2 Replies Latest reply on Aug 2, 2006 10:16 AM by Magdalena Piller

    Javassist throws SecurityException on 4.0.4GA

    Pieter-Jan Malfait Newbie

      i just switched to from 4.0.3SP1 with EJB3 RC5 to 4.0.4GA with EJB3 RC8.
      i develop a Swing application in Eclipse and deploy it using Java Webstart.

      The server-side ear is still deploying fine on 4.0.4GA.
      Running the client from inside my development environment (Eclipse) works great too!
      Problems arise when i deploy the application with java webstart. Javassist seems to have problems with classes having the wrong signature. I sign my client jar and all the necessary libraries with the same certificate, i tripled checked this (i get no classnotfound errors in Eclipse, so i guess i have all the client libs).

      The problem arises when i try to load a entity with some atributes lazy initialised. I get the following exception (i left out the MarshallException/RuntimeException part) :

      Caused by: org.hibernate.HibernateException: Javassist Enhancement failed: com.acme.entities.contact
      .Dummy
       at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.getProxy(JavassistLazyInitializer.ja
      va:88)
       at org.hibernate.proxy.pojo.javassist.SerializableProxy.readResolve(SerializableProxy.java:54)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at java.io.ObjectStreamClass.invokeReadResolve(Unknown Source)
       at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
       at java.io.ObjectInputStream.readObject0(Unknown Source)
       at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
       at java.io.ObjectInputStream.readSerialData(Unknown Source)
       at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
       at java.io.ObjectInputStream.readObject0(Unknown Source)
       at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
       at java.io.ObjectInputStream.readSerialData(Unknown Source)
       at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
       at java.io.ObjectInputStream.readObject0(Unknown Source)
       at java.io.ObjectInputStream.readObject(Unknown Source)
       at java.util.ArrayList.readObject(Unknown Source)
       at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
       at java.io.ObjectInputStream.readSerialData(Unknown Source)
       at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
       at java.io.ObjectInputStream.readObject0(Unknown Source)
       at java.io.ObjectInputStream.readObject(Unknown Source)
       at org.jboss.aop.joinpoint.InvocationResponse.readExternal(InvocationResponse.java:122)
       at java.io.ObjectInputStream.readExternalData(Unknown Source)
       at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
       at java.io.ObjectInputStream.readObject0(Unknown Source)
       at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
       at java.io.ObjectInputStream.readSerialData(Unknown Source)
       at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
       at java.io.ObjectInputStream.readObject0(Unknown Source)
       at java.io.ObjectInputStream.readObject(Unknown Source)
       at org.jboss.remoting.serialization.impl.java.JavaSerializationManager.receiveObject(JavaSerializat
      ionManager.java:128)
       at org.jboss.remoting.marshal.serializable.SerializableUnMarshaller.read(SerializableUnMarshaller.j
      ava:66)
       at org.jboss.remoting.transport.socket.SocketClientInvoker.transport(SocketClientInvoker.java:279)
       ... 18 more
      Caused by: java.lang.RuntimeException: by java.lang.SecurityException: class "com.acme.entities.contact.Dummy_$$_javassist_0"'s signer information does not match signer information of other classes in the same package
       at javassist.util.proxy.ProxyFactory.createClass(ProxyFactory.java:173)
       at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.getProxy(JavassistLazyInitializer.ja
      va:79)
       ... 56 more
      Caused by: javassist.CannotCompileException: by java.lang.SecurityException: class "com.acme.entities.contact.Dummy_$$_javassist_0"'s signer information does not match signer information of other classes in the same package
       at javassist.util.proxy.FactoryHelper.toClass(FactoryHelper.java:125)
       at javassist.util.proxy.ProxyFactory.createClass(ProxyFactory.java:169)
       ... 57 more
      Caused by: java.lang.SecurityException: class "com.acme.entities.contact.Dummy_$$_javassist_0"'s signer information does not match signer information of other classes in the same package
       at java.lang.ClassLoader.checkCerts(Unknown Source)
       at java.lang.ClassLoader.preDefineClass(Unknown Source)
       at java.lang.ClassLoader.defineClass(Unknown Source)
       at java.lang.ClassLoader.defineClass(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at javassist.util.proxy.FactoryHelper.toClass(FactoryHelper.java:117)
       ... 58 more
      




      No jars in the ear or the ear itself are signed (it wasn't necessary in 4.0.3SP1)
      When i sign the .ear file, behaviour is tha same.
      When i try signing the particular jar inside the ear that contains these classes i get following exception on deployment:

      org.jboss.deployment.DeploymentException: Error in accessing application metadata: ; - nested throwa
      ble: (java.lang.SecurityException: SHA1 digest error for
       at org.jboss.deployment.DeploymentException.rethrowAsDeploymentException(DeploymentException
      .java:53)
       at org.jboss.deployment.EARDeployer.init(EARDeployer.java:275)
       at org.jboss.deployment.MainDeployer.init(MainDeployer.java:861)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:798)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:771)
       at sun.reflect.GeneratedMethodAccessor50.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
       at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
       at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterce
      ptor.java:142)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
       at $Proxy8.deploy(Unknown Source)
       at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:421)
       at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:610)
       at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeplo
      ymentScanner.java:263)
       at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.loop(AbstractDeploym
      entScanner.java:274)
       at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.run(AbstractDeployme
      ntScanner.java:225)
      Caused by: java.lang.SecurityException: SHA1 digest error for dummy-all.jar
       at sun.security.util.ManifestEntryVerifier.verify(ManifestEntryVerifier.java:196)
       at java.util.jar.JarVerifier.processEntry(JarVerifier.java:201)
       at java.util.jar.JarVerifier.update(JarVerifier.java:188)
       at java.util.jar.JarVerifier$VerifierStream.read(JarVerifier.java:403)
       at java.io.FilterInputStream.read(FilterInputStream.java:111)
       at java.io.FilterInputStream.read(FilterInputStream.java:90)
       at org.jboss.util.file.JarUtils.extractNestedJar(JarUtils.java:380)
       at org.jboss.deployment.EARDeployer.init(EARDeployer.java:211)
      



      anyone knows what could cause this problem ? am i doing something wrong ?

      thank you very much in advance!

        • 1. Re: Javassist throws SecurityException on 4.0.4GA
          Peter Potthoff Newbie

          Hi,

          I've made similar experiences. Instead of EJB3 I'm directly working
          with hibernate and using the JBoss Hibernate MBean to bind my
          sessionfactory to the JNDI Tree.
          My Client is a webstart application and I'am forced to sign my classes.
          In the EJB3 Forum this error is posted, too. The thread suggests to
          switch back to cglib in order to solve this problem. One should use the
          -Dhibernate.bytecode.provide=cglib Option to change the implementation
          to cglib.
          Using this switch together with the Hibernate MBean you will see that it
          is ignored because the MBean overrides it on construction:

           protected void createService() throws Exception
           {
           log.trace( "forcing bytecode provider -> javassist" );
           // todo : really need a much better solution for this...
           System.setProperty( Environment.BYTECODE_PROVIDER, "javassist" );
           }
          


          Thus, I suppose javassist is the prefered way to do bytecode enhancement.
          Does anybody know a workaround for this error?

          Are there plans to fix this error?

          regards
          Peter


          • 2. Re: Javassist throws SecurityException on 4.0.4GA
            Magdalena Piller Newbie

            See http://www.jboss.org/index.html?module=bb&op=viewtopic&t=86117

            You can override Hibernate.java and HibernateMBean.java and change the createService() method to your likings.