Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "EclipseLink/Bugs/305331"
< EclipseLink | Bugs
m (New page: = Bug Analysis Document: 305331: EclipseLink deployment on JBoss EAP 5.0.0 GA using signed JPA 1.0 ejb3-persistence.jar= * [http://bugs.eclipse.org/305331 Bugzilla Bug 305331 Unsigned ecl...) |
m (→Overview) |
||
| Line 2: | Line 2: | ||
* [http://bugs.eclipse.org/305331 Bugzilla Bug 305331 Unsigned eclipselink.jar doesn't work with signed ejb3-persistence.jar for JPA testing on JBOSS EAP 5.0.0 GA ] | * [http://bugs.eclipse.org/305331 Bugzilla Bug 305331 Unsigned eclipselink.jar doesn't work with signed ejb3-persistence.jar for JPA testing on JBOSS EAP 5.0.0 GA ] | ||
| + | * [http://bugs.eclipse.org/305330 Bugzilla Bug 305330 EclipseLink JPA tests failed On JBOSS EAP 5.0.0 GA JNDI lookup failure of Proxy FactoryA ] | ||
| + | |||
== Document History == | == Document History == | ||
{|{{BMTableStyle}} | {|{{BMTableStyle}} | ||
| Line 15: | Line 17: | ||
== Status == | == Status == | ||
| + | *In progress 20100311 for options 3,4 and 5. | ||
| + | *<font color="red">Currently recommending '''[[EclipseLink/Bugs/305331#Option_1:_Replace_signed_ejb3-persistence.jar_with_an_unsigned_version_from_JBoss_5.1.0_community_edition_-_valid|Option 1]]'''</font> - until options 3,4 and 5 are validated | ||
| + | |||
== Overview == | == Overview == | ||
| + | *The EAP 5.0.0 GA version of the JBoss Application Server ships with signed library jars. This presents a problem for users of EclipseLink that place our unsigned implementation jar '''eclipselink.jar''' beside the JPA 1.0 ''javax specification'' jar - '''ejb3-persistence.jar''' in the '''common/lib''' library folder off the server. On deploymehnt in EAP 5.0.0 GA we receive a '''Security Exception''' because of the difference in security levels. | ||
| + | *The Community Edition of JBoss 5.1.0 and 6.0.0 M1 do not have these issues because their library jars are unsigned. | ||
| + | *This document details several possible solutions to this ''signed jar'' issue and recommends the best approach. | ||
| + | *JBoss '''[https://jira.jboss.org/jira/browse/JBPAPP-2971 JIRA JBPAPP-2971]''' is encountering the same issue with cglib.jar - one of the alternatives for this JIRA are the same as [[EclipseLink/Bugs/305331#Option_1:_Replace_signed_ejb3-persistence.jar_with_an_unsigned_version_from_JBoss_5.1.0_community_edition_-_valid|Option 1]] | ||
| + | |||
== Concepts == | == Concepts == | ||
===JPA Specification Notes=== | ===JPA Specification Notes=== | ||
| Line 21: | Line 31: | ||
====JPA 2.0 Specification==== | ====JPA 2.0 Specification==== | ||
== Reproduction == | == Reproduction == | ||
| + | *Reproduction in standalone EAR (outside of test framework configuration) | ||
| + | **trunk examples JBoss EAR with commented JPA 2.0 calls and persistence.xml tags | ||
| + | ***http://dev.eclipse.org/svnroot/rt/org.eclipse.persistence/trunk/examples/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB/ejbModule/META-INF/persistence.xml | ||
| + | ****copy unsigned trunk eclipselink.jar to common/lib | ||
| + | ****create default JBoss 5 server in Eclipse IDE | ||
| + | ****deploy jboss.EnterpriseEAR (with default HSQL datasource) to JBoss 5.0 EAP | ||
| + | ===Results: unsigned/signed conflict SecurityException - expected=== | ||
| + | ====Logs:==== | ||
| + | <pre> | ||
| + | 2010-03-11 11:10:08,988 INFO [org.jboss.bootstrap.microcontainer.ServerImpl] (main) JBoss (Microcontainer) [5.0.0.GA (build: SVNTag=JBPAPP_5_0_0_GA | ||
| + | date=200910202128)] Started in 1m:3s:180ms | ||
| + | 2010-03-11 11:10:47,698 INFO [org.jboss.ejb3.deployers.Ejb3DependenciesDeployer] (HDScanner) Encountered deployment | ||
| + | AbstractVFSDeploymentContext@26267218{vfszip:/C:/opt/jboss-eap-5.0/jboss-as/server/default/deploy/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEAR.ear/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB.jar/} | ||
| + | 2010-03-11 11:10:48,059 INFO [org.jboss.jpa.deployment.PersistenceUnitDeployment] (HDScanner) Starting persistence unit | ||
| + | persistence.unit:unitName=org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEAR.ear/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB.jar#example | ||
| + | 2010-03-11 11:10:48,069 WARN [org.jboss.detailed.classloader.ClassLoaderManager] (HDScanner) Unexpected error during load of:javax.persistence.spi.ProviderUtil java.lang.SecurityException: lass "javax.persistence.spi.ProviderUtil"'s signer information does not match signer information of other classes in the | ||
| + | same package | ||
| + | at java.lang.ClassLoader.checkCerts(ClassLoader.java:769) | ||
| + | ... | ||
| + | at | ||
| + | org.jboss.jpa.deployment.PersistenceUnitDeployment.start(PersistenceUnitDeployment.java:285) | ||
| + | >and resultant secondary exception CNFE because the signed JPA 1.0 specification class was not loaded 2010-03-11 11:10:48,069 ERROR | ||
| + | [org.jboss.kernel.plugins.dependency.AbstractKernelController] (HDScanner) Error installing to Start: | ||
| + | name=persistence.unit:unitName=org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEAR.ear/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB.jar#example | ||
| + | state=Create | ||
| + | java.lang.NoClassDefFoundError: javax/persistence/spi/ProviderUtil | ||
| + | Caused by: java.lang.ClassNotFoundException: Unexpected error during load of: javax.persistence.spi.ProviderUtil, msg=class | ||
| + | "javax.persistence.spi.ProviderUtil"'s signer information does not match signer information of other classes in the same package | ||
| + | </pre> | ||
===Prerequisites=== | ===Prerequisites=== | ||
===Data Model=== | ===Data Model=== | ||
| − | ===Use Case 1: === | + | *The testing models for reproduction are based off of the [http://wiki.eclipse.org/EclipseLink/Examples/JPA/JBoss_Web_Tutorial JBoss server example] in the SVN trunk. |
| + | ===Use Case 1: Container managed Persistence Unit injected on a Stateless Session Bean invoked via a Servlet client=== | ||
| + | *This use case is valid for options 1, 2, 5 | ||
| + | ===Use Case 2: Application managed Persistence Unit injected on Servlet client=== | ||
| + | *This use case is valid for options 1, 2, 3, 4, 5 | ||
====StackTrace==== | ====StackTrace==== | ||
====Logs==== | ====Logs==== | ||
| − | == Analysis == | + | ==Analysis== |
| − | === | + | ===<font color="green">Option 1: Replace signed ejb3-persistence.jar with an unsigned version from JBoss 5.1.0 community edition - valid</font>=== |
| + | ====Server Configuration 1:==== | ||
| + | * replace 5.0.0 (ejb3-persistence.jar) with version from 5.1.0 (community edition) - both JPA 1.0 versions in '''common/lib''' | ||
| + | *restart server, deploy EAR | ||
| + | ====Client Configuration 1:==== | ||
| + | * Client EAR runs out of the box using default HSQL TX datasource - https://bugs.eclipse.org/bugs/attachment.cgi?id=161810 | ||
| + | ====Results 1:==== | ||
| + | *JPA 1.0 application runs fine | ||
| + | <pre> | ||
| + | 12:01:41,308 INFO [STDOUT] [EL Finest]: 2010-03-11 12:01:41.308--UnitOfWork(11747982)--Thread(Thread[http-127.0.0.1-8080-1,5,jboss])--Register the existing object org.eclipse.persistence.example.jpa.server.business.Cell@3324876( id: 2 state: null left: null right: null parent: HashSet@34627602 references: HashSet@34627602) | ||
| + | </pre> | ||
| + | |||
| + | ===<font color="red">Option 2: Ship signed eclipselink.jar - invalid</font>=== | ||
| + | *This option has us sign our eclipselink.jar with jarsigner - however we do not have access to the private keys used to sign the JBoss libraries so this is currently not feasible. | ||
| + | ====Server Configuration 2:==== | ||
| + | ====Client Configuration 2:==== | ||
| + | ====Results 2: ==== | ||
| + | ===<font color="orange">Option 3: Global Shared Library - Server level scope - verifying</font>=== | ||
| + | *In this option we create a global shared library on the server or in a jar-only EAR that is accessible to all server applications. | ||
| + | *This shared library must override the '''common/lib/ejb3-persistence.jar'''. | ||
| + | ====Server Configuration 3:==== | ||
| + | =====Shared Library on EAR/lib===== | ||
| + | *Add EAR/lib/eclipselink.jar and EAR/lib/javax.persistence_2.0.0.v201002051058.jar | ||
| + | *Reference these two jars in the '''war/src/META-INF/manifest.MF | ||
| + | **Class-Path: javax.persistence_2.0.0.v201002051058.jar eclipselink.jar | ||
| + | *Getting CCE because the ejb3.persistence.jar on the server is taking precedence by default over the specification jar shipped with the EAR | ||
| + | **java.lang.ClassCastException: org.eclipse.persistence.jpa.PersistenceProvider cannot be cast to javax.persistence.spi.PersistenceProvider | ||
| + | *Solution would be a similar override as for ''WebLogic'' via '''<pre><wls:prefer-application-packages></pre>''' | ||
| + | |||
| + | ====Client Configuration 3:==== | ||
| + | *One of | ||
| + | **jboss-app.xml | ||
| + | **EAR/lib | ||
| + | **application.xml | ||
| + | |||
| + | ====Results 3:==== | ||
| + | |||
| + | ===<font color="orange">Option 4: Application Shared Library - Local EAR level scope - verifying</font>=== | ||
| + | ====Server Configuration 4:==== | ||
| + | ====Client Configuration 4:==== | ||
| + | ====Results 4:==== | ||
| + | ===Option 5: Generate an eclipselink jar with the JPA 2.0 dependencies removed=== | ||
| + | ====Server Configuration 5:==== | ||
| + | ====Client Configuration 5:==== | ||
| + | ====Results 5:==== | ||
| + | |||
== Open Issues == | == Open Issues == | ||
{|{{BMTableStyle}} | {|{{BMTableStyle}} | ||
Revision as of 09:44, 12 March 2010
Contents
- 1 Bug Analysis Document: 305331: EclipseLink deployment on JBoss EAP 5.0.0 GA using signed JPA 1.0 ejb3-persistence.jar
- 1.1 Document History
- 1.2 Status
- 1.3 Overview
- 1.4 Concepts
- 1.5 Reproduction
- 1.5.1 Results: unsigned/signed conflict SecurityException - expected
- 1.5.2 Prerequisites
- 1.5.3 Data Model
- 1.5.4 Use Case 1: Container managed Persistence Unit injected on a Stateless Session Bean invoked via a Servlet client
- 1.5.5 Use Case 2: Application managed Persistence Unit injected on Servlet client
- 1.6 Analysis
- 1.6.1 Option 1: Replace signed ejb3-persistence.jar with an unsigned version from JBoss 5.1.0 community edition - valid
- 1.6.2 Option 2: Ship signed eclipselink.jar - invalid
- 1.6.3 Option 3: Global Shared Library - Server level scope - verifying
- 1.6.4 Option 4: Application Shared Library - Local EAR level scope - verifying
- 1.6.5 Option 5: Generate an eclipselink jar with the JPA 2.0 dependencies removed
- 1.7 Open Issues
- 1.8 Decisions
- 1.9 Future Considerations
- 1.10 References
Bug Analysis Document: 305331: EclipseLink deployment on JBoss EAP 5.0.0 GA using signed JPA 1.0 ejb3-persistence.jar
- Bugzilla Bug 305331 Unsigned eclipselink.jar doesn't work with signed ejb3-persistence.jar for JPA testing on JBOSS EAP 5.0.0 GA
- Bugzilla Bug 305330 EclipseLink JPA tests failed On JBOSS EAP 5.0.0 GA JNDI lookup failure of Proxy FactoryA
Document History
| Date | Author | Version Description & Notes |
|---|---|---|
| 20100312 | Michael O'Brien | 1.0 Initial investigation of solution scenarios |
Status
- In progress 20100311 for options 3,4 and 5.
- Currently recommending Option 1 - until options 3,4 and 5 are validated
Overview
- The EAP 5.0.0 GA version of the JBoss Application Server ships with signed library jars. This presents a problem for users of EclipseLink that place our unsigned implementation jar eclipselink.jar beside the JPA 1.0 javax specification jar - ejb3-persistence.jar in the common/lib library folder off the server. On deploymehnt in EAP 5.0.0 GA we receive a Security Exception because of the difference in security levels.
- The Community Edition of JBoss 5.1.0 and 6.0.0 M1 do not have these issues because their library jars are unsigned.
- This document details several possible solutions to this signed jar issue and recommends the best approach.
- JBoss JIRA JBPAPP-2971 is encountering the same issue with cglib.jar - one of the alternatives for this JIRA are the same as Option 1
Concepts
JPA Specification Notes
JPA 1.0 Specification
JPA 2.0 Specification
Reproduction
- Reproduction in standalone EAR (outside of test framework configuration)
- trunk examples JBoss EAR with commented JPA 2.0 calls and persistence.xml tags
- http://dev.eclipse.org/svnroot/rt/org.eclipse.persistence/trunk/examples/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB/ejbModule/META-INF/persistence.xml
- copy unsigned trunk eclipselink.jar to common/lib
- create default JBoss 5 server in Eclipse IDE
- deploy jboss.EnterpriseEAR (with default HSQL datasource) to JBoss 5.0 EAP
- http://dev.eclipse.org/svnroot/rt/org.eclipse.persistence/trunk/examples/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB/ejbModule/META-INF/persistence.xml
- trunk examples JBoss EAR with commented JPA 2.0 calls and persistence.xml tags
Results: unsigned/signed conflict SecurityException - expected
Logs:
2010-03-11 11:10:08,988 INFO [org.jboss.bootstrap.microcontainer.ServerImpl] (main) JBoss (Microcontainer) [5.0.0.GA (build: SVNTag=JBPAPP_5_0_0_GA
date=200910202128)] Started in 1m:3s:180ms
2010-03-11 11:10:47,698 INFO [org.jboss.ejb3.deployers.Ejb3DependenciesDeployer] (HDScanner) Encountered deployment
AbstractVFSDeploymentContext@26267218{vfszip:/C:/opt/jboss-eap-5.0/jboss-as/server/default/deploy/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEAR.ear/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB.jar/}
2010-03-11 11:10:48,059 INFO [org.jboss.jpa.deployment.PersistenceUnitDeployment] (HDScanner) Starting persistence unit
persistence.unit:unitName=org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEAR.ear/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB.jar#example
2010-03-11 11:10:48,069 WARN [org.jboss.detailed.classloader.ClassLoaderManager] (HDScanner) Unexpected error during load of:javax.persistence.spi.ProviderUtil java.lang.SecurityException: lass "javax.persistence.spi.ProviderUtil"'s signer information does not match signer information of other classes in the
same package
at java.lang.ClassLoader.checkCerts(ClassLoader.java:769)
...
at
org.jboss.jpa.deployment.PersistenceUnitDeployment.start(PersistenceUnitDeployment.java:285)
>and resultant secondary exception CNFE because the signed JPA 1.0 specification class was not loaded 2010-03-11 11:10:48,069 ERROR
[org.jboss.kernel.plugins.dependency.AbstractKernelController] (HDScanner) Error installing to Start:
name=persistence.unit:unitName=org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEAR.ear/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB.jar#example
state=Create
java.lang.NoClassDefFoundError: javax/persistence/spi/ProviderUtil
Caused by: java.lang.ClassNotFoundException: Unexpected error during load of: javax.persistence.spi.ProviderUtil, msg=class
"javax.persistence.spi.ProviderUtil"'s signer information does not match signer information of other classes in the same package
Prerequisites
Data Model
- The testing models for reproduction are based off of the JBoss server example in the SVN trunk.
Use Case 1: Container managed Persistence Unit injected on a Stateless Session Bean invoked via a Servlet client
- This use case is valid for options 1, 2, 5
Use Case 2: Application managed Persistence Unit injected on Servlet client
- This use case is valid for options 1, 2, 3, 4, 5
StackTrace
Logs
Analysis
Option 1: Replace signed ejb3-persistence.jar with an unsigned version from JBoss 5.1.0 community edition - valid
Server Configuration 1:
- replace 5.0.0 (ejb3-persistence.jar) with version from 5.1.0 (community edition) - both JPA 1.0 versions in common/lib
- restart server, deploy EAR
Client Configuration 1:
- Client EAR runs out of the box using default HSQL TX datasource - https://bugs.eclipse.org/bugs/attachment.cgi?id=161810
Results 1:
- JPA 1.0 application runs fine
12:01:41,308 INFO [STDOUT] [EL Finest]: 2010-03-11 12:01:41.308--UnitOfWork(11747982)--Thread(Thread[http-127.0.0.1-8080-1,5,jboss])--Register the existing object org.eclipse.persistence.example.jpa.server.business.Cell@3324876( id: 2 state: null left: null right: null parent: HashSet@34627602 references: HashSet@34627602)
Option 2: Ship signed eclipselink.jar - invalid
- This option has us sign our eclipselink.jar with jarsigner - however we do not have access to the private keys used to sign the JBoss libraries so this is currently not feasible.
Server Configuration 2:
Client Configuration 2:
Results 2:
- In this option we create a global shared library on the server or in a jar-only EAR that is accessible to all server applications.
- This shared library must override the common/lib/ejb3-persistence.jar.
Server Configuration 3:
- Add EAR/lib/eclipselink.jar and EAR/lib/javax.persistence_2.0.0.v201002051058.jar
- Reference these two jars in the war/src/META-INF/manifest.MF
- Class-Path: javax.persistence_2.0.0.v201002051058.jar eclipselink.jar
- Getting CCE because the ejb3.persistence.jar on the server is taking precedence by default over the specification jar shipped with the EAR
- java.lang.ClassCastException: org.eclipse.persistence.jpa.PersistenceProvider cannot be cast to javax.persistence.spi.PersistenceProvider
- Solution would be a similar override as for WebLogic via
<wls:prefer-application-packages>
Client Configuration 3:
- One of
- jboss-app.xml
- EAR/lib
- application.xml
Results 3:
Server Configuration 4:
Client Configuration 4:
Results 4:
Option 5: Generate an eclipselink jar with the JPA 2.0 dependencies removed
Server Configuration 5:
Client Configuration 5:
Results 5:
Open Issues
| Issue # | Owner | Description / Notes |
|---|---|---|
| I1 | mobrien | - |
Decisions
| Issue # | Description / Notes | Decision |
|---|---|---|