Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug Report: SecurityException with signed jars after upgrading from Payara 5 to Payara 6.2024.5 #6776

Closed
garychan21 opened this issue Jun 20, 2024 · 3 comments
Closed

Bug Report: SecurityException with signed jars after upgrading from Payara 5 to Payara 6.2024.5 #6776

garychan21 opened this issue Jun 20, 2024 · 3 comments
Assignees
@Elifzeynepedman

Comments

@garychan21
Copy link

garychan21 commented Jun 20, 2024
edited
Loading

Brief Summary

We recently migrated our application from the javax to jakarta namespace along with upgrading the server from Payara 5 to Payara 6.2024.5. We are using the payara-embedded-all-6.2024.5.jar as the main dependency. We use jarsigner to sign our jar files which are deployed to the glassfish domain specific lib folder. I.e. <glassfish_home>/domains/<our_domain>/lib. When trying to deploy an .ear file which contains a remote EJB 2.x interface, we get this EJB Container initialization error:

Caused by: java.lang.SecurityException: class "com.mmsi.util.config.ejb._ConfigurationPropagatorHome_DynamicStub"'s signer information does not match signer information of other classes in the same package

Expected Outcome

The migrated application with the remote EJB 2.x interfaces will be deployable in Payara 6.2024.x as they were in Payara 5.

Current Outcome

The .ear deployment containing the remote EJB 2.x interface results in a EJB Container initialization error:

[2024-05-28T15:39:47.422-0700] [Payara 6.2024.4] [SEVERE] [] [javax.enterprise.system.core] [tid: _ThreadID=49 _ThreadName=admin-thread-pool::admin-listener(1)] [timeMillis: 1716935987422] [levelValue: 1000] [[
  Exception while loading the app : EJB Container initialization error
java.lang.RuntimeException: Unable to create reference 
	at org.glassfish.enterprise.iiop.impl.POARemoteReferenceFactory.createRef(POARemoteReferenceFactory.java:425)
	at org.glassfish.enterprise.iiop.impl.POARemoteReferenceFactory.createHomeReference(POARemoteReferenceFactory.java:378)
	at com.sun.ejb.containers.BaseContainer.initializeHome(BaseContainer.java:1353)
	at com.sun.ejb.containers.StatelessSessionContainer.initializeHome(StatelessSessionContainer.java:184)
	at com.sun.ejb.containers.StatelessContainerFactory.createContainer(StatelessContainerFactory.java:63)
	at org.glassfish.ejb.startup.EjbApplication.loadContainers(EjbApplication.java:225)
	at org.glassfish.ejb.startup.EjbDeployer.load(EjbDeployer.java:286)
	at org.glassfish.ejb.startup.EjbDeployer.load(EjbDeployer.java:104)
	at org.glassfish.internal.data.ModuleInfo.load(ModuleInfo.java:218)
	at org.glassfish.internal.data.ApplicationInfo.load(ApplicationInfo.java:334)
	at com.sun.enterprise.v3.server.ApplicationLifecycle.prepare(ApplicationLifecycle.java:580)
	at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:570)
	at com.sun.enterprise.v3.admin.CommandRunnerImpl$2$1.run(CommandRunnerImpl.java:556)
	at com.sun.enterprise.v3.admin.CommandRunnerImpl$2$1.run(CommandRunnerImpl.java:552)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/javax.security.auth.Subject.doAs(Subject.java:361)
	at com.sun.enterprise.v3.admin.CommandRunnerImpl$2.execute(CommandRunnerImpl.java:551)
	at com.sun.enterprise.v3.admin.CommandRunnerImpl$3.run(CommandRunnerImpl.java:582)
	at com.sun.enterprise.v3.admin.CommandRunnerImpl$3.run(CommandRunnerImpl.java:574)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/javax.security.auth.Subject.doAs(Subject.java:361)
	at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:573)
	at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:1497)
	at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1879)
	at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1755)
	at org.glassfish.admin.rest.resources.admin.CommandResource.executeCommand(CommandResource.java:409)
	at org.glassfish.admin.rest.resources.admin.CommandResource.execCommandSimpInMultOut(CommandResource.java:236)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:146)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:189)
	at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:93)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:478)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:400)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81)
	at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:261)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
	at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:240)
	at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:697)
	at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:367)
	at org.glassfish.admin.rest.adapter.JerseyContainerCommandService$3.service(JerseyContainerCommandService.java:179)
	at org.glassfish.admin.rest.adapter.RestAdapter.service(RestAdapter.java:189)
	at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:520)
	at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:217)
	at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:174)
	at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:153)
	at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:196)
	at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:88)
	at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:246)
	at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:178)
	at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:118)
	at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:96)
	at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:51)
	at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:510)
	at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:82)
	at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:83)
	at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:101)
	at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:535)
	at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:515)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.lang.RuntimeException: Could not invoke defineClass method 
	at org.glassfish.pfl.basic.reflection.BridgeBase.defineClass(BridgeBase.java:264)
	at org.glassfish.pfl.basic.reflection.BridgeBase.defineClass(BridgeBase.java:279)
	at org.glassfish.pfl.dynamic.codegen.impl.CodeGeneratorUtil.makeClass(CodeGeneratorUtil.java:57)
	at org.glassfish.pfl.dynamic.codegen.spi.Wrapper._generate(Wrapper.java:1069)
	at org.glassfish.pfl.dynamic.codegen.spi.Wrapper._generate(Wrapper.java:1040)
	at com.sun.corba.ee.impl.presentation.rmi.codegen.CodegenProxyCreator.create(CodegenProxyCreator.java:226)
	at com.sun.corba.ee.impl.presentation.rmi.codegen.StubFactoryCodegenImpl.createStubClass(StubFactoryCodegenImpl.java:80)
	at com.sun.corba.ee.impl.presentation.rmi.codegen.StubFactoryCodegenImpl.createStubClass(StubFactoryCodegenImpl.java:74)
	at com.sun.corba.ee.impl.presentation.rmi.codegen.StubFactoryCodegenImpl.lambda$getStubClass$0(StubFactoryCodegenImpl.java:57)
	at java.base/java.util.HashMap.computeIfAbsent(HashMap.java:1134)
	at com.sun.corba.ee.impl.presentation.rmi.codegen.StubFactoryCodegenImpl.getStubClass(StubFactoryCodegenImpl.java:57)
	at com.sun.corba.ee.impl.presentation.rmi.codegen.StubFactoryCodegenImpl.makeStub(StubFactoryCodegenImpl.java:84)
	at org.glassfish.enterprise.iiop.impl.POARemoteReferenceFactory.createRef(POARemoteReferenceFactory.java:415)
	... 68 more
Caused by: java.lang.reflect.InvocationTargetException
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.glassfish.pfl.basic.reflection.BridgeBase.defineClass(BridgeBase.java:261)
	... 80 more
Caused by: java.lang.SecurityException: class "com.mmsi.util.config.ejb._ConfigurationPropagatorHome_DynamicStub"'s signer information does not match signer information of other classes in the same package
	at java.base/java.lang.ClassLoader.checkCerts(ClassLoader.java:1156)
	at java.base/java.lang.ClassLoader.preDefineClass(ClassLoader.java:911)
	at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1020)
	... 85 more
]]

Reproducer

Example of our EJB classes:

import java.rmi.RemoteException;
import jakarta.ejb.CreateException;
import jakarta.ejb.EJBHome;

public interface SiteIntegrationFacadeHome extends EJBHome {

    String LOCATION = "ejb/SiteIntegrationFacade";

    SiteIntegrationFacade create() throws CreateException, RemoteException;
}

import jakarta.ejb.CreateException;
import jakarta.ejb.SessionBean;
import jakarta.ejb.SessionContext;
import javax.sql.DataSource;

public class SiteIntegrationFacadeBean implements ISiteIntegrationClientContract, SessionBean {

    public final void setSessionContext(SessionContext sessionContext) {
    }

    public void ejbCreate() throws CreateException {
    }

    public final void ejbRemove() {
        invalidateMessageManager();
    }

    public final void ejbActivate() {
    }

    public final void ejbPassivate() {
        invalidateMessageManager();
    }

    /** Service Contract methods */
   ...
}

import java.rmi.RemoteException;
import jakarta.ejb.EJBObject;

public interface SiteIntegrationFacade extends EjbDataSource, EJBObject {

/** Service Contract methods */
   ...
}

Operating System

Window Server 2019 Standard

JDK Version

Zulu JDK 11.0.22

Payara Distribution

Payara Server Full Profile
@garychan21 garychan21 added Status: Open Issue has been triaged by the front-line engineers and is being worked on verification Type: Bug Label issue as a bug defect labels Jun 20, 2024
@Elifzeynepedman
Copy link

Hi @garychan21,

Could you please provide a simple-to-follow scenario on how to reproduce this on the latest version? A reproducer should ideally follow the SSCCE rules: http://www.sscce.org/.. It will greatly help us to find the cause and fix it.

Thank you,
Elif

@Elifzeynepedman Elifzeynepedman added Status: Pending Waiting on the issue requester to give more details or share a reproducer and removed Status: Open Issue has been triaged by the front-line engineers and is being worked on verification labels Jul 1, 2024
@github-actions github-actions bot added Status: Abandoned User has not supplied reproducers for bug report, soon to be closed if user doesn’t come back and removed Type: Bug Label issue as a bug defect Status: Pending Waiting on the issue requester to give more details or share a reproducer labels Jul 7, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 7, 2024

Greetings,
It's been more than 5 days since we requested more information or an update from you on the details of this issue. Could you provide an update soon, please?
We're afraid that if we do not receive an update, we'll have to close this issue due to inactivity.

@github-actions GitHub Actions
Copy link

Greetings,
It's been more than 5 days since this issue was identified as abandoned.
We have closed this issue due to inactivity, please feel free to re-open it if you have more information to share.

@github-actions github-actions bot removed the Status: Abandoned User has not supplied reproducers for bug report, soon to be closed if user doesn’t come back label Jul 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Elifzeynepedman Elifzeynepedman

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@garychan21 @Elifzeynepedman