Jump to: navigation, search

Difference between revisions of "EclipseLink/Bugs/305331"

m (New page: = Bug Analysis Document: 305331: EclipseLink deployment on JBoss EAP 5.0.0 GA using signed JPA 1.0 ejb3-persistence.jar= * [http://bugs.eclipse.org/305331 Bugzilla Bug 305331 Unsigned ecl...)
 
m (Overview)
Line 2: Line 2:
  
 
* [http://bugs.eclipse.org/305331 Bugzilla Bug 305331 Unsigned eclipselink.jar doesn't work with signed ejb3-persistence.jar for JPA testing on JBOSS EAP 5.0.0 GA ]
 
* [http://bugs.eclipse.org/305331 Bugzilla Bug 305331 Unsigned eclipselink.jar doesn't work with signed ejb3-persistence.jar for JPA testing on JBOSS EAP 5.0.0 GA ]
 +
* [http://bugs.eclipse.org/305330 Bugzilla Bug 305330 EclipseLink JPA tests failed On JBOSS EAP 5.0.0 GA JNDI lookup failure of Proxy FactoryA ]
 +
 
== Document History ==
 
== Document History ==
 
{|{{BMTableStyle}}
 
{|{{BMTableStyle}}
Line 15: Line 17:
  
 
== Status ==
 
== Status ==
 +
*In progress 20100311 for options 3,4 and 5.
 +
*<font color="red">Currently recommending '''[[EclipseLink/Bugs/305331#Option_1:_Replace_signed_ejb3-persistence.jar_with_an_unsigned_version_from_JBoss_5.1.0_community_edition_-_valid|Option 1]]'''</font> - until options 3,4 and 5 are validated
 +
 
== Overview ==
 
== Overview ==
 +
*The EAP 5.0.0 GA version of the JBoss Application Server ships with signed library jars.  This presents a problem for users of EclipseLink that place our unsigned implementation jar '''eclipselink.jar''' beside the JPA 1.0 ''javax specification'' jar - '''ejb3-persistence.jar''' in the '''common/lib''' library folder off the server.  On deploymehnt in EAP 5.0.0 GA we receive a '''Security Exception''' because of the difference in security levels.
 +
*The Community Edition of JBoss 5.1.0 and 6.0.0 M1 do not have these issues because their library jars are unsigned.
 +
*This document details several possible solutions to this ''signed jar'' issue and recommends the best approach.
 +
*JBoss '''[https://jira.jboss.org/jira/browse/JBPAPP-2971 JIRA JBPAPP-2971]''' is encountering the same issue with cglib.jar - one of the alternatives for this JIRA are the same as [[EclipseLink/Bugs/305331#Option_1:_Replace_signed_ejb3-persistence.jar_with_an_unsigned_version_from_JBoss_5.1.0_community_edition_-_valid|Option 1]]
 +
 
== Concepts ==
 
== Concepts ==
 
===JPA Specification Notes===
 
===JPA Specification Notes===
Line 21: Line 31:
 
====JPA 2.0 Specification====
 
====JPA 2.0 Specification====
 
== Reproduction ==
 
== Reproduction ==
 +
*Reproduction in standalone EAR (outside of test framework configuration)
 +
**trunk examples JBoss EAR with commented JPA 2.0 calls and persistence.xml tags
 +
***http://dev.eclipse.org/svnroot/rt/org.eclipse.persistence/trunk/examples/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB/ejbModule/META-INF/persistence.xml
 +
****copy unsigned trunk eclipselink.jar to common/lib
 +
****create default JBoss 5 server in Eclipse IDE
 +
****deploy jboss.EnterpriseEAR (with default HSQL datasource) to JBoss 5.0 EAP
 +
===Results: unsigned/signed conflict SecurityException - expected===
 +
====Logs:====
 +
<pre>
 +
2010-03-11 11:10:08,988 INFO  [org.jboss.bootstrap.microcontainer.ServerImpl] (main) JBoss (Microcontainer) [5.0.0.GA (build: SVNTag=JBPAPP_5_0_0_GA
 +
date=200910202128)] Started in 1m:3s:180ms
 +
2010-03-11 11:10:47,698 INFO [org.jboss.ejb3.deployers.Ejb3DependenciesDeployer] (HDScanner) Encountered deployment
 +
AbstractVFSDeploymentContext@26267218{vfszip:/C:/opt/jboss-eap-5.0/jboss-as/server/default/deploy/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEAR.ear/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB.jar/}
 +
2010-03-11 11:10:48,059 INFO [org.jboss.jpa.deployment.PersistenceUnitDeployment] (HDScanner) Starting persistence unit
 +
persistence.unit:unitName=org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEAR.ear/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB.jar#example
 +
2010-03-11 11:10:48,069 WARN [org.jboss.detailed.classloader.ClassLoaderManager] (HDScanner) Unexpected error during load of:javax.persistence.spi.ProviderUtil java.lang.SecurityException:  lass "javax.persistence.spi.ProviderUtil"'s signer information does not match signer information of other classes in the
 +
same package
 +
    at java.lang.ClassLoader.checkCerts(ClassLoader.java:769)
 +
...
 +
    at
 +
org.jboss.jpa.deployment.PersistenceUnitDeployment.start(PersistenceUnitDeployment.java:285)
 +
>and resultant secondary exception CNFE because the signed JPA 1.0 specification class was not loaded 2010-03-11 11:10:48,069 ERROR
 +
[org.jboss.kernel.plugins.dependency.AbstractKernelController] (HDScanner) Error installing to Start:
 +
name=persistence.unit:unitName=org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEAR.ear/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB.jar#example
 +
state=Create
 +
java.lang.NoClassDefFoundError: javax/persistence/spi/ProviderUtil
 +
Caused by: java.lang.ClassNotFoundException: Unexpected error during load of: javax.persistence.spi.ProviderUtil, msg=class
 +
"javax.persistence.spi.ProviderUtil"'s signer information does not match signer information of other classes in the same package
 +
</pre>
 
===Prerequisites===
 
===Prerequisites===
 
===Data Model===
 
===Data Model===
===Use Case 1: ===
+
*The testing models for reproduction are based off of the [http://wiki.eclipse.org/EclipseLink/Examples/JPA/JBoss_Web_Tutorial JBoss server example] in the SVN trunk.
 +
===Use Case 1: Container managed Persistence Unit injected on a Stateless Session Bean invoked via a Servlet client===
 +
*This use case is valid for options 1, 2, 5
 +
===Use Case 2: Application managed Persistence Unit injected on Servlet client===
 +
*This use case is valid for options 1, 2, 3, 4, 5
 
====StackTrace====
 
====StackTrace====
 
====Logs====
 
====Logs====
== Analysis ==
+
==Analysis==
===Issues===
+
===<font color="green">Option 1: Replace signed ejb3-persistence.jar with an unsigned version from JBoss 5.1.0 community edition - valid</font>===
 +
====Server Configuration 1:====
 +
* replace 5.0.0 (ejb3-persistence.jar) with version from 5.1.0 (community edition) - both JPA 1.0 versions in '''common/lib'''
 +
*restart server, deploy EAR
 +
====Client Configuration 1:====
 +
* Client EAR runs out of the box using default HSQL TX datasource - https://bugs.eclipse.org/bugs/attachment.cgi?id=161810
 +
====Results 1:====
 +
*JPA 1.0 application runs fine
 +
<pre>
 +
12:01:41,308 INFO  [STDOUT] [EL Finest]: 2010-03-11 12:01:41.308--UnitOfWork(11747982)--Thread(Thread[http-127.0.0.1-8080-1,5,jboss])--Register the existing object org.eclipse.persistence.example.jpa.server.business.Cell@3324876( id: 2 state: null left: null right: null parent: HashSet@34627602 references: HashSet@34627602)
 +
</pre>
 +
 
