Help
kannengi
Elite Observer
‎09-22-2015 07:51 AM

signer information in fs-access.jar und personalisation.jar

Jump to solution

Hallo community,

ich versuche, gerade einen erfolgreichen Login mit Dynamic Personalization zustande zu bringen.

Login-Modul ist Request Parameter Login, Authentifizierung ORMapper gegen eine FS-Datenquelle.

Das ganze auf dem Web-Server (Tomcat 7.0).

Leider bekomme ich beim Abschicken der Login-Daten eine Exception

Sep 22, 2015 3:26:19 PM org.apache.catalina.core.StandardWrapperValve invoke
Schwerwiegend: Servlet.service() for servlet [fsp-LoginServlet] in context with path [/intranet] threw exception
java.lang.SecurityException: class "de.espirit.common.io.ServletUtil"'s signer information does not match signer information of other classes in the same package
    at java.lang.ClassLoader.checkCerts(ClassLoader.java:952)
    at java.lang.ClassLoader.preDefineClass(ClassLoader.java:666)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:794)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
    at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:2957)
    at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:1210)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1690)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1571)
    at de.espirit.firstspirit.opt.personalisation.servlets.LoginServlet.doPost(LoginServlet.java:84)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at com.relounge.badenova.filter.Utf8Filter.doFilter(Utf8Filter.java:21)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2441)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2430)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)

Das server.log zeigt auch schon beim Serverstart ähnliche Exceptions:

Sep 22, 2015 3:25:25 PM org.apache.catalina.core.ApplicationContext log
Schwerwiegend: fsi-InitSchemata: couldn't initialize integration module!
de.espirit.or.ORException: java.lang.SecurityException: class "de.espirit.common.PropertiesUtil"'s signer information does not match signer information of other classes in the same package
    at de.espirit.or.impl.web.SessionManagerImpl.createSessionHandler(SessionManagerImpl.java:147)
    at de.espirit.or.impl.web.SessionManagerImpl.register(SessionManagerImpl.java:90)
    at de.espirit.or.web.InitServlet.analyzeSchemataConfiguration(InitServlet.java:126)
    at de.espirit.or.web.InitServlet.init(InitServlet.java:85)
    at javax.servlet.GenericServlet.init(GenericServlet.java:158)
    at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1284)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1197)
    at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1087)
    at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5210)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5493)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.StandardContext.reload(StandardContext.java:3988)
    at org.apache.catalina.startup.HostConfig.reload(HostConfig.java:1459)
    at org.apache.catalina.startup.HostConfig.checkResources(HostConfig.java:1442)
    at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1626)
    at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:328)
    at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
    at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
    at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1374)
    at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1530)
    at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1540)
    at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1519)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.SecurityException: class "de.espirit.common.PropertiesUtil"'s signer information does not match signer information of other classes in the same package
    at java.lang.ClassLoader.checkCerts(ClassLoader.java:952)
    at java.lang.ClassLoader.preDefineClass(ClassLoader.java:666)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:794)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
    at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:2957)
    at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:1210)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1690)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1571)
    at de.espirit.or.impl.generic.GenericLayer.init(GenericLayer.java:53)
    at de.espirit.or.impl.web.SessionManagerImpl.createSessionHandler(SessionManagerImpl.java:134)
    ... 22 more

Wenn ich den Tomcat classpath analysiere (WEB-INF/lib), dann sind die betreffenden Klassen tatsächliche alle zweimal vorhanden, nämlich im fs-access.jar und personalisation.jar.

Die fs-access.jar ist Version 5.1.414.67329 (Manifest) und die personalisation.jar 5.1.414.67315 (ServerManager -> Module).

Habe ich hier irgendetwas falsch gemacht? Ich habe es auch schon mit 5.1.507 probiert - gleicher Fehler.

Oder sollte ich irgendwie die Validierung der signierten jars ausschalten??

Danke für einen Tip!!

Gruß,

Benny Kannengießer

// re-lounge.com

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Accepted Solutions
kannengi
Elite Observer
‎09-25-2015 03:38 AM

Re: signer information in fs-access.jar und personalisation.jar

Jump to solution

OK,

nur zur Info, ich konnte die Sache aufklären - ein altes crc.jar lag da auch noch im classpath.

Im crc.jar werden zwar nicht Klassen aus dem personalisation.jar dupliziert, aber die Packages (mit Klassen darin) überlappen sich. Dann müssen sie mit dem gleichen Zertifikat signiert sein, was sie wohl nicht waren

Gruß,

Benny Kannengießer

// re-lounge

View solution in original post

0 Kudos
Reply
1 Reply
kannengi
Elite Observer
‎09-25-2015 03:38 AM

Re: signer information in fs-access.jar und personalisation.jar

Jump to solution

OK,

nur zur Info, ich konnte die Sache aufklären - ein altes crc.jar lag da auch noch im classpath.

Im crc.jar werden zwar nicht Klassen aus dem personalisation.jar dupliziert, aber die Packages (mit Klassen darin) überlappen sich. Dann müssen sie mit dem gleichen Zertifikat signiert sein, was sie wohl nicht waren

Gruß,

Benny Kannengießer

// re-lounge

0 Kudos
Reply
Crownpeak and Illumino logos

Getting Started on Your Digital Accessibility Journey

With over 20% of the world’s population living with some form of disability, most organizations understand WHY digital accessibility is a business imperative, but companies are still struggling with HOW to address this issue.

Crownpeak’s Director of DQM Solutions Engineering and Enablement, Kathryn Putt, and ilumino’s co-founder and VP of Customer Success, Jenna Reardon, will cover:

  • + The importance of automated and manual testing
  • + When and how to start running automated and manual testing
  • + Evaluating third party accessibility service providers and tools
  • + Developing an effective and scalable remediation process
    • Watch On DemandOpens in a new window