Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Difference between revisions of "EclipseLink/Bugs/305331"

m (New page: = Bug Analysis Document: 305331: EclipseLink deployment on JBoss EAP 5.0.0 GA using signed JPA 1.0 ejb3-persistence.jar= * [http://bugs.eclipse.org/305331 Bugzilla Bug 305331 Unsigned ecl...)
 
m (Bug Analysis Document: 305331: EclipseLink deployment on JBoss EAP 5.0.0 GA using signed JPA 1.0 ejb3-persistence.jar)
(9 intermediate revisions by the same user not shown)
Line 15: Line 15:
  
 
== Status ==
 
== Status ==
 +
*In progress 20100311
 
== Overview ==
 
== Overview ==
 +
*The EAP 5.0.0 GA version of the JBoss Application Server ships with signed library jars.  This presents a problem for users of EclipseLink that place our unsigned implementation jar '''eclipselink.jar''' beside the JPA 1.0 ''javax specification'' jar - '''ejb3-persistence.jar''' in the '''common/lib''' library folder off the server.  On deploymehnt in EAP 5.0.0 GA we receive a '''Security Exception''' because of the difference in security levels.
 +
*The Community Edition of JBoss 5.1.0 and 6.0.0 M1 do not have these issues because their library jars are unsigned.
 +
*This document details several possible solutions to this ''signed jar'' issue and recommends the best approach.
 
== Concepts ==
 
== Concepts ==
 
===JPA Specification Notes===
 
===JPA Specification Notes===
Line 23: Line 27:
 
===Prerequisites===
 
===Prerequisites===
 
===Data Model===
 
===Data Model===
 +
*The testing models for reproduction are based off of the [http://wiki.eclipse.org/EclipseLink/Examples/JPA/JBoss_Web_Tutorial JBoss server example] in the SVN trunk.
 +
 
===Use Case 1: ===
 
===Use Case 1: ===
 
====StackTrace====
 
====StackTrace====
 
====Logs====
 
====Logs====
== Analysis ==
+
==Analysis==
===Issues===
+
===<font color="green">Option 1: Replace signed ejb3-persistence.jar with an unsigned version from JBoss 5.1.0 community edition - valid</font>===
 +
====Server Configuration 1:====
 +
====Client Configuration 1:====
 +
====Results 1:====
 +
===<font color="red">Option 2: Ship signed eclipselink.jar - invalid</font>===
 +
*This option has us sign our eclipselink.jar with jarsigner - however we do not have access to the private keys used to sign the JBoss libraries so this is currently not feasible.
 +
====Server Configuration 2:====
 +
====Client Configuration 2:====
 +
====Results 2: ====
 +
===<font color="orange">Option 3: Global Shared Library - Server level scope - verifying</font>===
 +
*In this option we create a global shared library on the server or in a jar-only EAR that is accessible to all server applications.
 +
*This shared library must override the '''common/lib/ejb3-persistence.jar'''.
 +
====Server Configuration 3:====
 +
====Client Configuration 3:====
 +
====Results 3:====
 +
===<font color="orange">Option 4: Application Shared Library - Local EAR level scope - verifying</font>===
 +
====Server Configuration 4:====
 +
====Client Configuration 4:====
 +
====Results 4:====
 +
===Option 5: Generate an eclipselink jar with the JPA 2.0 dependencies removed===
 +
====Server Configuration 5:====
 +
====Client Configuration 5:====
 +
====Results 5:====
 +
 
 
== Open Issues ==
 
== Open Issues ==
 
{|{{BMTableStyle}}
 
{|{{BMTableStyle}}

Revision as of 11:54, 12 March 2010

Bug Analysis Document: 305331: EclipseLink deployment on JBoss EAP 5.0.0 GA using signed JPA 1.0 ejb3-persistence.jar

Document History

Date Author Version Description & Notes
20100312 Michael O'Brien 1.0 Initial investigation of solution scenarios

Status

  • In progress 20100311

Overview

  • The EAP 5.0.0 GA version of the JBoss Application Server ships with signed library jars. This presents a problem for users of EclipseLink that place our unsigned implementation jar eclipselink.jar beside the JPA 1.0 javax specification jar - ejb3-persistence.jar in the common/lib library folder off the server. On deploymehnt in EAP 5.0.0 GA we receive a Security Exception because of the difference in security levels.
  • The Community Edition of JBoss 5.1.0 and 6.0.0 M1 do not have these issues because their library jars are unsigned.
  • This document details several possible solutions to this signed jar issue and recommends the best approach.

Concepts

JPA Specification Notes

JPA 1.0 Specification

JPA 2.0 Specification

Reproduction

Prerequisites

Data Model

Use Case 1:

StackTrace

Logs

Analysis

Option 1: Replace signed ejb3-persistence.jar with an unsigned version from JBoss 5.1.0 community edition - valid

Server Configuration 1:

Client Configuration 1:

Results 1:

Option 2: Ship signed eclipselink.jar - invalid

  • This option has us sign our eclipselink.jar with jarsigner - however we do not have access to the private keys used to sign the JBoss libraries so this is currently not feasible.

Server Configuration 2:

Client Configuration 2:

Results 2:

Option 3: Global Shared Library - Server level scope - verifying

  • In this option we create a global shared library on the server or in a jar-only EAR that is accessible to all server applications.
  • This shared library must override the common/lib/ejb3-persistence.jar.

Server Configuration 3:

Client Configuration 3:

Results 3:

Option 4: Application Shared Library - Local EAR level scope - verifying

Server Configuration 4:

Client Configuration 4:

Results 4:

Option 5: Generate an eclipselink jar with the JPA 2.0 dependencies removed

Server Configuration 5:

Client Configuration 5:

Results 5:

Open Issues

Issue # Owner Description / Notes
I1 mobrien -

Decisions

Issue # Description / Notes Decision

Future Considerations

References

Retrieved from "https://wiki.eclipse.org/index.php?title=EclipseLink/Bugs/305331&oldid=192235"

Back to the top