 +
===<font color="red">Option 2: Ship signed eclipselink.jar - invalid</font>===
 +
*This option has us sign our eclipselink.jar with jarsigner - however we do not have access to the private keys used to sign the JBoss libraries so this is currently not feasible.
 +
====Server Configuration 2:====
 +
====Client Configuration 2:====
 +
====Results 2: ====
 +
===<font color="orange">Option 3: Global Shared Library - Server level scope - verifying</font>===
 +
*In this option we create a global shared library on the server or in a jar-only EAR that is accessible to all server applications.
 +
*This shared library must override the '''common/lib/ejb3-persistence.jar'''.
 +
====Server Configuration 3:====
 +
=====Shared Library on EAR/lib=====
 +
*Add EAR/lib/eclipselink.jar and EAR/lib/javax.persistence_2.0.0.v201002051058.jar
 +
*Reference these two jars in the '''war/src/META-INF/manifest.MF
 +
**Class-Path: javax.persistence_2.0.0.v201002051058.jar eclipselink.jar
 +
*Getting CCE because the ejb3.persistence.jar on the server is taking precedence by default over the specification jar shipped with the EAR
 +
**java.lang.ClassCastException: org.eclipse.persistence.jpa.PersistenceProvider cannot be cast to javax.persistence.spi.PersistenceProvider
 +
*Solution would be a similar override as for ''WebLogic'' via '''<pre><wls:prefer-application-packages></pre>'''
 +
 
 +
====Client Configuration 3:====
 +
*One of
 +
**jboss-app.xml
 +
**EAR/lib
 +
**application.xml
 +
 
 +
====Results 3:====
 +
 
 +
===<font color="orange">Option 4: Application Shared Library - Local EAR level scope - verifying</font>===
 +
====Server Configuration 4:====
 +
====Client Configuration 4:====
 +
====Results 4:====
 +
===Option 5: Generate an eclipselink jar with the JPA 2.0 dependencies removed===
 +
====Server Configuration 5:====
 +
====Client Configuration 5:====
 +
====Results 5:====
 +
 
 
== Open Issues ==
 
== Open Issues ==
 
{|{{BMTableStyle}}
 
{|{{BMTableStyle}}

Revision as of 08:44, 12 March 2010

Contents

Bug Analysis Document: 305331: EclipseLink deployment on JBoss EAP 5.0.0 GA using signed JPA 1.0 ejb3-persistence.jar

Document History

Date Author Version Description & Notes
20100312 Michael O'Brien 1.0 Initial investigation of solution scenarios

Status

  • In progress 20100311 for options 3,4 and 5.
  • Currently recommending Option 1 - until options 3,4 and 5 are validated

Overview

  • The EAP 5.0.0 GA version of the JBoss Application Server ships with signed library jars. This presents a problem for users of EclipseLink that place our unsigned implementation jar eclipselink.jar beside the JPA 1.0 javax specification jar - ejb3-persistence.jar in the common/lib library folder off the server. On deploymehnt in EAP 5.0.0 GA we receive a Security Exception because of the difference in security levels.
  • The Community Edition of JBoss 5.1.0 and 6.0.0 M1 do not have these issues because their library jars are unsigned.
  • This document details several possible solutions to this signed jar issue and recommends the best approach.
  • JBoss JIRA JBPAPP-2971 is encountering the same issue with cglib.jar - one of the alternatives for this JIRA are the same as Option 1

Concepts

JPA Specification Notes

JPA 1.0 Specification

JPA 2.0 Specification

Reproduction

Results: unsigned/signed conflict SecurityException - expected

Logs:

2010-03-11 11:10:08,988 INFO  [org.jboss.bootstrap.microcontainer.ServerImpl] (main) JBoss (Microcontainer) [5.0.0.GA (build: SVNTag=JBPAPP_5_0_0_GA
date=200910202128)] Started in 1m:3s:180ms
2010-03-11 11:10:47,698 INFO [org.jboss.ejb3.deployers.Ejb3DependenciesDeployer] (HDScanner) Encountered deployment
AbstractVFSDeploymentContext@26267218{vfszip:/C:/opt/jboss-eap-5.0/jboss-as/server/default/deploy/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEAR.ear/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB.jar/}
2010-03-11 11:10:48,059 INFO [org.jboss.jpa.deployment.PersistenceUnitDeployment] (HDScanner) Starting persistence unit
persistence.unit:unitName=org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEAR.ear/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB.jar#example
2010-03-11 11:10:48,069 WARN [org.jboss.detailed.classloader.ClassLoaderManager] (HDScanner) Unexpected error during load of:javax.persistence.spi.ProviderUtil java.lang.SecurityException:  lass "javax.persistence.spi.ProviderUtil"'s signer information does not match signer information of other classes in the
same package
    at java.lang.ClassLoader.checkCerts(ClassLoader.java:769)
...
    at
org.jboss.jpa.deployment.PersistenceUnitDeployment.start(PersistenceUnitDeployment.java:285)
>and resultant secondary exception CNFE because the signed JPA 1.0 specification class was not loaded 2010-03-11 11:10:48,069 ERROR
[org.jboss.kernel.plugins.dependency.AbstractKernelController] (HDScanner) Error installing to Start:
name=persistence.unit:unitName=org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEAR.ear/org.eclipse.persistence.example.jpa.server.jboss.EnterpriseEJB.jar#example
state=Create
java.lang.NoClassDefFoundError: javax/persistence/spi/ProviderUtil
Caused by: java.lang.ClassNotFoundException: Unexpected error during load of: javax.persistence.spi.ProviderUtil, msg=class
"javax.persistence.spi.ProviderUtil"'s signer information does not match signer information of other classes in the same package

Prerequisites

Data Model

Use Case 1: Container managed Persistence Unit injected on a Stateless Session Bean invoked via a Servlet client

  • This use case is valid for options 1, 2, 5

Use Case 2: Application managed Persistence Unit injected on Servlet client

  • This use case is valid for options 1, 2, 3, 4, 5

StackTrace

Logs

Analysis

Option 1: Replace signed ejb3-persistence.jar with an unsigned version from JBoss 5.1.0 community edition - valid

Server Configuration 1:

  • replace 5.0.0 (ejb3-persistence.jar) with version from 5.1.0 (community edition) - both JPA 1.0 versions in common/lib
  • restart server, deploy EAR

Client Configuration 1:

Results 1:

  • JPA 1.0 application runs fine
12:01:41,308 INFO  [STDOUT] [EL Finest]: 2010-03-11 12:01:41.308--UnitOfWork(11747982)--Thread(Thread[http-127.0.0.1-8080-1,5,jboss])--Register the existing object org.eclipse.persistence.example.jpa.server.business.Cell@3324876( id: 2 state: null left: null right: null parent: HashSet@34627602 references: HashSet@34627602)

Option 2: Ship signed eclipselink.jar - invalid

  • This option has us sign our eclipselink.jar with jarsigner - however we do not have access to the private keys used to sign the JBoss libraries so this is currently not feasible.

Server Configuration 2:

Client Configuration 2:

Results 2:

Option 3: Global Shared Library - Server level scope - verifying

  • In this option we create a global shared library on the server or in a jar-only EAR that is accessible to all server applications.
  • This shared library must override the common/lib/ejb3-persistence.jar.

Server Configuration 3:

Shared Library on EAR/lib
  • Add EAR/lib/eclipselink.jar and EAR/lib/javax.persistence_2.0.0.v201002051058.jar
  • Reference these two jars in the war/src/META-INF/manifest.MF
    • Class-Path: javax.persistence_2.0.0.v201002051058.jar eclipselink.jar
  • Getting CCE because the ejb3.persistence.jar on the server is taking precedence by default over the specification jar shipped with the EAR
    • java.lang.ClassCastException: org.eclipse.persistence.jpa.PersistenceProvider cannot be cast to javax.persistence.spi.PersistenceProvider
  • Solution would be a similar override as for WebLogic via
    <wls:prefer-application-packages>

Client Configuration 3:

  • One of
    • jboss-app.xml
    • EAR/lib
    • application.xml

Results 3:

Option 4: Application Shared Library - Local EAR level scope - verifying

Server Configuration 4:

Client Configuration 4:

Results 4:

Option 5: Generate an eclipselink jar with the JPA 2.0 dependencies removed

Server Configuration 5:

Client Configuration 5:

Results 5:

Open Issues

Issue # Owner Description / Notes
I1 mobrien -

Decisions

Issue # Description / Notes Decision

Future Considerations

References