Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: EAP_EWP 5.1.1
Affects Version/s: EAP_EWP 5.1.0_CR1
Component/s: RESTEasy
Labels:
None

Steps to Reproduce:

Hide

edit guice-hello pom: remove jetty plugin, disable surefire
mvn install should work then
take the target/guice-hello-1.2.1.GA_CP02.war and replace libs in WEB-INF/lib with their equivalents from jboss-eap-5.1.0.CR1.zip/jboss-eap-5.1/resteasy/lib
deploy this war to EAP5.1.0.CR1 production profile
the deployment should fail

Show
edit guice-hello pom: remove jetty plugin, disable surefire mvn install should work then take the target/guice-hello-1.2.1.GA_CP02.war and replace libs in WEB-INF/lib with their equivalents from jboss-eap-5.1.0.CR1.zip/jboss-eap-5.1/resteasy/lib deploy this war to EAP5.1.0.CR1 production profile the deployment should fail
Affects:

Documentation (Ref Guide, User Guide, etc.), Release Notes
Release Note Text:

Hide
Resteasy-guice applications fail to deploy because of a java.lang.SecurityException. An error message similar to the following is displayed: <screen>java.lang.SecurityException: class "org.jboss.resteasy.examples.guice.hello.DefaultGreeter$$FastClassByGuice$$70fd68d0"'s signer information does not match signer information of other classes in the same package</screen>
This occurs because the cglib.jar in JBoss Enterprise Application Platform is signed, and the cglib-instrumented proxy uses the cglib.jar signer information instead of the signer information of the application target class.

Show
Resteasy-guice applications fail to deploy because of a java.lang.SecurityException. An error message similar to the following is displayed: <screen>java.lang.SecurityException: class "org.jboss.resteasy.examples.guice.hello.DefaultGreeter$$FastClassByGuice$$70fd68d0"'s signer information does not match signer information of other classes in the same package</screen> This occurs because the cglib.jar in JBoss Enterprise Application Platform is signed, and the cglib-instrumented proxy uses the cglib.jar signer information instead of the signer information of the application target class.
Release Note Status:
Documented as Known Issue

Description

the bundled signed jar jboss-eap-5.1.0.CR1.zip/jboss-eap-5.1/resteasy/lib/guice.jar
cannot be used with guice-hello example
when I deployed the war containing this version of jar to EAP, the deployment fails with error message:

java.lang.SecurityException: class "org.jboss.resteasy.examples.guice.hello.DefaultGreeter$$FastClassByGuice$$70fd68d0"'s signer information does not match signer information of other classes in the same package

(see logged-problem.txt for details)

I don't have any theory for this, I just know that this is the issue of signed guice.jar vs unsigned guice.jar, because I tried to isolate this issue in a standalone smaller testapp (no war)
It seems as the CGLib generated class "org.jboss.resteasy.examples.guice.hello.DefaultGreeter$$FastClassByGuice$$70fd68d0" is treated as having the same signer as guice.jar (not cglib.jar, because the combination signed cglib.jar and unsigned guice.jar works) and therefore this conflicts with other classes in "org.jboss.resteasy.examples.guice.hello" which are unsigned.

this would mean that only code with same signer as guice.jar may use this library, which is kinda restraining.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

guice-fail.zip
1.05 MB
2010/07/15 11:56 AM
logged-problem.txt
27 kB
2010/07/15 11:56 AM

Issue Links

relates to

JBPAPP-8465 Signed cglib.jar prevents seam2 spring ftest from working

Closed

Activity

People

Assignee:: Michal Linhard (Inactive)

Reporter:: Michal Linhard (Inactive)

Writer:: Russell Dickenson (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2010/07/15 11:53 AM

Updated:: 2012/03/15 3:26 AM

Resolved:: 2011/10/17 12:47 PM