Announcement Announcement Module
Collapse
No announcement yet.
Again: acegi-security-1.0.0-RC1 SecurityException signer information does not match Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Again: acegi-security-1.0.0-RC1 SecurityException signer information does not match

    I also downloaded the acegi-security-1.0.0-RC1 Dec 5, 2005 9:02:04 version, and I have a similar problem, but this time concerning the class:

    org.acegisecurity.ConfigAttribute

    Everything worked before with the "acegi-security-0.9.0.zip" version.

    The error when deploying the application is:

    java.lang.SecurityException: class "org.acegisecurity.ConfigAttribute"'s signer information does not match signer information of other classes in the same package
    I've seen in the Java forums that this error can arrise when several differently signed jar files include the same class file, or when there are incompatible versions for the jar files.

    This should be not the case for me, as I perform my tests in a volatile, each time freshly installed Tomcat server (apache-tomcat-5.5.12). And I've checked it: the only files inside the server containing the "org.acegisecurity.ConfigAttribute" class are:

    - the "acegi-security-1.0.0-RC1.jar"
    - and indirectly my "plepfl.war", containing the "acegi-security-1.0.0-RC1.jar" and all the other application files.

    This as also not a problem of package names, like the one mentionned by Brian. All the things I write are in my 'ch.epfl.*' name space.

    It should be not a problem of jar file signature. The jarsigner program says:

    Code:
    % jarsigner -verify acegi-security-1.0.0-RC1.jar
    jar verified.
    and with the '-verbose' option, all the files except META-INF/MANIFEST.MF and META-INF/BALEX.* are flagged 'sm' (s = signature was verified, m = entry is listed in manifest).

    The deployment stack trace is below

    Code:
    SEVERE: Context initialization failed
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'methodSecurityInterceptor' defined in ServletContext resource [/WEB-INF/plepfl-security.xml]: Can't resolve reference to bean 'accessDecisionManager' while setting property 'accessDecisionManager'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessDecisionManager' defined in ServletContext resource [/WEB-INF/plepfl-security.xml]: Instantiation of bean failed; nested exception is java.lang.SecurityException: class "org.acegisecurity.ConfigAttribute"'s signer information does not match signer information of other classes in the same package
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessDecisionManager' defined in ServletContext resource [/WEB-INF/plepfl-security.xml]: Instantiation of bean failed; nested exception is java.lang.SecurityException: class "org.acegisecurity.ConfigAttribute"'s signer information does not match signer information of other classes in the same package
    java.lang.SecurityException: class "org.acegisecurity.ConfigAttribute"'s signer information does not match signer information of other classes in the same package
        at java.lang.ClassLoader.checkCerts(ClassLoader.java:775)
        at java.lang.ClassLoader.preDefineClass(ClassLoader.java:487)
        at java.lang.ClassLoader.defineClass(ClassLoader.java:614)
        at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
        at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1650)
        at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:856)
        at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1305)
        at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1187)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
        at java.lang.Class.getDeclaredMethods0(Native Method)
        at java.lang.Class.privateGetDeclaredMethods(Class.java:2365)
        at java.lang.Class.getDeclaredMethods(Class.java:1763)
        at java.beans.Introspector$1.run(Introspector.java:1265)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.beans.Introspector.getPublicDeclaredMethods(Introspector.java:1263)
        at java.beans.Introspector.getTargetMethodInfo(Introspector.java:1129)
        at java.beans.Introspector.getBeanInfo(Introspector.java:387)
        at java.beans.Introspector.getBeanInfo(Introspector.java:159)
        at java.beans.Introspector.getBeanInfo(Introspector.java:220)
        at java.beans.Introspector.<init>(Introspector.java:368)
        at java.beans.Introspector.getBeanInfo(Introspector.java:159)
        at org.springframework.beans.CachedIntrospectionResults.<init>(CachedIntrospectionResults.java:143)
        at org.springframework.beans.CachedIntrospectionResults.forClass(CachedIntrospectionResults.java:84)
        at org.springframework.beans.BeanWrapperImpl.setIntrospectionClass(BeanWrapperImpl.java:241)
        at org.springframework.beans.BeanWrapperImpl.setWrappedInstance(BeanWrapperImpl.java:199)
        at org.springframework.beans.BeanWrapperImpl.setWrappedInstance(BeanWrapperImpl.java:181)
        at org.springframework.beans.BeanWrapperImpl.<init>(BeanWrapperImpl.java:135)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:454)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:333)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:226)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:147)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:176)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:105)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1013)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:824)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:345)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:226)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:147)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:203)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:192)
        at org.springframework.beans.factory.BeanFactoryUtils.beansOfTypeIncludingAncestors(BeanFactoryUtils.java:204)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.findMatchingBeans(DefaultListableBeanFactory.java:358)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createArgumentArray(AbstractAutowireCapableBeanFactory.java:768)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:640)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:329)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:226)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:147)
        at org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator.findCandidateAdvisors(DefaultAdvisorAutoProxyCreator.java:113)
        at org.springframework.aop.framework.autoproxy.AbstractAdvisorAutoProxyCreator.setBeanFactory(AbstractAdvisorAutoProxyCreator.java:57)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:358)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:226)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:147)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:203)
        at org.springframework.context.support.AbstractApplicationContext.getBeansOfType(AbstractApplicationContext.java:614)
        at org.springframework.context.support.AbstractApplicationContext.registerBeanPostProcessors(AbstractApplicationContext.java:405)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:305)
        at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:134)
        at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
    ...
    --- CUT --- CUT ---
    What can I do more? Where is the problem? What to look for?

    Thank you very much for any suggestion.

  • #2
    If you freshly install Tomcat, then install the Contacts Sample that ships with Acegi Security, does it work OK? If so that tells me there's an extra Acegi Security JAR inside your deployment WAR. This issue has been reported in the past and on every occasion found to be an old Acegi Security JAR somewhere in the classpath.

    Comment


    • #3
      Again: acegi-security-1.0.0-RC1 SecurityException signer information does not match

      In short: It works now, byt why?
      ===========================

      Thank you for your answer, Ben.


      To be able to continue, I reverted back to acegi-security-0.9.0. I've added several libraries for my HtmlUnit tests, They are not included, and so are not relevant to the Tomcat application deployment.

      Following your suggestions, I've reconfigured back the acegi-security-1.0.0-RC1 use. And the Contacts Sample works of course. But my deployment works too ... so a can no more reproduce the problem. Sorry! But I'm happy that the acegi framework is OK.

      A last point about migrating from version 0.9.0 to 1.0.0: as described in the upgrade notes, the top level package name has changed. I changed it in my XML files. But, of course, I forgot the taglib URI declarations in my JSP files:

      Code:
      <%@ taglib uri="http://acegisecurity.sf.net/authz" prefix="authz" %>
      becomes
      Code:
      <%@ taglib uri="http://acegisecurity.org/authz" prefix="authz" %>
      May be it should be mentioned in the final text.

      Thank you again for your help!

      Comment


      • #4
        This change has already been reported in JIRA and corrected in CVS for a subsequent RC. Thanks for mentioning it, though.

        Pleased it's now working for you.

        Comment


        • #5
          You probably had accidentally compiled one of the Acegi source files and it was sitting in your classes folder. This happened to me too because IntelliJ can decompile the class when debugging. Once it did that, I forgot to delete the class before compiling and the decompiled class got compiled and therefore the security error.

          I hope that made sense.

          Comment

          Working...
          X