 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / April 2007security exceptions after jar repacking
Hi, I want to deploy my application as a single jar file. Therefore, I unpacked all jars that are used as libraries together with my classes and created a new jar that contains my classes and all contents from the other jars. When the application is then started (java -jar myapp.jar), I get a security exception telling me that there are wrong entries in the manifest file for some classes. Has someone done this before? I just want my app to reside in a single jar file. Regards, Magnus > I want to deploy my application as a single jar file. Therefore, I unpacked > all jars that are used as libraries together with my classes and created a [quoted text clipped - 3 lines] > exception telling me that there are wrong entries in the manifest file for > some classes. What is the exact message you are getting? And what's in the relevant section of the manifest? Are one or more of the jars signed? All the files in jar should be signed together (there is an option to allow partial signing, but I would strongly discourage its use). Tom Hawtin Dear Tom, thank you for your reply. I have copied the exact error message below: --- Error Message Begin --- Exception in thread "main" java.lang.SecurityException: no manifiest section for signature file entry javax/mail/internet/AsciiOutputStream.class at sun.security.util.SignatureFileVerifier.verifySection(Unknown Source) at sun.security.util.SignatureFileVerifier.processImpl(Unknown Source) at sun.security.util.SignatureFileVerifier.process(Unknown Source) at java.util.jar.JarVerifier.processEntry(Unknown Source) at java.util.jar.JarVerifier.update(Unknown Source) at java.util.jar.JarFile.initializeVerifier(Unknown Source) at java.util.jar.JarFile.getInputStream(Unknown Source) at sun.misc.URLClassPath$JarLoader$1.getInputStream(Unknown Source) at sun.misc.Resource.cachedInputStream(Unknown Source) at sun.misc.Resource.getByteBuffer(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.access$100(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) --- Error Message End --- The application uses the following jar libraries for mail processing: activation.jar commons-email-1.0.jar mail.jar I have tried to create the new jar with an empty manifiest file, or to merge the manifiest files from the jar libraries, but nothing worked. If it was possible, I would prefer to do it without signatures. I just want to deploy one single jar file. The repacking is done with an ant script. This script umpacks all jars in a temporary folder and repacks it together with the application class files using the following command: <jar jarfile="${basedir}/ship/myApp.jar" filesetmanifest="merge"> <fileset dir="${basedir}/cls"> </fileset> <fileset dir="${basedir}/tmp"> </fileset> <manifest> <attribute name="Main-Class" value="myApp.Application" /> </manifest> </jar> Any hints are welcome! Regards Magnus > Exception in thread "main" java.lang.SecurityException: no manifiest section > for [quoted text clipped - 7 lines] > at java.util.jar.JarVerifier.processEntry(Unknown Source) > at java.util.jar.JarVerifier.update(Unknown Source) Looks like you still have files in META-INF from the original jars that deal with signing. In particular, remove files with the .SF extension, as well as any other junk. (There are a number of files to do with signing: there are signatures in the manifest, then that is signed by another file and another file signs that file...) Tom Hawtin Dear Tom, I once made a try and deleted nearly everything in the META-INF folder, which was collected when extracting all the jar libraries. I think this resulted in another error message. I'll check this later and then also post this result. The problem came up when I added JavaMail to my application, which needs the jar files I listed. I believe that this does something with signatures. Thank you, Magnus >> Exception in thread "main" java.lang.SecurityException: no manifiest >> section for [quoted text clipped - 15 lines] > > Tom Hawtin Magnus Warker skrev: > Dear Tom, > [quoted text clipped - 4 lines] > --- Error Message Begin --- > Exception in thread "main" java.lang.SecurityException: no manifiest section Strange spelling of "manifest". Did you really copy the message exactly? > for > signature file entry javax/mail/internet/AsciiOutputStream.class > at sun.security.util.SignatureFileVerifier.verifySection(Unknown > Source) > Magnus Warker skrev: >> Exception in thread "main" java.lang.SecurityException: no manifiest >> section > > Strange spelling of "manifest". Did you really copy the message exactly? He'd have to have been really bored to copy out the entire exception stack trace... /home/tackline/sun/src-6-u1-03/j2se/src/share/classes/sun/security/util/SignatureFileVerifier.java: "no manifiest section for signature file entry "+name); Perhaps it was written by a Spaniard. If it worries you that much, you could log a bug in the Bug Parade. Tom Hawtin Tom Hawtin skrev: >> Magnus Warker skrev: > [quoted text clipped - 11 lines] > Perhaps it was written by a Spaniard. If it worries you that much, you > could log a bug in the Bug Parade. I'm not worried. I was aware of the possibility that the spelling error was in the software, but I asked anyway to make sure. > I want to deploy my application as a single jar file. Therefore, I unpacked > all jars that are used as libraries together with my classes and created a > new jar that contains my classes and all contents from the other jars. If any of the library JARS are signed and check themselves, or are checked by something else, or have META-INF/ entries other than manifests, you basically cannot do this at all. Dear Esmond, does this mean that I have to deploy my application together with the jar libraries as a bunch of files? Can't I switch off signature checking somehow? Thank you, Magnus >> I want to deploy my application as a single jar file. Therefore, I >> unpacked all jars that are used as libraries together with my classes and [quoted text clipped - 4 lines] > checked by something else, or have META-INF/ entries other than > manifests, you basically cannot do this at all. > Dear Esmond, > > does this mean that I have to deploy my application together with the jar > libraries as a bunch of files? > > Can't I switch off signature checking somehow? You have to deploy any libraries that your application references in separate jar files (the ones they came in). Extracting them and adding them to your own jar file will cause all sorts of legal/licensing issues (unless all the libraries, plus your application are issued under similar licenses, and all the licenses are packaged in the jar file and identify which individual class files they cover). You should distribute your application in a zip or other archive, that when extracted creates your application jar file, plus those of any libraries you reference (and their licenses). Then use the Class-Path element in the manifest file of your application jar to tell it to load classes from the other jar files. See http://java.sun.com/docs/books/tutorial/deployment/jar/downman.html KF Dear Chris & KnightFire, thank you for these notes. As a workaround I did it the way you told it, and I think I have to leave it that way, although it would have been more nice if everything were in one file. Thank you, Magnus .. >...although it would have been more nice >if everything were in one file. Nice for who? If you want to make it nice for the end user, look to web start. 'One click'* install. * Prompted for more choices and options, depending on the launch file.  SignatureAndrew Thompson http://www.athompson.info/andrew/ Dear Andrew, but in this case I have to provide a web server, right? Regards, Magnus > If you want to make it nice for the > end user, look to web start. 'One click'* install. .. Please refrain from top-posting, I find it very confusing. <http://www.physci.org/codes/javafaq.html#toppost> (post rearranged) >> If you want to make it nice for the >> end user, look to web start. 'One click'* install. .. >but in this case I have to provide a web server, right? No. JWS is primarily aimed at web servers, but applications can also be installed from a disk. (Besides, with the number of places offering free web space, it is not too difficult to get a server.) SignatureAndrew Thompson http://www.athompson.info/andrew/ > I want to deploy my application as a single jar file. Therefore, I unpacked > all jars that are used as libraries together with my classes and created a [quoted text clipped - 3 lines] > exception telling me that there are wrong entries in the manifest file for > some classes. Okay, so you need to preserve some manifest entries for files in the JAR. That isn't a really easy thing to do by hand. Are you sure you need to do this? Note that in addition to the technical problems you're running into, this is often in violation of your agreements with library authors. SignatureChris Smith Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.