[esb-issues] [JBoss JIRA] Commented: (JBESB-3673) jbossesb-rosetta.jar is signed
[
https://issues.jboss.org/browse/JBESB-3673?page=com.atlassian.jira.plugin...
]
David Tucker commented on JBESB-3673:
-------------------------------------
Kevin, thank you for pointing out byteman, which may be a viable solution in this instance
but I am curious why we could not remove the signing from the rosetta jar? This solution
has been used before for other jars (see the link in my earlier comment to JBPAPP-4665 and
a patch was released for EAP with an unsigned cglib.
If we provide JBoss AOP as a part of the JBoss platform, it seems reasonable to me that
people be allowed to use it on classes that are part of the JBoss platform.
jbossesb-rosetta.jar is signed
------------------------------
Key: JBESB-3673
URL: https://issues.jboss.org/browse/JBESB-3673
Project: JBoss ESB
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Rosetta
Affects Versions: 4.6
Reporter: David Tucker
Currently the jbossesb-rosetta.jar contains signing files. This has the potential to
create issues if the keys do not match each other. I discovered this when I was trying to
instrument some classes for AOP that are contained in the jar. I kept running into a
java.lang.SecurityException for any classes contained in the rosetta jar and eventually
discovered that signature files were the source of the issue. Removing the RSA and RF
files from the archive would solve this issue for AOP.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira