Uploaded image for project: 'Application Server 7'
  1. Application Server 7
  2. AS7-2888

SecurityException when starting domain mode with signed modules

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • 7.1.0.Final
    • 7.1.0.Beta1
    • Class Loading
    • None
    • Hide

      0. Create your own key if you don't have one

      keytool -genkey -alias my-test-key

      This will create a new key called "my-test-key" in the default keystore location ~/.keystore
      1. Build AS 7
      2. Sign all jars in jboss dist directory with your new key 

      find . -name "*.jar" -exec jarsigner -storepass <yourpassword> '{}' my-test-key \;

      3. Start the server in standalone or domain mode to see the signature errors on the console. The problem doesn't always occur, so you might need to start the server a few times.

      Show
      0. Create your own key if you don't have one keytool -genkey -alias my-test-key This will create a new key called "my-test-key" in the default keystore location ~/.keystore 1. Build AS 7 2. Sign all jars in jboss dist directory with your new key find . -name "*.jar" -exec jarsigner -storepass <yourpassword> '{}' my-test-key \; 3. Start the server in standalone or domain mode to see the signature errors on the console. The problem doesn't always occur, so you might need to start the server a few times.

    Description

      I'm still sometimes seeing the signed jar security exception described in AS7-2724.
      The difference now is that it only seems to happen when starting in domain mode, and it only fails sometimes.

      [Server:server-one] 16:53:28,229 WARN  [org.jboss.modules] (ServerService Thread Pool -- 46) Failed to define class org.omg.CORBA.ORB in Module "org.jacorb:main" from local module loader @1d256fa (roots: /home/pgier/projects/jboss-as/build/target/jboss-as-7.1.0.CR1-SNAPSHOT/modules): java.lang.SecurityException: class "org.omg.CORBA.ORB"'s signer information does not match signer information of other classes in the same package
[Server:server-one] 	at java.lang.ClassLoader.checkCerts(ClassLoader.java:807) [:1.6.0_20]
[Server:server-one] 	at java.lang.ClassLoader.preDefineClass(ClassLoader.java:488) [:1.6.0_20]
[Server:server-one] 	at java.lang.ClassLoader.defineClassCond(ClassLoader.java:626) [:1.6.0_20]
[Server:server-one] 	at java.lang.ClassLoader.defineClass(ClassLoader.java:616) [:1.6.0_20]
[Server:server-one] 	at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141) [:1.6.0_20]
[Server:server-one] 	at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:330) [jboss-modules.jar:1.1.0.CR4]
[Server:server-one] 	at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:411) [jboss-modules.jar:1.1.0.CR4]
[Server:server-one] 	at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:260) [jboss-modules.jar:1.1.0.CR4]
[Server:server-one] 	at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:73) [jboss-modules.jar:1.1.0.CR4]
[Server:server-one] 	at org.jboss.modules.Module.loadModuleClass(Module.java:500) [jboss-modules.jar:1.1.0.CR4]
[Server:server-one] 	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:182) [jboss-modules.jar:1.1.0.CR4]
[Server:server-one] 	at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:485) [jboss-modules.jar:1.1.0.CR4]
[Server:server-one] 	at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:444) [jboss-modules.jar:1.1.0.CR4]
[Server:server-one] 	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:421) [jboss-modules.jar:1.1.0.CR4]
[Server:server-one] 	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:143) [jboss-modules.jar:1.1.0.CR4]
[Server:server-one] 	at java.lang.ClassLoader.defineClass1(Native Method) [:1.6.0_20]
[Server:server-one] 	at java.lang.ClassLoader.defineClassCond(ClassLoader.java:632) [:1.6.0_20]

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem that impairs or prevents the functions of the product. AS7-3606 Strange randomly occurred security exception during startup - possible a race-condition

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is related to

          Bug - A problem that impairs or prevents the functions of the product. MODULES-126 Thread-safety issue in JarFile causes signature validation problem

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              dlloyd@redhat.com David Lloyd
              pgier@redhat.com Paul Gier (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: