Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "EclipseLink/Bugs/305331"
< EclipseLink | Bugs
m (New page: = Bug Analysis Document: 305331: EclipseLink deployment on JBoss EAP 5.0.0 GA using signed JPA 1.0 ejb3-persistence.jar= * [http://bugs.eclipse.org/305331 Bugzilla Bug 305331 Unsigned ecl...) |
m (→Bug Analysis Document: 305331: EclipseLink deployment on JBoss EAP 5.0.0 GA using signed JPA 1.0 ejb3-persistence.jar) |
||
(9 intermediate revisions by the same user not shown) | |||
Line 15: | Line 15: | ||
== Status == | == Status == | ||
+ | *In progress 20100311 | ||
== Overview == | == Overview == | ||
+ | *The EAP 5.0.0 GA version of the JBoss Application Server ships with signed library jars. This presents a problem for users of EclipseLink that place our unsigned implementation jar '''eclipselink.jar''' beside the JPA 1.0 ''javax specification'' jar - '''ejb3-persistence.jar''' in the '''common/lib''' library folder off the server. On deploymehnt in EAP 5.0.0 GA we receive a '''Security Exception''' because of the difference in security levels. | ||
+ | *The Community Edition of JBoss 5.1.0 and 6.0.0 M1 do not have these issues because their library jars are unsigned. | ||
+ | *This document details several possible solutions to this ''signed jar'' issue and recommends the best approach. | ||
== Concepts == | == Concepts == | ||
===JPA Specification Notes=== | ===JPA Specification Notes=== | ||
Line 23: | Line 27: | ||
===Prerequisites=== | ===Prerequisites=== | ||
===Data Model=== | ===Data Model=== | ||
+ | *The testing models for reproduction are based off of the [http://wiki.eclipse.org/EclipseLink/Examples/JPA/JBoss_Web_Tutorial JBoss server example] in the SVN trunk. | ||
+ | |||
===Use Case 1: === | ===Use Case 1: === | ||
====StackTrace==== | ====StackTrace==== | ||
====Logs==== | ====Logs==== | ||
− | == Analysis == | + | ==Analysis== |
− | === | + | ===<font color="green">Option 1: Replace signed ejb3-persistence.jar with an unsigned version from JBoss 5.1.0 community edition - valid</font>=== |
+ | ====Server Configuration 1:==== | ||
+ | ====Client Configuration 1:==== | ||
+ | ====Results 1:==== | ||
+ | ===<font color="red">Option 2: Ship signed eclipselink.jar - invalid</font>=== | ||
+ | *This option has us sign our eclipselink.jar with jarsigner - however we do not have access to the private keys used to sign the JBoss libraries so this is currently not feasible. | ||
+ | ====Server Configuration 2:==== | ||
+ | ====Client Configuration 2:==== | ||
+ | ====Results 2: ==== | ||
+ | ===<font color="orange">Option 3: Global Shared Library - Server level scope - verifying</font>=== | ||
+ | *In this option we create a global shared library on the server or in a jar-only EAR that is accessible to all server applications. | ||
+ | *This shared library must override the '''common/lib/ejb3-persistence.jar'''. | ||
+ | ====Server Configuration 3:==== | ||
+ | ====Client Configuration 3:==== | ||
+ | ====Results 3:==== | ||
+ | ===<font color="orange">Option 4: Application Shared Library - Local EAR level scope - verifying</font>=== | ||
+ | ====Server Configuration 4:==== | ||
+ | ====Client Configuration 4:==== | ||
+ | ====Results 4:==== | ||
+ | ===Option 5: Generate an eclipselink jar with the JPA 2.0 dependencies removed=== | ||
+ | ====Server Configuration 5:==== | ||
+ | ====Client Configuration 5:==== | ||
+ | ====Results 5:==== | ||
+ | |||
== Open Issues == | == Open Issues == | ||
{|{{BMTableStyle}} | {|{{BMTableStyle}} |
Revision as of 11:54, 12 March 2010
Contents
- 1 Bug Analysis Document: 305331: EclipseLink deployment on JBoss EAP 5.0.0 GA using signed JPA 1.0 ejb3-persistence.jar
- 1.1 Document History
- 1.2 Status
- 1.3 Overview
- 1.4 Concepts
- 1.5 Reproduction
- 1.6 Analysis
- 1.6.1 Option 1: Replace signed ejb3-persistence.jar with an unsigned version from JBoss 5.1.0 community edition - valid
- 1.6.2 Option 2: Ship signed eclipselink.jar - invalid
- 1.6.3 Option 3: Global Shared Library - Server level scope - verifying
- 1.6.4 Option 4: Application Shared Library - Local EAR level scope - verifying
- 1.6.5 Option 5: Generate an eclipselink jar with the JPA 2.0 dependencies removed
- 1.7 Open Issues
- 1.8 Decisions
- 1.9 Future Considerations
- 1.10 References
Bug Analysis Document: 305331: EclipseLink deployment on JBoss EAP 5.0.0 GA using signed JPA 1.0 ejb3-persistence.jar
Document History
Date | Author | Version Description & Notes |
---|---|---|
20100312 | Michael O'Brien | 1.0 Initial investigation of solution scenarios |
Status
- In progress 20100311
Overview
- The EAP 5.0.0 GA version of the JBoss Application Server ships with signed library jars. This presents a problem for users of EclipseLink that place our unsigned implementation jar eclipselink.jar beside the JPA 1.0 javax specification jar - ejb3-persistence.jar in the common/lib library folder off the server. On deploymehnt in EAP 5.0.0 GA we receive a Security Exception because of the difference in security levels.
- The Community Edition of JBoss 5.1.0 and 6.0.0 M1 do not have these issues because their library jars are unsigned.
- This document details several possible solutions to this signed jar issue and recommends the best approach.
Concepts
JPA Specification Notes
JPA 1.0 Specification
JPA 2.0 Specification
Reproduction
Prerequisites
Data Model
- The testing models for reproduction are based off of the JBoss server example in the SVN trunk.
Use Case 1:
StackTrace
Logs
Analysis
Option 1: Replace signed ejb3-persistence.jar with an unsigned version from JBoss 5.1.0 community edition - valid
Server Configuration 1:
Client Configuration 1:
Results 1:
Option 2: Ship signed eclipselink.jar - invalid
- This option has us sign our eclipselink.jar with jarsigner - however we do not have access to the private keys used to sign the JBoss libraries so this is currently not feasible.
Server Configuration 2:
Client Configuration 2:
Results 2:
- In this option we create a global shared library on the server or in a jar-only EAR that is accessible to all server applications.
- This shared library must override the common/lib/ejb3-persistence.jar.
Server Configuration 3:
Client Configuration 3:
Results 3:
Server Configuration 4:
Client Configuration 4:
Results 4:
Option 5: Generate an eclipselink jar with the JPA 2.0 dependencies removed
Server Configuration 5:
Client Configuration 5:
Results 5:
Open Issues
Issue # | Owner | Description / Notes |
---|---|---|
I1 | mobrien | - |
Decisions
Issue # | Description / Notes | Decision |
---|---|---|