.Final-redhat-2.jar:7.4.2.Final-redhat-2]

        at org.jboss.as.ejb3.component.singleton.SingletonComponent.start(SingletonComponent.java:137) [jboss-as-ejb3-7.4.2.Final-redhat-2.jar:7.4.2.Final-redhat-2]

        at org.jboss.as.ee.component.ComponentStartService$1.run(ComponentStartService.java:54) [jboss-as-ee-7.4.2.Final-redhat-2.jar:7.4.2.Final-redhat-2]

        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [rt.jar:1.7.0_55]

        at java.util.concurrent.FutureTask.run(FutureTask.java:262) [rt.jar:1.7.0_55]

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_55]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_55]

        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_55]

        at org.jboss.threads.JBossThread.run(JBossThread.java:122)

       

      After a few similar exceptions for other deployments the cause is printed:

       

      Caused by: java.lang.NoClassDefFoundError: org/codehaus/janino/ClassBodyEvaluator

        at java.lang.ClassLoader.defineClass1(Native Method) [rt.jar:1.7.0_55]

        at java.lang.ClassLoader.defineClass(ClassLoader.java:800) [rt.jar:1.7.0_55]

        at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:361) [jboss-modules.jar:1.3.4.Final-redhat-1]

        at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:482) [jboss-modules.jar:1.3.4.Final-redhat-1]

        ... 57 more

      Caused by: java.lang.ClassNotFoundException: org.codehaus.janino.ClassBodyEvaluator from [Module "xx.jboss.service.platform:5.0" from local module loader @490ab6fa (finder: local module finder @5e72fc8c (roots: /opt/platform/service/current/jboss/modules,/opt/platform/service/current/jboss/modules/system/layers/base/.overlays/layer-base-jboss-eap-6.3.2.CP,/opt/platform/service/current/jboss/modules/system/layers/base))]

       

      JBoss version is 6.3.2EAP. The CA agent is initialized in standalone configuration using the following:

       

      JAVA_OPTS="$JAVA_OPTS -javaagent:/home/jboss/agent/InsightAgent.jar=url=tcp://xxyyzz.tt:2009,name=LOCALVM40"

       

      The agent itself works, but no applications are deployed successfully. Apparently there is some kind of mismatch between jars/classes, but the agent does not include any of the classes or packages mentioned in the stacktraces. The JBoss uses jandex for indexing the modules. Any ideas on how to avoid this situation are most welcomed.

        • 1. Re: SecurityException when deploying Jars
          ctomc
          ctomc Sep 24, 2015 9:54 AM (in response to pouget)

          Message itself is quite self explainatory.

           

          some of your jars are signed and some are not.

          When using signed jars, java classloader enforces that all classes from same package to have same signer info.

           

          You need to address this, either by having build that signs all jars with same certs at build time

          or clean up your deployment to not use signed jars.

            • Actions
          • 2. Re: SecurityException when deploying Jars
            pouget
            pouget Sep 25, 2015 7:15 AM (in response to ctomc)

            Yes, we arrived to the same conclusion. However, it was enough to remove the signature from the class ClassBodyEvaluator, which was the one the SecurityException mentioned. So even though all the other classes the in the same jar were signed, it doesn't create any additional errors. I still don't understand this behaviour, since the agent is not using any classes from that jar (janino). So the classloader basically just took the first class, checked the signature, reported an error. After removing the signature of the first class it doesn't check the signatures? Or maybe the fact that we removed the DUMMY.* files under META-INF in the jar caused the classloader to ignore signatures?

             

            Be that as it may, I'm happy that it works now .

              • Actions