Skip to content

Instantly share code, notes, and snippets.

@rkoshy

rkoshy/gist:af8b53b8738be955e8238d78511d36f3

Created July 8, 2022 09:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rkoshy/af8b53b8738be955e8238d78511d36f3 to your computer and use it in GitHub Desktop.
Save rkoshy/af8b53b8738be955e8238d78511d36f3 to your computer and use it in GitHub Desktop.
Download ZIP
Excluding crypto artifacts during the maven "shade" creation of an uber-jar
Raw
gistfile1.md

From: http://zhentao-li.blogspot.com/2012/06/maven-shade-plugin-invalid-signature.html

<configuration>
          <filters>
            <filter>
              <artifact>*:*</artifact>
              <excludes>
                <exclude>META-INF/*.SF</exclude>
                <exclude>META-INF/*.DSA</exclude>
                <exclude>META-INF/*.RSA</exclude>
              </excludes>
            </filter>
          </filters>
        </configuration>

The above configuration filters all files in META-INF ending with .SF, .DSA, and .RSA for all artifacts (:) when creating uber-jar file.

The reason java.lang.SecurityException is raised is because some dependency jar files are signed jar files. A jar file is signed by using jarsigner, which creates 2 additional files and places them in META-INF: a signature file, with a .SF extension, and a signature block file, with a .DSA, .RSA, or .EC extension. Since the uber-jar file is created, the signatures and integrity of signed JAR files are no longer valid. When the uber-jar file is executed, java.lang.SecurityException is thrown.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment