Announcement Announcement Module
Collapse
No announcement yet.
Security Exception Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Exception

    Hi,

    I need some changes made since 0.6.1 (request.getRemoteUser() fix), I have built the latest snapshot locally and tried to deploy it, I have also grabbed a snapshot jar file from someone else, and both times I get the following exception:

    java.lang.SecurityException: class "net.sf.acegisecurity.ui.AutoIntegrationFilter "'s signer information does not match signer information of other classes in the same package
    at java.lang.ClassLoader.checkCerts(ClassLoader.java: 775)
    at java.lang.ClassLoader.preDefineClass(ClassLoader.j ava:487)


    Is there an easy fix for this problem?

    I have used a variety of java security API's in the past, but I cannot believe I need to play about with keystores and jarsigner just to use a jar file I built locally?

    Has anyone else come across this?

  • #2
    Checkout the lot from CVS, build from /core with maven jar:install, and it will not be signed and thus you have the latest code as well.

    Comment


    • #3
      Build Problems

      Hi

      I managed to build it from core fine, but the jar deployed on its own gives a class not found for AutoIntegrationFilter...

      So I have to include jar file:

      200246 Dec 21 09:06 acegi-security-catalina-common.jar

      which gives the same exception again:

      java.lang.SecurityException: class "net.sf.acegisecurity.ui.AutoIntegrationFilter "'s signer information does not match signer information of other classes in the same package
      at java.lang.ClassLoader.checkCerts(ClassLoader.java: 775)


      Is there anyway of building AutoIntegrationFilter locally with no signing?

      Comment


      • #4
        Maven once more

        Hi

        I resorted back to trying to use maven as per the instructions.

        I performed (successfully), the following two commands:

        maven scm:checkout-project
        -Dmaven.scm.method=cvs
        -Dmaven.scm.cvs.module=acegisecurity
        -Dmaven.scm.cvs.root=server:[email protected]:/cvsroot/acegisecurity
        -Dmaven.scm.checkout.dir=acegisecurity


        and:

        maven clean multiproject:clean multiproject:site -Dmaven.test.failure.ignore=true









        The jar files I ended up with were:

        # find . -name "*jar" -print
        ./.maven/repository/vdoclet/jars/qdox-current.jar
        ./.maven/repository/vdoclet/jars/vdoclet-20020711.jar
        ./.maven/repository/jtidy/jars/jtidy-4aug2000r7-dev.jar
        ./.maven/repository/commons-logging/jars/commons-logging-1.0.3.jar
        ./.maven/repository/anttex/jars/anttex-1.0.jar
        ./.maven/repository/werkz/jars/werkz-1.0-beta-10.jar
        ./.maven/repository/commons-collections/jars/commons-collections-2.1.jar
        ./.maven/repository/commons-collections/jars/commons-collections-3.1.jar
        ./.maven/repository/jdepend/jars/jdepend-2.7.jar
        ./.maven/repository/commons-httpclient/jars/commons-httpclient-2.0.jar
        ./.maven/repository/commons-io/jars/commons-io-20030203.000550.jar
        ./.maven/repository/commons-jelly/jars/commons-jelly-tags-interaction-20030211.143817.jar
        ./.maven/repository/commons-jelly/jars/commons-jelly-tags-xml-20030211.142705.jar
        ./.maven/repository/commons-jelly/jars/commons-jelly-tags-xml-1.0.jar
        ./.maven/repository/commons-jelly/jars/commons-jelly-tags-ant-1.0.jar
        ./.maven/repository/commons-jelly/jars/commons-jelly-tags-html-20030317.100924.jar
        ./.maven/repository/commons-jelly/jars/commons-jelly-tags-jsl-20030211.143151.jar
        ./.maven/repository/commons-jelly/jars/commons-jelly-tags-xml-20040613.030723.jar
        ./.maven/repository/commons-jelly/jars/commons-jelly-tags-log-20030211.142821.jar
        ./.maven/repository/commons-jelly/jars/commons-jelly-tags-velocity-20030303.205659.jar
        ./.maven/repository/commons-jelly/jars/commons-jelly-20030902.160215.jar
        ./.maven/repository/commons-beanutils/jars/commons-beanutils-1.6.1.jar
        ./.maven/repository/thaiopensource/jars/jing-20030619.jar
        ./.maven/repository/checkstyle/jars/checkstyle-optional-3.4.jar
        ./.maven/repository/checkstyle/jars/checkstyle-3.4.jar
        ./.maven/repository/velocity/jars/velocity-1.4-dev.jar
        ./.maven/repository/nekohtml/jars/nekohtml-0.7.7.jar
        ./.maven/repository/netbeans/jars/cvslib-3.6.jar
        ./.maven/repository/regexp/jars/regexp-1.2.jar
        ./.maven/repository/regexp/jars/regexp-1.3.jar
        ./.maven/repository/commons-grant/jars/commons-grant-1.0-beta-4.jar
        ./.maven/repository/xerces/jars/xerces-2.4.0.jar
        ./.maven/repository/dom4j/jars/dom4j-1.4-dev-8.jar
        ./.maven/repository/xml-apis/jars/xml-apis-1.0.b2.jar
        ./.maven/repository/velocity-dvsl/jars/velocity-dvsl-0.45.jar
        ./.maven/repository/saxpath/jars/saxpath-1.0-FCS.jar
        ./.maven/repository/junit/jars/junit-3.8.1.jar
        ./.maven/repository/log4j/jars/log4j-1.2.8.jar
        ./.maven/repository/jsch/jars/jsch-0.1.5.jar
        ./.maven/repository/oro/jars/oro-2.0.7.jar
        ./.maven/repository/jaxen/jars/jaxen-1.0-FCS-full.jar
        ./.maven/repository/commons-net/jars/commons-net-1.1.0.jar
        ./.maven/repository/logkit/jars/logkit-1.0.1.jar
        ./.maven/repository/isorelax/jars/isorelax-20030108.jar
        ./.maven/repository/rhino/jars/js-1.5R4-RC3.jar
        ./.maven/repository/ant/jars/ant-1.5.3-1.jar
        ./.maven/repository/antlr/jars/antlr-2.7.2.jar
        ./.maven/repository/maven/jars/maven-jelly-tags-1.0.jar
        ./.maven/repository/commons-lang/jars/commons-lang-2.0.jar
        ./acegisecurity/acegisecurity/lib/clover/clover.jar

        But no acegi-security*.jar files!

        Comment


        • #5
          AutoIntegrationFilter has been removed from Acegi Security. Instead you need to use the correct replacement, which 90% of the time is HttpSessionIntegrationFilter.

          If your CVS checkout worked, execute from the root Acegi Security directory "maven multiproject:install". That will create the JARs and install them into your local repository. It will also create the sample WARs under samples/contacts/target. I fixed the multiproject goals just last night, so I know it works.

          Comment

          Working...
          X