Skip to content

Instantly share code, notes, and snippets.

@mihasya
Created January 2, 2013 19:32
Show Gist options
  • Save mihasya/4437189 to your computer and use it in GitHub Desktop.
Save mihasya/4437189 to your computer and use it in GitHub Desktop.
Debug info about SecurityException when using mvn exec:java
[INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:compile
...
[INFO] +- com.yammer.dropwizard:dropwizard-core:jar:0.6.1:compile
[INFO] | +- com.sun.jersey:jersey-core:jar:1.15:compile
[INFO] | +- com.sun.jersey:jersey-server:jar:1.15:compile
[INFO] | | \- asm:asm:jar:3.1:compile
[INFO] | +- com.sun.jersey:jersey-servlet:jar:1.15:compile
[INFO] | +- com.yammer.metrics:metrics-core:jar:2.2.0:compile
[INFO] | +- com.yammer.metrics:metrics-servlet:jar:2.2.0:compile
[INFO] | +- com.yammer.metrics:metrics-jetty:jar:2.2.0:compile
[INFO] | +- com.yammer.metrics:metrics-logback:jar:2.2.0:compile
[INFO] | +- com.yammer.metrics:metrics-jersey:jar:2.2.0:compile
[INFO] | | \- com.yammer.metrics:metrics-annotation:jar:2.2.0:compile
[INFO] | +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.1.1:compile
[INFO] | | \- com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.1.1:compile
[INFO] | +- com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.1.1:compile
[INFO] | +- com.fasterxml.jackson.datatype:jackson-datatype-guava:jar:2.1.1:compile
[INFO] | +- net.sourceforge.argparse4j:argparse4j:jar:0.2.2:compile
[INFO] | +- org.slf4j:jul-to-slf4j:jar:1.7.2:compile
[INFO] | +- ch.qos.logback:logback-core:jar:1.0.7:compile
[INFO] | +- ch.qos.logback:logback-classic:jar:1.0.7:compile
[INFO] | +- org.slf4j:log4j-over-slf4j:jar:1.7.2:compile
[INFO] | +- org.eclipse.jetty:jetty-server:jar:8.1.8.v20121106:compile
[INFO] | | +- org.eclipse.jetty.orbit:javax.servlet:jar:3.0.0.v201112011016:compile
[INFO] | | \- org.eclipse.jetty:jetty-continuation:jar:8.1.8.v20121106:compile
[INFO] | +- org.eclipse.jetty:jetty-servlet:jar:8.1.8.v20121106:compile
[INFO] | | \- org.eclipse.jetty:jetty-security:jar:8.1.8.v20121106:compile
[INFO] | +- org.eclipse.jetty:jetty-http:jar:8.1.8.v20121106:compile
[INFO] | | \- org.eclipse.jetty:jetty-io:jar:8.1.8.v20121106:compile
[INFO] | | \- org.eclipse.jetty:jetty-util:jar:8.1.8.v20121106:compile
[INFO] | +- com.google.code.findbugs:jsr305:jar:2.0.1:compile
[INFO] | +- org.hibernate:hibernate-validator:jar:4.3.0.Final:compile
[INFO] | | +- javax.validation:validation-api:jar:1.0.0.GA:compile
[INFO] | | \- org.jboss.logging:jboss-logging:jar:3.1.0.CR2:compile
[INFO] | \- com.fasterxml.jackson.datatype:jackson-datatype-joda:jar:2.1.1:compile
...
[INFO] +- com.yammer.dropwizard:dropwizard-testing:jar:0.6.1:test
[INFO] | +- com.sun.jersey.jersey-test-framework:jersey-test-framework-core:jar:1.15:test
[INFO] | | \- com.sun.jersey:jersey-client:jar:1.15:test
[INFO] | +- com.sun.jersey.jersey-test-framework:jersey-test-framework-inmemory:jar:1.15:test
[INFO] | +- org.mockito:mockito-all:jar:1.9.5:test
[INFO] | \- org.easytesting:fest-assert-core:jar:2.0M8:test
[INFO] | \- org.easytesting:fest-util:jar:1.2.3:test
[INFO] +- com.yammer.dropwizard:dropwizard-core:jar:0.6.1:compile
[INFO] | +- com.sun.jersey:jersey-core:jar:1.15:compile
[INFO] | +- com.sun.jersey:jersey-server:jar:1.15:compile
[INFO] | | \- asm:asm:jar:3.1:compile
[INFO] | +- com.sun.jersey:jersey-servlet:jar:1.15:compile
[INFO] | +- com.yammer.metrics:metrics-core:jar:2.2.0:compile
[INFO] | +- com.yammer.metrics:metrics-servlet:jar:2.2.0:compile
[INFO] | +- com.yammer.metrics:metrics-jetty:jar:2.2.0:compile
[INFO] | +- com.yammer.metrics:metrics-logback:jar:2.2.0:compile
[INFO] | +- com.yammer.metrics:metrics-jersey:jar:2.2.0:compile
[INFO] | | \- com.yammer.metrics:metrics-annotation:jar:2.2.0:compile
