Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 8.0.0.Alpha2
Component/s: Class Loading
Labels:
None

Steps to Reproduce:
Hide

Sign files inside an EAR archive with jarsigner (.war and .jar)

Write a servlet calling this.getProtectionDomain().getCodeSource().getCodeSigners() - null is returned

Write an EJB method and do the same, the good codesigner info is returned
Show
Sign files inside an EAR archive with jarsigner (.war and .jar) Write a servlet calling this.getProtectionDomain().getCodeSource().getCodeSigners() - null is returned Write an EJB method and do the same, the good codesigner info is returned
Forum Reference:
https://community.jboss.org/thread/230044?tstart=0
Workaround Description:

Hide

A solution is to modify EarStructureProcessor to disable explode for WAR deployments (call of "createResourceRoot")

Show
A solution is to modify EarStructureProcessor to disable explode for WAR deployments (call of "createResourceRoot")

Calling getProtectionDomain().getCodeSource().getCodeSigners() for a class of a WAR deployment returns null, even if the WAR file is signed. No problem for EJB JAR.
This is because the WAR file is exploded on disk (the full analysis is described in the forum post).

is blocked by

JBVFS-191 Support getCodeSigners() on RealFileSystem (and RootFileSystem)

Open

is related to

MODULES-288 Add JAR-like entry verification to PathResourceLoader

Open

Assignee:: Unassigned

Reporter:: Christophe Fillot (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2013/07/03 9:27 AM

Updated:: 2020/09/14 5:04 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates