Exception in thread “main” java.lang.SecurityExcep

2020-03-10 04:36发布

问题:

Exception in thread "main" java.lang.SecurityException: Invalid signature file d                    igest for Manifest main attributes
        at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVeri                    fier.java:240)
        at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier                    .java:193)
        at java.util.jar.JarVerifier.processEntry(JarVerifier.java:262)
        at java.util.jar.JarVerifier.update(JarVerifier.java:216)
        at java.util.jar.JarFile.initializeVerifier(JarFile.java:341)
        at java.util.jar.JarFile.getInputStream(JarFile.java:406)
        at sun.misc.URLClassPath$JarLoader$2.getInputStream(URLClassPath.java:75                    2)
        at sun.misc.Resource.cachedInputStream(Resource.java:77)
        at sun.misc.Resource.getByteBuffer(Resource.java:160)
        at java.net.URLClassLoader.defineClass(URLClassLoader.java:436)
        at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
        at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:423)
        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:356)
        at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:480)

Hi i am getting this error and i was wondering if anybody could tell me what was causing this.This is the snapshot of pox file of my project. Any help would be appreciated.

<dependencies>
    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>3.8.1</version>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>com.jcraft</groupId>
        <artifactId>jsch</artifactId>
        <version>0.1.50</version>
    </dependency>
    <dependency>
        <groupId>mysql</groupId>
        <artifactId>mysql-connector-java</artifactId>
        <version>5.1.29</version>
    </dependency>
    <dependency>
        <groupId>org.postgresql</groupId>
        <artifactId>postgresql</artifactId>
        <version>9.3-1101-jdbc41</version>
    </dependency>
    <dependency>
        <groupId>org.objectweb.joram</groupId>
        <artifactId>jftp</artifactId>
        <version>1.52</version>
    </dependency>
</dependencies>
<build>
    <plugins>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-shade-plugin</artifactId>
            <version>2.2</version>
            <executions>
                <execution>
                    <phase>package</phase>
                    <goals>
                        <goal>shade</goal>
                    </goals>
                    <configuration>
                        <artifactSet>
                            <excludes>
                                <exclude>junit:junit</exclude>
                                <exclude>org.apache.maven:lib:tests</exclude>
                            </excludes>
                        </artifactSet>
                    </configuration>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

回答1:

After surfing the internet for hours, and still unable to find the solution, I stumbled upon this command which solved my problem:

zip -d yourjar.jar 'META-INF/.SF' 'META-INF/.RSA' 'META-INF/*SF'

This command rips off the signature files for the previous jars, and then once you sign it you'l find no error.



回答2:

I was trying to create an uber jar with maven and ran in to this problem and I was able to solve the issue as follows.

Here is how I configured the shade plugin to include twitter4j to my uber jar.

<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<version>2.4.2</version>
<executions>
    <execution>
        <phase>package</phase>
        <goals>
            <goal>shade</goal>
        </goals>
        <configuration>

            <filters>
                <filter>
                    <artifact>spark-streaming-twitter_2.10:spark-streaming-twitter_2.10</artifact>
                    <includes>
                        <include>**</include>
                    </includes>
                </filter>
                <filter>
                    <artifact>twitter4j-stream:twitter4j-stream</artifact>
                    <includes>
                        <include>**</include>
                    </includes>
                </filter>
                <filter>
                    <artifact>*:*</artifact>
                    <excludes>
                        <exclude>META-INF/*.SF</exclude>
                        <exclude>META-INF/*.DSA</exclude>
                        <exclude>META-INF/*.RSA</exclude>
                    </excludes>
                </filter>
            </filters>
        </configuration>
    </execution>
</executions>
</plugin>

Hope this helps.



回答3:

I think i got the solution for my own question, addition of tags mentioned below to the pom.xml solves the issue:

<excludes>
    <exclude>META-INF/*.SF</exclude>
    <exclude>META-INF/*.DSA</exclude>
    <exclude>META-INF/*.RSA</exclude>
    <exclude>junit:junit</exclude>
    <exclude>org.apache.maven:lib:tests</exclude>
</excludes>

http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html#Signed_JAR_File



回答4:

I was having similar issues, I added Bounty Castle dependency that was causing this error. Just removed it and after that it worked okay.



回答5:

The following Stackexchange question and answer worked for me. It uses a filter instead of and artifactSet exclude. I have tried the solutions in the above answer and it didn't work.

"Invalid signature file" when attempting to run a .jar



回答6:

This error means that maven shade plugin has modified one of your dependencies hence the signature for those libraries are invalid.

remove the signature files is a work around and a solution depending on your use case. For me it is a bad practice so I ended up replacing the maven shade plugin for Apache Maven Assembly Plugin to create the jar with the dependencies and seems to work https://maven.apache.org/plugins/maven-assembly-plugin/

example:

        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-assembly-plugin</artifactId>
            <executions>
                <execution>
                    <phase>package</phase>
                    <goals>
                        <goal>single</goal>
                    </goals>
                    <configuration>
                        <archive>
                            <manifest>
                                <mainClass>
                                    your.class.with.main.method
                                </mainClass>
                            </manifest>
                        </archive>
                        <descriptorRefs>
                            <descriptorRef>jar-with-dependencies</descriptorRef>
                        </descriptorRefs>
                    </configuration>
                </execution>
            </executions>
        </plugin>

build your jar with dependencies included:

mvn package