Details

    • Type: Bug Bug
    • Status: Closed Closed (View Workflow)
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: EAP_EWP 5.1.0_CR1
    • Fix Version/s: EAP_EWP 5.1.1
    • Component/s: RESTEasy
    • Security Level: Public (Everyone can see)
    • Labels:
      None
    • Affects:
      Documentation (Ref Guide, User Guide, etc.), Release Notes
    • Steps to Reproduce:
      Hide

      edit guice-hello pom: remove jetty plugin, disable surefire
      mvn install should work then
      take the target/guice-hello-1.2.1.GA_CP02.war and replace libs in WEB-INF/lib with their equivalents from jboss-eap-5.1.0.CR1.zip/jboss-eap-5.1/resteasy/lib
      deploy this war to EAP5.1.0.CR1 production profile
      the deployment should fail

      Show
      edit guice-hello pom: remove jetty plugin, disable surefire mvn install should work then take the target/guice-hello-1.2.1.GA_CP02.war and replace libs in WEB-INF/lib with their equivalents from jboss-eap-5.1.0.CR1.zip/jboss-eap-5.1/resteasy/lib deploy this war to EAP5.1.0.CR1 production profile the deployment should fail
    • Release Notes Text:
      Hide
      Resteasy-guice applications fail to deploy because of a java.lang.SecurityException. An error message similar to the following is displayed: <screen>java.lang.SecurityException: class "org.jboss.resteasy.examples.guice.hello.DefaultGreeter$$FastClassByGuice$$70fd68d0"'s signer information does not match signer information of other classes in the same package</screen>
      This occurs because the cglib.jar in JBoss Enterprise Application Platform is signed, and the cglib-instrumented proxy uses the cglib.jar signer information instead of the signer information of the application target class.
      Show
      Resteasy-guice applications fail to deploy because of a java.lang.SecurityException. An error message similar to the following is displayed: <screen>java.lang.SecurityException: class "org.jboss.resteasy.examples.guice.hello.DefaultGreeter$$FastClassByGuice$$70fd68d0"'s signer information does not match signer information of other classes in the same package</screen> This occurs because the cglib.jar in JBoss Enterprise Application Platform is signed, and the cglib-instrumented proxy uses the cglib.jar signer information instead of the signer information of the application target class.
    • Release Notes Docs Status:
      Documented as Known Issue
    • Similar Issues:
      Show 10 results 

      Description

      the bundled signed jar jboss-eap-5.1.0.CR1.zip/jboss-eap-5.1/resteasy/lib/guice.jar
      cannot be used with guice-hello example
      when I deployed the war containing this version of jar to EAP, the deployment fails with error message:

      java.lang.SecurityException: class "org.jboss.resteasy.examples.guice.hello.DefaultGreeter$$FastClassByGuice$$70fd68d0"'s signer information does not match signer information of other classes in the same package

      (see logged-problem.txt for details)

      I don't have any theory for this, I just know that this is the issue of signed guice.jar vs unsigned guice.jar, because I tried to isolate this issue in a standalone smaller testapp (no war)
      It seems as the CGLib generated class "org.jboss.resteasy.examples.guice.hello.DefaultGreeter$$FastClassByGuice$$70fd68d0" is treated as having the same signer as guice.jar (not cglib.jar, because the combination signed cglib.jar and unsigned guice.jar works) and therefore this conflicts with other classes in "org.jboss.resteasy.examples.guice.hello" which are unsigned.

      this would mean that only code with same signer as guice.jar may use this library, which is kinda restraining.

        Issue Links

          Activity

          Hide
          Michal Linhard
          added a comment -

          Changing resolution to Won't fix because it's a known issue that won't be fixed.

          Show
          Michal Linhard
          added a comment - Changing resolution to Won't fix because it's a known issue that won't be fixed.
          Hide
          Pavel Janousek
          added a comment -

          Closed because it is documented issue and resolution is Won't Fix.

          Show
          Pavel Janousek
          added a comment - Closed because it is documented issue and resolution is Won't Fix.
          Hide
          Russell Dickenson
          added a comment -

          Re-opening issue to correct Release Notes text.

          Show
          Russell Dickenson
          added a comment - Re-opening issue to correct Release Notes text.
          Hide
          Jimmy Wilson
          added a comment -

          Michal, Pavel, Rajesh, given JBPAPP-6892, shouldn't we be able to resolve this as fixed in 5.1.2?

          Show
          Jimmy Wilson
          added a comment - Michal, Pavel, Rajesh, given JBPAPP-6892 , shouldn't we be able to resolve this as fixed in 5.1.2?
          Hide
          Anne-Louise Tangring
          added a comment -

          This was open for Release Notes review. Release Notes for 5.1.1 will not be re-opened at this time. Closing.

          Show
          Anne-Louise Tangring
          added a comment - This was open for Release Notes review. Release Notes for 5.1.1 will not be re-opened at this time. Closing.

            People

            • Assignee:
              Michal Linhard
              Reporter:
              Michal Linhard
              Writer:
              Russell Dickenson
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: