Questions & Answers

Hallo community,

ich versuche, gerade einen erfolgreichen Login mit Dynamic Personalization zustande zu bringen.

Login-Modul ist Request Parameter Login, Authentifizierung ORMapper gegen eine FS-Datenquelle.

Das ganze auf dem Web-Server (Tomcat 7.0).

Leider bekomme ich beim Abschicken der Login-Daten eine Exception

Sep 22, 2015 3:26:19 PM org.apache.catalina.core.StandardWrapperValve invoke
Schwerwiegend: Servlet.service() for servlet [fsp-LoginServlet] in context with path [/intranet] threw exception
java.lang.SecurityException: class "de.espirit.common.io.ServletUtil"'s signer information does not match signer information of other classes in the same package
    at java.lang.ClassLoader.checkCerts(ClassLoader.java:952)
    at java.lang.ClassLoader.preDefineClass(ClassLoader.java:666)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:794)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
    at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:2957)
    at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:1210)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1690)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1571)
    at de.espirit.firstspirit.opt.personalisation.servlets.LoginServlet.doPost(LoginServlet.java:84)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at com.relounge.badenova.filter.Utf8Filter.doFilter(Utf8Filter.java:21)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2441)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2430)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)

Das server.log zeigt auch schon beim Serverstart ähnliche Exceptions:

Sep 22, 2015 3:25:25 PM org.apache.catalina.core.ApplicationContext log
Schwerwiegend: fsi-InitSchemata: couldn't initialize integration module!
de.espirit.or.ORException: java.lang.SecurityException: class "de.espirit.common.PropertiesUtil"'s signer information does not match signer information of other classes in the same package
    at de.espirit.or.impl.web.SessionManagerImpl.createSessionHandler(SessionManagerImpl.java:147)
    at de.espirit.or.impl.web.SessionManagerImpl.register(SessionManagerImpl.java:90)
    at de.espirit.or.web.InitServlet.analyzeSchemataConfiguration(InitServlet.java:126)
    at de.espirit.or.web.InitServlet.init(InitServlet.java:85)
    at javax.servlet.GenericServlet.init(GenericServlet.java:158)
    at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1284)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1197)
    at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1087)
    at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5210)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5493)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.StandardContext.reload(StandardContext.java:3988)
    at org.apache.catalina.startup.HostConfig.reload(HostConfig.java:1459)
    at org.apache.catalina.startup.HostConfig.checkResources(HostConfig.java:1442)
    at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1626)
    at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:328)
    at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
    at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
    at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1374)
    at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1530)
    at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1540)
    at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1519)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.SecurityException: class "de.espirit.common.PropertiesUtil"'s signer information does not match signer information of other classes in the same package
    at java.lang.ClassLoader.checkCerts(ClassLoader.java:952)
    at java.lang.ClassLoader.preDefineClass(ClassLoader.java:666)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:794)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
    at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:2957)
    at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:1210)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1690)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1571)
    at de.espirit.or.impl.generic.GenericLayer.init(GenericLayer.java:53)
    at de.espirit.or.impl.web.SessionManagerImpl.createSessionHandler(SessionManagerImpl.java:134)
    ... 22 more

Wenn ich den Tomcat classpath analysiere (WEB-INF/lib), dann sind die betreffenden Klassen tatsächliche alle zweimal vorhanden, nämlich im fs-access.jar und personalisation.jar.

Die fs-access.jar ist Version 5.1.414.67329 (Manifest) und die personalisation.jar 5.1.414.67315 (ServerManager -> Module).

Habe ich hier irgendetwas falsch gemacht? Ich habe es auch schon mit 5.1.507 probiert - gleicher Fehler.

Oder sollte ich irgendwie die Validierung der signierten jars ausschalten??

Danke für einen Tip!!

Gruß,

Benny Kannengießer

// re-lounge.com