f



security exceptions after jar repacking

Hi,I want to deploy my application as a single jar file. Therefore, I unpackedall jars that are used as libraries together with my classes and created anew jar that contains my classes and all contents from the other jars.When the application is then started (java -jar myapp.jar), I get a securityexception telling me that there are wrong entries in the manifest file forsome classes.Has someone done this before? I just want my app to reside in a single jarfile.Regards,Magnus
0
Magnus
4/17/2007 3:09:07 AM
comp.lang.java.programmer 52714 articles. 1 followers. Post Follow

15 Replies
526 Views

Similar Articles

[PageSpeed] 24

Magnus Warker wrote:> > I want to deploy my application as a single jar file. Therefore, I unpacked> all jars that are used as libraries together with my classes and created a> new jar that contains my classes and all contents from the other jars.> > When the application is then started (java -jar myapp.jar), I get a security> exception telling me that there are wrong entries in the manifest file for> some classes.What is the exact message you are getting? And what's in the relevant section of the manifest?Are one or more of the jars signed? All the files in jar should be signed together (there is an option to allow partial signing, but I would strongly discourage its use).Tom Hawtin
0
Tom
4/17/2007 12:35:53 PM
Dear Tom,thank you for your reply.I have copied the exact error message below:--- Error Message Begin ---Exception in thread "main" java.lang.SecurityException: no manifiest sectionfor�signature file entry javax/mail/internet/AsciiOutputStream.class� � � � at sun.security.util.SignatureFileVerifier.verifySection(UnknownSource)� � � � at sun.security.util.SignatureFileVerifier.processImpl(UnknownSource)� � � � at sun.security.util.SignatureFileVerifier.process(Unknown Source)� � � � at java.util.jar.JarVerifier.processEntry(Unknown Source)� � � � at java.util.jar.JarVerifier.update(Unknown Source)� � � � at java.util.jar.JarFile.initializeVerifier(Unknown Source)� � � � at java.util.jar.JarFile.getInputStream(Unknown Source)� � � � at sun.misc.URLClassPath$JarLoader$1.getInputStream(Unknown Source)� � � � at sun.misc.Resource.cachedInputStream(Unknown Source)� � � � at sun.misc.Resource.getByteBuffer(Unknown Source)� � � � at java.net.URLClassLoader.defineClass(Unknown Source)� � � � at java.net.URLClassLoader.access$100(Unknown Source)� � � � at java.net.URLClassLoader$1.run(Unknown Source)� � � � at java.security.AccessController.doPrivileged(Native Method)� � � � at java.net.URLClassLoader.findClass(Unknown Source)� � � � at java.lang.ClassLoader.loadClass(Unknown Source)� � � � at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)� � � � at java.lang.ClassLoader.loadClass(Unknown Source)� � � � at java.lang.ClassLoader.loadClassInternal(Unknown Source)--- Error Message End ---The application uses the following jar libraries for mail processing:��������activation.jar��������commons-email-1.0.jar��������mail.jarI have tried to create the new jar with an empty manifiest file, or to mergethe manifiest files from the jar libraries, but nothing worked.If it was possible, I would prefer to do it without signatures. I just wantto deploy one single jar file.The repacking is done with an ant script. This script umpacks all jars in atemporary folder and repacks it together with the application class filesusing the following command:��������<jar jarfile="${basedir}/ship/myApp.jar"����������������filesetmanifest="merge">��������������������������������<fileset dir="${basedir}/cls">����������������</fileset>����������������������������������������<fileset dir="${basedir}/tmp">����������������</fileset>����������������������������������������<manifest>������������������������<attribute name="Main-Class"value="myApp.Application" />����������������</manifest>��������</jar>Any hints are welcome!RegardsMagnus
