问题
I'm getting a
java.lang.SecurityException: class "org.apache.poi.POIXMLDocument"'s signer information does not match signer information of other classes in the same package
between the BIRT core jar and an Apache POI jar, as described by this BIRT bug report.
It has been stated in the bug report that this can be fixed by upgrading BIRT, however when I do that I run into another runtime bug which can only be solved by downgrading. Thus, as it stands I am in a little bit of a pickle here. This comment says that I should be able to unzip the apache poi jar, delete the security information (there is none in the BIRT manifest), then rezip it and I should be good to go, however when I delete the security information my code that uses apache poi no longer compiles, its as if the poi dependency no longer exists (yes it is on the classpath). In addition i'm also getting an exception thrown from my aspectj weaver.
Here is the META-INF/MANIFEST.MF:
before (abridged, snippit)
Manifest-Version: 1.0
Bundle-ClassPath: .
Bundle-Vendor: Eclipse Orbit
Bundle-Name: Apache POI
Bundle-SymbolicName: org.apache.poi
Eclipse-SourceReferences: scm:cvs:pserver:dev.eclipse.org:/cvsroot/too
ls:org.eclipse.orbit/org.apache.poi;tag=v201303080712
Export-Package: org.apache.poi,org.apache.poi.common.usermodel,org.apa
che.poi.ddf,org.apache.poi.dev,org.apache.poi.hpsf,org.apache.poi.hps
f.extractor,org.apache.poi.hpsf.wellknown,org.apache.poi.hssf,org.apa
che.poi.hssf.dev,org.apache.poi.hssf.eventmodel,org.apache.poi.hssf.e
ventusermodel,org.apache.poi.hssf.eventusermodel.dummyrecord,org.apac
he.poi.hssf.extractor,org.apache.poi.hssf.model,org.apache.poi.hssf.r
ecord,org.apache.poi.hssf.record.aggregates,org.apache.poi.hssf.recor
d.cf,org.apache.poi.hssf.record.chart,org.apache.poi.hssf.record.comm
on,org.apache.poi.hssf.record.cont,org.apache.poi.hssf.record.crypto,
org.apache.poi.hssf.record.pivottable,org.apache.poi.hssf.usermodel,o
rg.apache.poi.hssf.util,org.apache.poi.poifs.common,org.apache.poi.po
ifs.crypt,org.apache.poi.poifs.dev,org.apache.poi.poifs.eventfilesyst
em,org.apache.poi.poifs.filesystem,org.apache.poi.poifs.nio,org.apach
e.poi.poifs.property,org.apache.poi.poifs.storage,org.apache.poi.ss,o
rg.apache.poi.ss.extractor,org.apache.poi.ss.format,org.apache.poi.ss
.formula,org.apache.poi.ss.formula.atp,org.apache.poi.ss.formula.cons
tant,org.apache.poi.ss.formula.eval,org.apache.poi.ss.formula.eval.fo
rked,org.apache.poi.ss.formula.function,org.apache.poi.ss.formula.fun
ctions,org.apache.poi.ss.formula.ptg,org.apache.poi.ss.formula.udf,or
g.apache.poi.ss.usermodel,org.apache.poi.ss.usermodel.charts,org.apac
he.poi.ss.util,org.apache.poi.ss.util.cellwalk,org.apache.poi.util
Bundle-Version: 3.9.0.v201303080712
Bundle-ManifestVersion: 2
Name: org/apache/poi/ss/formula/functions/AggregateFunction$5.class
SHA1-Digest: 5RrBJbQIbv6B9uMzek3j1oKz6M8=
Name: org/apache/poi/ss/usermodel/charts/AxisCrosses.class
SHA1-Digest: ipQ9+pxjWLkgUu7+oqv0Yehyggw=
Name: org/apache/poi/hssf/usermodel/HSSFSheet.class
SHA1-Digest: ScBV1zHQgPkl9+/wIKAG4fJQXCo=
Name: org/apache/poi/hssf/record/HyperlinkRecord$GUID.class
SHA1-Digest: 3kpDbR6WINPRF24HCT7qOrhKnE4=
Name: org/apache/poi/poifs/storage/RawDataBlockList.class
SHA1-Digest: RHoYWrfErxUXOgVH4A9IDEXcx6c=
Name: META-INF/LICENSE
SHA1-Digest: skDsOhroUOXZROozPxPxBGVNGv4=
Name: org/apache/poi/ss/util/DateFormatConverter.class
SHA1-Digest: LKE6cGcKD20qFWR7++gAw1YMZ7s=
... a lot more of this SHA1-Digest stuff
After (unabridged, full file):
Manifest-Version: 1.0
Bundle-ClassPath: .
Bundle-Vendor: Eclipse Orbit
Bundle-Name: Apache POI
Bundle-SymbolicName: org.apache.poi
Eclipse-SourceReferences: scm:cvs:pserver:dev.eclipse.org:/cvsroot/too
ls:org.eclipse.orbit/org.apache.poi;tag=v201303080712
Export-Package: org.apache.poi,org.apache.poi.common.usermodel,org.apa
che.poi.ddf,org.apache.poi.dev,org.apache.poi.hpsf,org.apache.poi.hps
f.extractor,org.apache.poi.hpsf.wellknown,org.apache.poi.hssf,org.apa
che.poi.hssf.dev,org.apache.poi.hssf.eventmodel,org.apache.poi.hssf.e
ventusermodel,org.apache.poi.hssf.eventusermodel.dummyrecord,org.apac
he.poi.hssf.extractor,org.apache.poi.hssf.model,org.apache.poi.hssf.r
ecord,org.apache.poi.hssf.record.aggregates,org.apache.poi.hssf.recor
d.cf,org.apache.poi.hssf.record.chart,org.apache.poi.hssf.record.comm
on,org.apache.poi.hssf.record.cont,org.apache.poi.hssf.record.crypto,
org.apache.poi.hssf.record.pivottable,org.apache.poi.hssf.usermodel,o
rg.apache.poi.hssf.util,org.apache.poi.poifs.common,org.apache.poi.po
ifs.crypt,org.apache.poi.poifs.dev,org.apache.poi.poifs.eventfilesyst
em,org.apache.poi.poifs.filesystem,org.apache.poi.poifs.nio,org.apach
e.poi.poifs.property,org.apache.poi.poifs.storage,org.apache.poi.ss,o
rg.apache.poi.ss.extractor,org.apache.poi.ss.format,org.apache.poi.ss
.formula,org.apache.poi.ss.formula.atp,org.apache.poi.ss.formula.cons
tant,org.apache.poi.ss.formula.eval,org.apache.poi.ss.formula.eval.fo
rked,org.apache.poi.ss.formula.function,org.apache.poi.ss.formula.fun
ctions,org.apache.poi.ss.formula.ptg,org.apache.poi.ss.formula.udf,or
g.apache.poi.ss.usermodel,org.apache.poi.ss.usermodel.charts,org.apac
he.poi.ss.util,org.apache.poi.ss.util.cellwalk,org.apache.poi.util
Bundle-Version: 3.9.0.v201303080712
Bundle-ManifestVersion: 2
As you can see, I deleted all the security information. Did I do something wrong along the way? Is this a valid solution for my problem?
回答1:
This stackoverflow post helped me.
I had to delete a few files in META-INF and also rezipping the folder and renaming it to jar is not enough, I needed to actually create the jar with this command:
jar cvf org.apache.poi_3.9.0.v201303080712.jar .
回答2:
In order to proceed in an automated operation, the following ANT macrodef should do the job:
<macrodef name="unsignjar">
<attribute name="jarfile"
description="The jar file to unsign" />
<sequential>
<!-- Editing the manifest file -->
<copy toFile="@{jarFile}_MANIFEST.tmp">
<resources>
<zipentry zipfile="@{jarFile}" name="META-INF/MANIFEST.MF"/>
</resources>
</copy>
<replaceregexp file="@{jarFile}_MANIFEST.tmp" match="\nName:(.+?)\nSH" replace="SH" flags="gis" byline="false"/>
<replaceregexp file="@{jarFile}_MANIFEST.tmp" match="SHA(.*)" replace="" flags="gis" byline="false"/>
<jar update="yes"
jarfile="@{jarFile}.tmp"
manifest="@{jarFile}_MANIFEST.tmp">
<zipfileset src="@{jarFile}">
<include name="**"/>
<!-- Clearing the META-INF directory -->
<exclude name="META-INF/*.SF"/>
<exclude name="META-INF/*.DSA"/>
<exclude name="META-INF/*.RSA"/>
</zipfileset>
</jar>
<delete file="@{jarFile}_MANIFEST.tmp" />
<move file="@{jarFile}.tmp"
tofile="@{jarFile}"
overwrite="true" />
</sequential>
</macrodef>
For a specific Jar file located in the WEB-INF/lib folder (${webapp.libs} key), it is called in an ANT task the following way:
<target name="unsignJar">
<unsignjar jarFile="${webapp.libs}/org.apache.poi_3.9.0.v201303080712.jar" />
</target>
来源:https://stackoverflow.com/questions/33988136/java-security-exception-birt-and-apache-poi-hack