[INFO] | +- com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:2.1.1:compile
[INFO] | | \- com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.1.1:compile
[INFO] | +- com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.1.1:compile
[INFO] | +- com.fasterxml.jackson.datatype:jackson-datatype-guava:jar:2.1.1:compile
[INFO] | +- net.sourceforge.argparse4j:argparse4j:jar:0.2.2:compile
[INFO] | +- org.slf4j:jul-to-slf4j:jar:1.7.2:compile
[INFO] | +- ch.qos.logback:logback-core:jar:1.0.7:compile
[INFO] | +- ch.qos.logback:logback-classic:jar:1.0.7:compile
[INFO] | +- org.slf4j:log4j-over-slf4j:jar:1.7.2:compile
[INFO] | +- org.eclipse.jetty:jetty-server:jar:8.1.8.v20121106:compile
[INFO] | | +- org.eclipse.jetty.orbit:javax.servlet:jar:3.0.0.v201112011016:compile
[INFO] | | \- org.eclipse.jetty:jetty-continuation:jar:8.1.8.v20121106:compile
[INFO] | +- org.eclipse.jetty:jetty-servlet:jar:8.1.8.v20121106:compile
[INFO] | | \- org.eclipse.jetty:jetty-security:jar:8.1.8.v20121106:compile
[INFO] | +- org.eclipse.jetty:jetty-http:jar:8.1.8.v20121106:compile
[INFO] | | \- org.eclipse.jetty:jetty-io:jar:8.1.8.v20121106:compile
[INFO] | | \- org.eclipse.jetty:jetty-util:jar:8.1.8.v20121106:compile
[INFO] | +- com.google.code.findbugs:jsr305:jar:2.0.1:compile
[INFO] | +- org.hibernate:hibernate-validator:jar:4.3.0.Final:compile
[INFO] | | +- javax.validation:validation-api:jar:1.0.0.GA:compile
[INFO] | | \- org.jboss.logging:jboss-logging:jar:3.1.0.CR2:compile
[INFO] | \- com.fasterxml.jackson.datatype:jackson-datatype-joda:jar:2.1.1:compile
...
[INFO] +- com.yammer.dropwizard:dropwizard-testing:jar:0.6.1:test
[INFO] | +- com.sun.jersey.jersey-test-framework:jersey-test-framework-core:jar:1.15:test
[INFO] | | +- javax.servlet:javax.servlet-api:jar:3.0.1:test
[INFO] | | \- com.sun.jersey:jersey-client:jar:1.15:test
[INFO] | +- com.sun.jersey.jersey-test-framework:jersey-test-framework-inmemory:jar:1.15:test
[INFO] | +- org.mockito:mockito-all:jar:1.9.5:test
[INFO] | \- org.easytesting:fest-assert-core:jar:2.0M8:test
[INFO] | \- org.easytesting:fest-util:jar:1.2.3:test
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:297)
at java.lang.Thread.run(Thread.java:680)
Caused by: java.lang.SecurityException: class "javax.servlet.DispatcherType"'s signer information does not match signer information of other classes in the same package
at java.lang.ClassLoader.checkCerts(ClassLoader.java:806)
at java.lang.ClassLoader.preDefineClass(ClassLoader.java:487)
at java.lang.ClassLoader.defineClassCond(ClassLoader.java:625)
at java.lang.ClassLoader.defineClass(ClassLoader.java:615)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
at com.yammer.dropwizard.cli.ServerCommand.run(ServerCommand.java:43)
at com.yammer.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:39)
at com.yammer.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:58)
at com.yammer.dropwizard.cli.Cli.run(Cli.java:53)
at com.yammer.dropwizard.Service.run(Service.java:61)
@mihasya
Copy link
Author

mihasya commented Jan 2, 2013

The only difference between before and after is that after was produced with the following as a top-level dependency

        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.0.1</version>
        </dependency>

thus making that jar a top-level dependency. I suspect the issue is that dropwizard-core pulls in a snapshot dependency of javax.servlet, but I'm not sure I understand why making servlet-api a top-level dep fixes the signature mismatch.. Perhaps both packages offer the DispatcherType class, and moving it up causes the class loader to use the one from the properly-signed package?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment