Jar Manifest Security Exception – What The !?

The other day (just when I needed to release some software, and the stakes where high, of course..) I needed to just drop a JAR file on a Tomcat server and the testing could begin…where it not for the fact no one could start the jar file..I’m using a build.xml file with ANT in Eclipse, but the secret is having a good build.xml file 😉 .

When I ran the build file with ant, I got the following error:

Exception in thread “main” java.lang.SecurityException: Invalid signature file digest for Manifest main attributes.

The cause is the library jar files I use in my project (application 😉 ) are having expired keys..I know the need of singing the jar files, but why they expire so soon after the release…that is something I did not expect. I like to have my used libraries packed with my Jar file, so I know for sure the client has them, where I can find them and I know the version of the libraries with each release I do.

However, with a bit of googling I stumbled on this solution, which I didn’t know of before.

In my build file I used this syntax to add the libraries to my ow Jar file:

<zipfileset src="/usr/share/classpath/miglayout-swing.jar" />

But this inlcuded the manifest files of the jar lib. But when using the tip I’ve found and exclude the manifest file like this:

<zipfileset excludes="META-INF/**/*" src="/usr/share/classpath/miglayout-swing.jar" />

The problem is solved!

The other solution I did known of (and is quite a lot of work) is to un-jar all the attached library jar files, re-jar and resign those with my own key and include these..However this is NOT something you would like to do a lot, and I must say the suggestion done above  is a lot easier.


About GemsOfProgramming

Beeing a previously enthusiastic Java programmer, I rolled into the Oracle Database Administration world. It turned out I got a knack for this, and since approx. 2000 I'm a full time DBA. My experiences touches lot of Oracle products like Forms and Reports 9/10, JDAPI, Application Server, Weblogic Fusion and of course: Oracle Enterprise Databases, JavaFX, Swing and other Java components.
This entry was posted in Java. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s