0
Magnus
4/17/2007 3:52:07 PM
Magnus Warker wrote:> Exception in thread "main" java.lang.SecurityException: no manifiest section> for>  signature file entry javax/mail/internet/AsciiOutputStream.class>         at sun.security.util.SignatureFileVerifier.verifySection(Unknown> Source)> >         at sun.security.util.SignatureFileVerifier.processImpl(Unknown> Source)>         at sun.security.util.SignatureFileVerifier.process(Unknown Source)>         at java.util.jar.JarVerifier.processEntry(Unknown Source)>         at java.util.jar.JarVerifier.update(Unknown Source)Looks like you still have files in META-INF from the original jars that deal with signing. In particular, remove files with the .SF extension, as well as any other junk. (There are a number of files to do with signing: there are signatures in the manifest, then that is signed by another file and another file signs that file...)Tom Hawtin
0
Tom
4/17/2007 4:26:58 PM
Magnus Warker skrev:> Dear Tom,> > thank you for your reply.> > I have copied the exact error message below:> > --- Error Message Begin ---> Exception in thread "main" java.lang.SecurityException: no manifiest sectionStrange spelling of "manifest". Did you really copy the message exactly?> for>  signature file entry javax/mail/internet/AsciiOutputStream.class>         at sun.security.util.SignatureFileVerifier.verifySection(Unknown> Source)
0
Lars
4/17/2007 4:27:13 PM
Lars Enderin wrote:> Magnus Warker skrev:>> Exception in thread "main" java.lang.SecurityException: no manifiest >> section> > Strange spelling of "manifest". Did you really copy the message exactly?He'd have to have been really bored to copy out the entire exception stack trace.../home/tackline/sun/src-6-u1-03/j2se/src/share/classes/sun/security/util/SignatureFileVerifier.java:                "no manifiest section for signature file entry "+name);Perhaps it was written by a Spaniard. If it worries you that much, you could log a bug in the Bug Parade.Tom Hawtin
0
Tom
4/17/2007 5:28:07 PM
Tom Hawtin skrev:> Lars Enderin wrote:>> Magnus Warker skrev:> >>> Exception in thread "main" java.lang.SecurityException: no manifiest >>> section>>>> Strange spelling of "manifest". Did you really copy the message exactly?> > He'd have to have been really bored to copy out the entire exception > stack trace...> > /home/tackline/sun/src-6-u1-03/j2se/src/share/classes/sun/security/util/SignatureFileVerifier.java: >               "no manifiest section for signature file entry "+name);> > Perhaps it was written by a Spaniard. If it worries you that much, you > could log a bug in the Bug Parade.> I'm not worried. I was aware of the possibility that the spelling error was in the software, but I asked anyway to make sure.
0
Lars
4/17/2007 5:39:55 PM
Magnus Warker wrote:> I want to deploy my application as a single jar file. Therefore, I unpacked> all jars that are used as libraries together with my classes and created a> new jar that contains my classes and all contents from the other jars.If any of the library JARS are signed and check themselves, or are checked by something else, or have META-INF/ entries other than manifests, you basically cannot do this at all.
0
Esmond
4/18/2007 2:19:55 AM
Dear Tom,

