当运行由maven构建的具有以下依赖项的项目时:
When running a project built by maven with the following dependencies:
<dependency> <groupId>org.eclipse.persistence</groupId> <artifactId>javax.persistence</artifactId> <version>2.2.0</version> </dependency> <dependency> <groupId>org.eclipse.persistence</groupId> <artifactId>eclipselink</artifactId> <version>2.7.0</version> </dependency>我在运行时收到以下错误:
I get the following error at runtime:
java.lang.SecurityException: class "javax.persistence.Cacheable"'s signer information does not match signer information of other classes in the same packagejavax.persistence-2.2.0工件已签名并包含javax.persistence.Cacheable.class注释,而eclipselink-2.7.0工件不已签名,并且还包含相同的java类注释。
The javax.persistence-2.2.0 artifact is signed and contains the javax.persistence.Cacheable.class annotation, while the eclipselink-2.7.0 artifact is not signed and also contains the same java class annotation.
如何修复?
编辑
用版本2.1.1替换javax.persistence工件版本2.2.0修复了问题(这个一个没有签名),但我不确定这是正常情况。
Replacing the javax.persistence artifact version 2.2.0 by the version 2.1.1 fixes the problem (this one is not signed), but I'm not sure it's a normal situation.
推荐答案谢谢Stéphane - 最后的编辑你的问题帮助我修复了同样的问题。对于其他任何打过这个的人来说 - 这是一个扩展的答案。这就是你需要修复pom中的东西(直到Eclipse正确修复):
Thanks Stéphane - the edit at the end of your question helped me "fix" the same problem. For anyone else who hits this as well - here is an expanded answer. This is what you need to "fix" things in your pom (until Eclipse fix things properly):
<!-- See stackoverflow/q/45870753 --> <dependency> <groupId>org.eclipse.persistence</groupId> <artifactId>eclipselink</artifactId> <version>2.7.0</version> <exclusions> <exclusion> <groupId>org.eclipse.persistence</groupId> <artifactId>javax.persistence</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.eclipse.persistence</groupId> <artifactId>javax.persistence</artifactId> <version>2.1.1</version> </dependency>这会拉入 eclipselink 但不包括 javax.persistence 它试图引入的依赖项并将其替换为早期版本的 javax.persistence 签署问题。
This pulls in eclipselink but excludes the javax.persistence dependency that it tries to pull in and replaces it with an earlier version of javax.persistence that doesn't have the signing issue.
除此之外: javax.persistence 版本 2.2.0 。
Aside: javax.persistence version 2.2.0 is explicitly pulled in, in the pom fragment shown in the original question, despite already being a transitive dependency of eclipselink.
摘要 - eclipselink 工件取决于 javax .persistence 并且都包含包 javax.persistence 中的类。但是 javax.persistence jar是签名的,而 eclipselink 则不是。因此,当从 eclipselink jar中的包 javax.persistence 加载一个类时,Java运行时会抱怨它是缺少签名与已经从 javax.persistence jar中的同一个包加载的类不匹配。
Summary - the eclipselink artifact depends on javax.persistence and both contain classes that are in the package javax.persistence. However the javax.persistence jar is signed while the eclipselink one is not. So the Java runtime will complain, when loading a class from the package javax.persistence in the eclipselink jar, that it's lack of signing doesn't match with classes already loaded from the same package in the javax.persistence jar.
详细信息 - 如果我在 java.util.concurrent.ConcurrentHashMap.putIfAbsent(K,V)中放置一个断点,条件为javax.persistence.equals (arg0)然后我看到 javax.persistence 映射到以下 CodeSource 值:
Details - if I put a breakpoint in java.util.concurrent.ConcurrentHashMap.putIfAbsent(K, V) with condition "javax.persistence".equals(arg0) then I see that javax.persistence is mapped to the following CodeSource value:
(file:/Users/georgehawkins/.m2/repository/org/eclipse/persistence/javax.persistence/2.2.0/javax.persistence-2.2.0.jar [ [ Version: V3 Subject: CN="Eclipse Foundation, Inc.", OU=IT, O="Eclipse Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 ...即 javax.persistence-2.2。 0.jar 由Eclipse Foundation签名,包含 javax.persistence 包中的类。当我的应用程序的某些部分(实际上是Spring逻辑中的某些东西)试图加载 javax.persistence.EntityManagerFactory 时,这个jar就会被拉入。
I.e. javax.persistence-2.2.0.jar is signed by the Eclipse Foundation and contains classes in the package javax.persistence. This jar is pulled in when some part of my application (actually something deep in Spring logic) tries to load javax.persistence.EntityManagerFactory.
如果我在 java.lang.ClassLoader.checkCerts(String,CodeSource)上放一个断点,在上抛出新的SecurityException 第一行然后看到它在 CodeSource 中传递的时间点击这一行:
If I then put a breakpoint in java.lang.ClassLoader.checkCerts(String, CodeSource) on the throw new SecurityException line I then see that it hits this line when the passed in CodeSource is:
(file:/Users/georgehawkins/.m2/repository/org/eclipse/persistence/eclipselink/2.7.0/eclipselink-2.7.0.jar <no signer certificates>)即 eclipselink-2.7.0.jar 还包含 javax.persistence 包中的类但它是无符号的,所以a发生冲突会导致抛出 SecurityException 。当某些事情(也在Spring逻辑中很深)试图加载 javax.persistence.PersistenceUtil 时会发生这种情况。
I.e. eclipselink-2.7.0.jar also contain classes that are in the javax.persistence package but it is unsigned so a clash occurs that results in a SecurityException being thrown. This happens when something (also deep in Spring logic) tries to load javax.persistence.PersistenceUtil.
如果我看看 mvn依赖的输出:树我看到这个不匹配似乎是 eclipselink 本身 - 它是拉入 org.eclipse.persistence:javax.persistence:jar:2.2.0 本身。即它与其他一些依赖不是冲突:
If I look at the output of mvn dependency:tree I see that this mismatch seems to be down to eclipselink itself - it is pulling in org.eclipse.persistence:javax.persistence:jar:2.2.0 itself. I.e. it isn't some clash with some other dependency:
[INFO] | \- org.eclipse.persistence:eclipselink:jar:2.7.0:compile [INFO] | +- org.eclipse.persistence:javax.persistence:jar:2.2.0:compile [INFO] | +- org.eclipse.persistence:commonj.sdo:jar:2.1.1:compile [INFO] | +- javax.validation:validation-api:jar:1.1.0.Final:compile [INFO] | \- org.glassfish:javax.json:jar:1.0.4:compile我是现在登录到bugs.eclipse - 请参阅 525457 。
I've logged this now at bugs.eclipse - see bug 525457.
更多推荐
EclipseLink 2.7.0和JPA API 2.2.0
发布评论