Details

    • Type: Bug Bug
    • Status: Closed (View Workflow)
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: EAP_EWP 5.1.0_CR1
    • Fix Version/s: EAP_EWP 5.1.1
    • Component/s: RESTEasy
    • Labels:
      None
    • Affects:
      Documentation (Ref Guide, User Guide, etc.), Release Notes
    • Steps to Reproduce:
      Hide

      edit guice-hello pom: remove jetty plugin, disable surefire
      mvn install should work then
      take the target/guice-hello-1.2.1.GA_CP02.war and replace libs in WEB-INF/lib with their equivalents from jboss-eap-5.1.0.CR1.zip/jboss-eap-5.1/resteasy/lib
      deploy this war to EAP5.1.0.CR1 production profile
      the deployment should fail

      Show
      edit guice-hello pom: remove jetty plugin, disable surefire mvn install should work then take the target/guice-hello-1.2.1.GA_CP02.war and replace libs in WEB-INF/lib with their equivalents from jboss-eap-5.1.0.CR1.zip/jboss-eap-5.1/resteasy/lib deploy this war to EAP5.1.0.CR1 production profile the deployment should fail
    • Release Notes Text:
      Hide
      Resteasy-guice applications fail to deploy because of a java.lang.SecurityException. An error message similar to the following is displayed: <screen>java.lang.SecurityException: class "org.jboss.resteasy.examples.guice.hello.DefaultGreeter$$FastClassByGuice$$70fd68d0"'s signer information does not match signer information of other classes in the same package</screen>
      This occurs because the cglib.jar in JBoss Enterprise Application Platform is signed, and the cglib-instrumented proxy uses the cglib.jar signer information instead of the signer information of the application target class.
      Show
      Resteasy-guice applications fail to deploy because of a java.lang.SecurityException. An error message similar to the following is displayed: <screen>java.lang.SecurityException: class "org.jboss.resteasy.examples.guice.hello.DefaultGreeter$$FastClassByGuice$$70fd68d0"'s signer information does not match signer information of other classes in the same package</screen> This occurs because the cglib.jar in JBoss Enterprise Application Platform is signed, and the cglib-instrumented proxy uses the cglib.jar signer information instead of the signer information of the application target class.
    • Release Notes Docs Status:
      Documented as Known Issue
    • Similar Issues:
      Show 10 results 

      Description

      the bundled signed jar jboss-eap-5.1.0.CR1.zip/jboss-eap-5.1/resteasy/lib/guice.jar
      cannot be used with guice-hello example
      when I deployed the war containing this version of jar to EAP, the deployment fails with error message:

      java.lang.SecurityException: class "org.jboss.resteasy.examples.guice.hello.DefaultGreeter$$FastClassByGuice$$70fd68d0"'s signer information does not match signer information of other classes in the same package

      (see logged-problem.txt for details)

      I don't have any theory for this, I just know that this is the issue of signed guice.jar vs unsigned guice.jar, because I tried to isolate this issue in a standalone smaller testapp (no war)
      It seems as the CGLib generated class "org.jboss.resteasy.examples.guice.hello.DefaultGreeter$$FastClassByGuice$$70fd68d0" is treated as having the same signer as guice.jar (not cglib.jar, because the combination signed cglib.jar and unsigned guice.jar works) and therefore this conflicts with other classes in "org.jboss.resteasy.examples.guice.hello" which are unsigned.

      this would mean that only code with same signer as guice.jar may use this library, which is kinda restraining.

        Gliffy Diagrams

          Issue Links

            Activity

            Hide
            Michal Linhard added a comment -

            Changing resolution to Won't fix because it's a known issue that won't be fixed.

            Show
            Michal Linhard added a comment - Changing resolution to Won't fix because it's a known issue that won't be fixed.
            Hide
            Pavel Janousek added a comment -

            Closed because it is documented issue and resolution is Won't Fix.

            Show
            Pavel Janousek added a comment - Closed because it is documented issue and resolution is Won't Fix.
            Hide
            Russell Dickenson added a comment -

            Re-opening issue to correct Release Notes text.

            Show
            Russell Dickenson added a comment - Re-opening issue to correct Release Notes text.
            Hide
            Jimmy Wilson added a comment -

            Michal, Pavel, Rajesh, given JBPAPP-6892, shouldn't we be able to resolve this as fixed in 5.1.2?

            Show
            Jimmy Wilson added a comment - Michal, Pavel, Rajesh, given JBPAPP-6892 , shouldn't we be able to resolve this as fixed in 5.1.2?
            Hide
            Anne-Louise Tangring added a comment -

            This was open for Release Notes review. Release Notes for 5.1.1 will not be re-opened at this time. Closing.

            Show
            Anne-Louise Tangring added a comment - This was open for Release Notes review. Release Notes for 5.1.1 will not be re-opened at this time. Closing.

              People

              • Assignee:
                Michal Linhard
                Reporter:
                Michal Linhard
                Writer:
                Russell Dickenson
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Development