[
https://issues.jboss.org/browse/JBESB-3673?page=com.atlassian.jira.plugin...
]
David Tucker commented on JBESB-3673:
-------------------------------------
Kevin, I'm not changing any of the classes. However, just like the cglib issue I
linked, JBoss AOP (like any other AOP framework) creates a proxy of the class. This proxy
is what has a different signature than the class from the signed jar. Normally I would
say it wouldn't matter but in the case of the rosetta jar, because that jar contains
classes which are part of actions built into the ESB, it makes sense that someone would
want to log the methods. AOP is the natural way to do this but the signing prevents it.
I can, of course, remove the signing information myself (and I had already done that for
my local development) but that would cause potential support issues that I would like to
avoid.
jbossesb-rosetta.jar is signed
------------------------------
Key: JBESB-3673
URL:
https://issues.jboss.org/browse/JBESB-3673
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta
Affects Versions: 4.6
Reporter: David Tucker
Currently the jbossesb-rosetta.jar contains signing files. This has the potential to
create issues if the keys do not match each other. I discovered this when I was trying to
instrument some classes for AOP that are contained in the jar. I kept running into a
java.lang.SecurityException for any classes contained in the rosetta jar and eventually
discovered that signature files were the source of the issue. Removing the RSA and RF
files from the archive would solve this issue for AOP.
--
This message is automatically generated by JIRA.
For more information on JIRA, see:
http://www.atlassian.com/software/jira