[jboss-jira] [JBoss JIRA] (AS7-2888) SecurityException when starting domain mode with signed modules

David Lloyd (Commented) (JIRA) jira-events at lists.jboss.org
Thu Dec 1 21:22:41 EST 2011 

    [ https://issues.jboss.org/browse/AS7-2888?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12647393#comment-12647393 ] 

David Lloyd commented on AS7-2888:
----------------------------------

The debugger tells me little.  It seems that JAR verification is spontaneously failing to occur for certain files.  The exception caused by AS7-2724 was caused by the code signers being read from the JarEntry before the class bytes have been read, which can fail.  However that problem no longer is occurring, so it is hard to explain why the JarEntry fails to return the code signers every so often.  It almost appears like there is some race condition within java.util.jar.JarFile.  However it only seems to occur when two different processes are reading the same JAR at the same time.
                
> SecurityException when starting domain mode with signed modules
> ---------------------------------------------------------------
>
>                 Key: AS7-2888
>                 URL: https://issues.jboss.org/browse/AS7-2888
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Class Loading
>    Affects Versions: 7.1.0.Beta1
>            Reporter: Paul Gier
>            Assignee: David Lloyd
>            Priority: Blocker
>
> I'm still sometimes seeing the signed jar security exception described in AS7-2724.
> The difference now is that it only seems to happen when starting in domain mode, and it only fails sometimes.
> {noformat}
> [Server:server-one] 16:53:28,229 WARN  [org.jboss.modules] (ServerService Thread Pool -- 46) Failed to define class org.omg.CORBA.ORB in Module "org.jacorb:main" from local module loader @1d256fa (roots: /home/pgier/projects/jboss-as/build/target/jboss-as-7.1.0.CR1-SNAPSHOT/modules): java.lang.SecurityException: class "org.omg.CORBA.ORB"'s signer information does not match signer information of other classes in the same package
> [Server:server-one] 	at java.lang.ClassLoader.checkCerts(ClassLoader.java:807) [:1.6.0_20]
> [Server:server-one] 	at java.lang.ClassLoader.preDefineClass(ClassLoader.java:488) [:1.6.0_20]
> [Server:server-one] 	at java.lang.ClassLoader.defineClassCond(ClassLoader.java:626) [:1.6.0_20]
> [Server:server-one] 	at java.lang.ClassLoader.defineClass(ClassLoader.java:616) [:1.6.0_20]
> [Server:server-one] 	at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141) [:1.6.0_20]
> [Server:server-one] 	at org.jboss.modules.ModuleClassLoader.doDefineOrLoadClass(ModuleClassLoader.java:330) [jboss-modules.jar:1.1.0.CR4]
> [Server:server-one] 	at org.jboss.modules.ModuleClassLoader.defineClass(ModuleClassLoader.java:411) [jboss-modules.jar:1.1.0.CR4]
> [Server:server-one] 	at org.jboss.modules.ModuleClassLoader.loadClassLocal(ModuleClassLoader.java:260) [jboss-modules.jar:1.1.0.CR4]
> [Server:server-one] 	at org.jboss.modules.ModuleClassLoader$1.loadClassLocal(ModuleClassLoader.java:73) [jboss-modules.jar:1.1.0.CR4]
> [Server:server-one] 	at org.jboss.modules.Module.loadModuleClass(Module.java:500) [jboss-modules.jar:1.1.0.CR4]
> [Server:server-one] 	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:182) [jboss-modules.jar:1.1.0.CR4]
> [Server:server-one] 	at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:485) [jboss-modules.jar:1.1.0.CR4]
> [Server:server-one] 	at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:444) [jboss-modules.jar:1.1.0.CR4]
> [Server:server-one] 	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:421) [jboss-modules.jar:1.1.0.CR4]
> [Server:server-one] 	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:143) [jboss-modules.jar:1.1.0.CR4]
> [Server:server-one] 	at java.lang.ClassLoader.defineClass1(Native Method) [:1.6.0_20]
> [Server:server-one] 	at java.lang.ClassLoader.defineClassCond(ClassLoader.java:632) [:1.6.0_20]
> {noformat}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list