I once made a try and deleted nearly everything in the META-INF folder,
which was collected when extracting all the jar libraries.

I think this resulted in another error message. I'll check this later and
then also post this result.

The problem came up when I added JavaMail to my application, which needs the
jar files I listed. I believe that this does something with signatures.

Thank you,
Magnus


Tom Hawtin wrote:

> Magnus Warker wrote:
>> Exception in thread "main" java.lang.SecurityException: no manifiest
>> section for
>>  signature file entry javax/mail/internet/AsciiOutputStream.class
>>         at sun.security.util.SignatureFileVerifier.verifySection(Unknown
>> Source)
>> 
>>         at sun.security.util.SignatureFileVerifier.processImpl(Unknown
>> Source)
>>         at sun.security.util.SignatureFileVerifier.process(Unknown
>>         Source) at java.util.jar.JarVerifier.processEntry(Unknown Source)
>>         at java.util.jar.JarVerifier.update(Unknown Source)
> 
> Looks like you still have files in META-INF from the original jars that
> deal with signing. In particular, remove files with the .SF extension,
> as well as any other junk. (There are a number of files to do with
> signing: there are signatures in the manifest, then that is signed by
> another file and another file signs that file...)
> 
> Tom Hawtin

0
Magnus
4/18/2007 2:57:04 AM
Dear Esmond,does this mean that I have to deploy my application together with the jarlibraries as a bunch of files?Can't I switch off signature checking somehow?Thank you,MagnusEsmond Pitt wrote:> Magnus Warker wrote:> >> I want to deploy my application as a single jar file. Therefore, I>> unpacked all jars that are used as libraries together with my classes and>> created a new jar that contains my classes and all contents from the>> other jars.> > If any of the library JARS are signed and check themselves, or are> checked by something else, or have META-INF/ entries other than> manifests, you basically cannot do this at all.
0
Magnus
4/18/2007 3:18:41 AM
On Apr 18, 4:18 am, Magnus Warker <mag...@warker.co> wrote:> Dear Esmond,>> does this mean that I have to deploy my application together with the jar> libraries as a bunch of files?>> Can't I switch off signature checking somehow?You have to deploy any libraries that your application references inseparate jar files (the ones they came in). Extracting them and addingthem to your own jar file will cause all sorts of legal/licensingissues (unless all the libraries, plus your application are issuedunder similar licenses, and all the licenses are packaged in the jarfile and identify which individual class files they cover).You should distribute your application in a zip or other archive, thatwhen extracted creates your application jar file, plus those of anylibraries you reference (and their licenses). Then use the Class-Pathelement in the manifest file of your application jar to tell it toload classes from the other jar files.See http://java.sun.com/docs/books/tutorial/deployment/jar/downman.htmlKF
0
KnightFire
4/18/2007 10:47:02 AM
Magnus Warker <magnus@warker.co> wrote:> I want to deploy my application as a single jar file. Therefore, I unpacked> all jars that are used as libraries together with my classes and created a> new jar that contains my classes and all contents from the other jars.> > When the application is then started (java -jar myapp.jar), I get a security> exception telling me that there are wrong entries in the manifest file for> some classes.Okay, so you need to preserve some manifest entries for files in the JAR.  That isn't a really easy thing to do by hand.Are you sure you need to do this?  Note that in addition to the technical problems you're running into, this is often in violation of your agreements with library authors.-- Chris Smith
0
Chris
4/18/2007 12:35:48 PM
Dear Chris & KnightFire,thank you for these notes. As a workaround I did it the way you told it, andI think I have to leave it that way, although it would have been more niceif everything were in one file.Thank you,Magnus
0
Magnus
4/18/2007 3:40:58 PM
Magnus Warker wrote:..>...although it would have been more nice>if everything were in one file.Nice for who?  If you want to make it nice for the end user, look to web start.  'One click'* install.* Prompted for more choices and options, dependingon the launch file.-- Andrew Thompsonhttp://www.athompson.info/andrew/Message posted via http://www.javakb.com
0
Andrew
4/18/2007 10:47:58 PM
Dear Andrew,but in this case I have to provide a web server, right?Regards,Magnus> If you want to make it nice for the > end user, look to web start.  'One click'* install.
0
Magnus
4/19/2007 3:22:25 AM
Magnus Warker wrote:
..

Please refrain from top-posting, I find it very confusing.
<http://www.physci.org/codes/javafaq.html#toppost>
(post rearranged)

>> If you want to make it nice for the 
>> end user, look to web start.  'One click'* install.
..
>but in this case I have to provide a web server, right?

No.  JWS is primarily aimed at web servers, but 
applications can also be installed from a disk.

(Besides, with the number of places offering free 
web space, it is not too difficult to get a server.)

-- 
Andrew Thompson
http://www.athompson.info/andrew/

Message posted via http://www.javakb.com

0
Andrew
4/19/2007 5:19:02 AM
Reply: