Invalid signature file digest for Manifest main attributes exception while trying to run jar file
I am trying to run the jar file of my project. I am working on intelliJ and have use artifacts to generate the jar file. But everytime i am trying to run my jar file its giv
-
just filter the signature files from your uber jar
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-shade-plugin</artifactId> <version>3.2.4</version> <executions> <execution> <phase>package</phase> <goals> <goal>shade</goal> </goals> <configuration> <minimizeJar>true</minimizeJar> <filters> <filter> <artifact>*:*</artifact> <excludes> <exclude>META-INF/*.SF</exclude> <exclude>META-INF/*.DSA</exclude> <exclude>META-INF/*.RSA</exclude> </excludes> </filter> </filters> </configuration> </execution> </executions> </plugin>讨论(0) -
For the same problem,I have done clean install and issue gone. So clean install is one option by which you can build with fresh downloaded jars.
讨论(0) -
In the compiled jar need to delete the security signed files. To do this follow this command
zip -d jarfile.jar 'META-INF/.SF' 'META-INF/.RSA' 'META-INF/*SF'
讨论(0) -
Instead of deleting the META-INF file, I changed the method in the Artifact definition. I deleted the "Extracted" library from the Artifact and added it again as "Put into Output Root".
This way the library will be incorporated without any changes in the new jar file, which I assume is the objective of signing the library...
By the way, I am also using the sqljdbc.jar.
讨论(0) -
Some of your dependency JARs is a signed JAR, so when you combine then all in one JAR and run that JAR then signature of the signed JAR doesn't match up and hence you get the security exception about signature mis-match.
To fix this you need to first identify which all dependency JARs are signed JARs and then exclude them. Depending upon whether you are using MAVEN or ANT, you have to take appropriate solution. Below are but you can read more here, here and here.
Maven:
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-dependency-plugin</artifactId> <version>2.6</version> <executions> <execution> <id>unpack-dependencies</id> <phase>package</phase> <goals> <goal>unpack-dependencies</goal> </goals> <configuration> <excludeScope>system</excludeScope> <excludes>META-INF/*.SF</excludes> <excludes>META-INF/*.DSA</excludes> <excludes>META-INF/*.RSA</excludes> <excludeGroupIds>junit,org.mockito,org.hamcrest</excludeGroupIds> <outputDirectory>${project.build.directory}/classes</outputDirectory> </configuration> </execution> </executions> </plugin>ANT:
<jar destfile="app.jar" basedir="${classes.dir}"> <zipfileset excludes="META-INF/**/*" src="${lib.dir}/bcprov-jdk16-145.jar"></zipfileset> <manifest> <attribute name="Main-Class" value="app.Main"/> </manifest> </jar>
Update based on OP's comment:
"sqljdbc4.jar" was the signed JAR in OP's external libraries. So, following above approach to systematically exclude the signature related files like .SF, .RSA or .DES or other algorithms files is the right way to move forward.
If these signature files are not excluded then security exception will occur because of signature mismatch.
How to know if a JAR is signed or not?: If a JAR contains files like files like .SF, .RSA or .DES or other algorithms files, then it is a signed JAR. Or run
jarsigner -verify jarname.jarand see if it outputs "verified"讨论(0) -
In my case, I am working with an uber-jar via maven-shade-plugin and @ruhsuzbaykus answer here was the solution. The strategy seems very similar to what @hagrawal proposes but the exclusions are added as a filter configuration of maven-shade-plugin.
讨论(0)
加载中...
- 热议问题