Birt Runtime maven artifact issue
Asked Answered
L

3

14

I want to use Birt Api library im my project so I included rg.eclipse.birt.runtime 4.5 maven dependency into my project

<dependency>
        <groupId>org.eclipse.birt.runtime</groupId>
        <artifactId>org.eclipse.birt.runtime</artifactId>
        <version>4.5.0</version>
        <exclusions>
            <exclusion>
                <groupId>org.eclipse.birt.runtime</groupId>
                <artifactId>org.eclipse.osgi</artifactId>
            </exclusion>
        </exclusions>
    </dependency>
    <dependency>
        <groupId>org.eclipse.tycho</groupId>
        <artifactId>org.eclipse.osgi</artifactId>
        <version>3.10.100.v20150529-1857</version>
    </dependency>

When I want to execute my report I got below stack trace error caused by "org.eclipse.core.runtime.IExtensionRegistry"'s signer information does not match signer information of other classes in the same package. Previously I used the same library Birt Runtime 4.5 but manually downloaded and attached to my project and the report was generated successfully.

org.eclipse.birt.core.exception.BirtException: error.CannotStartupOSGIPlatform
    at org.eclipse.birt.core.framework.Platform.startup(Platform.java:81)
    at org.report.birt.service.BirtApi.getReport(BirtApi.java:33)
    at org.report.birt.endpoint.BirtEndPoint.handleRequest(BirtEndPoint.java:49)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.springframework.ws.server.endpoint.MethodEndpoint.invoke(MethodEndpoint.java:134)
    at org.springframework.ws.server.endpoint.adapter.DefaultMethodEndpointAdapter.invokeInternal(DefaultMethodEndpointAdapter.java:291)
    at org.springframework.ws.server.endpoint.adapter.AbstractMethodEndpointAdapter.invoke(AbstractMethodEndpointAdapter.java:55)
    at org.springframework.ws.server.MessageDispatcher.dispatch(MessageDispatcher.java:236)
    at org.springframework.ws.server.MessageDispatcher.receive(MessageDispatcher.java:176)
    at org.springframework.ws.transport.support.WebServiceMessageReceiverObjectSupport.handleConnection(WebServiceMessageReceiverObjectSupport.java:89)
    at org.springframework.ws.transport.http.WebServiceMessageReceiverHandlerAdapter.handle(WebServiceMessageReceiverHandlerAdapter.java:61)
    at org.springframework.ws.transport.http.MessageDispatcherServlet.doService(MessageDispatcherServlet.java:293)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:961)
    at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:863)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:837)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.SecurityException: class "org.eclipse.core.runtime.IExtensionRegistry"'s signer information does not match signer information of other classes in the same package
    at java.lang.ClassLoader.checkCerts(ClassLoader.java:952)
    at java.lang.ClassLoader.preDefineClass(ClassLoader.java:666)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:794)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
    at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
    at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
    at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:1190)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1681)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559)
    at java.lang.ClassLoader.defineClass1(Native Method)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:800)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
    at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
    at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
    at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:1190)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1681)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559)
    at org.eclipse.birt.core.framework.jar.ServicePlatform.<init>(ServicePlatform.java:46)
    at org.eclipse.birt.core.framework.jar.ServiceLauncher.startup(ServiceLauncher.java:46)
    at org.eclipse.birt.core.framework.Platform.startup(Platform.java:75)
    ... 35 more
Luminous answered 16/11, 2015 at 9:49 Comment(4)
What version of org.eclipse.osgi would have been used by the birt runtime if it wasn't excluded? Might the signer info changed between this and the actually used bundle from group org.eclipse.tycho?Anamorphosis
If it wasn't excluded then maven would use the same version (3.10.100.v20150529-1857) of org.eclipse.osgi but in that case I got message that this artifact is not present at my local repository so It seems there is some problem with org.eclipse.birt.runtime artifact itself. The same issue is described here: developer.actuate.com/community/forum/index.php?/topic/… .Finally I changed the artifact version to 4.4.1 and it works now.Luminous
I have exactly the same issue. It's amazing it's not still solved.Nevus
So which jar file exactly has been singed? Maybe this could help confirm the issue docs.oracle.com/javase/tutorial/deployment/jar/verify.htmlTenpin
M
3

org.eclipse.birt.runtime-4.5.0 available on Maven Central Repository depends on JARs signed with both an old and a new version of Eclipse certificate, but these JARs contains classes from the same package (in this case org.eclipse.core.runtime). When loading classes from both JARs, the JVM throws such SecurityException because of this signature inconsistency.

For instance this can be put into evidence with org.eclipse.equinox.common-3.6.200.v20130402-1505.jar and org.eclipse.equinox.registry-3.6.0.v20150318-1503.jar, both dependencies of org.eclipse.birt.runtime-4.5.0 containing classes in org.eclipse.core.runtime package. Versions available on the Central Maven Repository are signed with different certificates, as shown by jarsigner -verify -verbose -certs xxx.jar:

//org.eclipse.equinox.common-3.6.200.v20130402-1505.jar
[entry was signed on 09/04/13 15:24]
X.509, CN="Eclipse.org Foundation, Inc.", OU=IT, O="Eclipse.org Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA

//org.eclipse.equinox.registry-3.6.0.v20150318-1503.jar
[entry was signed on 18/03/15 18:14]
X.509, CN="Eclipse Foundation, Inc.", OU=IT, O="Eclipse Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA

Hence the SecurityException when trying to load classes from both JARs. You can:

  • Use version 4.6.0-20160607 with Maven instead
  • Manually download and attach version 4.5.0 from the official website which is packaged with JARs signed with a recent certificate version

Side note: Problem can be reproduced by creating a Maven project with the following dependency:

    <dependency>
        <groupId>org.eclipse.birt.runtime</groupId>
        <artifactId>org.eclipse.birt.runtime</artifactId>
        <version>4.5.0</version>
        <exclusions>
            <exclusion>
                <groupId>org.eclipse.birt.runtime</groupId>
                <artifactId>org.eclipse.osgi</artifactId>
            </exclusion>
        </exclusions>
    </dependency>

And running a code which will load classes contained in JARs signed with different certificates such as the one cited above, for example:

Class.forName("org.eclipse.core.runtime.Assert").getResource("Assert.class");
Class.forName("org.eclipse.core.runtime.IExtensionRegistry").getResource("IExtensionRegistry.class");

will result in a similar SecurityException when using version 4.5.0 but not with version 4.6.0-20160607.

Another note: There is a similar issue with version 4.2.0 M7.

Merocrine answered 11/12, 2017 at 13:58 Comment(0)
K
1

I have got 2 solutions. Please check

First:

Use dependency version 4.5.0a instead of 4.5

<dependency>
<groupId>org.eclipse.birt.runtime</groupId>
<artifactId>org.eclipse.birt.runtime</artifactId>
<version>4.5.0a</version>
</dependency>

Resource Link: https://communities.opentext.com/forums/discussion/comment/217265/#Comment_217265

Second:

Full tutorial is given by step by step here:

http://wiki.eclipse.org/BirtPOJO_Viewer_WebSphere_Deployment

Kentiga answered 11/12, 2017 at 13:59 Comment(1)
the opentext guys need to update their official dependency to 4.8Wattmeter
M
0

I also faced the same issue for "org.eclipse.core.runtime.IExtensionRegistry" and in my maven project that class was coming from "registry-3.5.400-v20140428-1507.jar". Mention jar was supposed to load from "org.eclipse.birt.runtime-4.4.1.jar" but was loaded from other maven dependency which was signed by different certificates. So to resolve this issue I followed below steps.

  1. Search the jar from which "IExtensionRegistry" was loaded and it was from "registry-3.5.400-v20140428-1507.jar" in my case.
  2. As Maven will always load the JAR on class path based on first come first serve basis.
  3. So if you are using maven project then insure that jar must be loaded on class path from it's parent jar "org.eclipse.birt.runtime-4.4.1.jar" so that there will be no certificate miss match issue.
  4. If it is still loading from other parent dependency then add "registry-3.5.400-v20140428-1507.jar" dependency into your pom.xml from maven "https://mvnrepository.com/artifact/org.eclipse.equinox/registry" with correct version and also make sure to put this dependency before that other parent dependency from which it was loading and creating this issue.
Mollie answered 18/9, 2018 at 19:15 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.