Java SecurityException signer information does not match

Question

I recompiled my classes as usual  and suddenly got the following error message  Why  How can I fix it   java lang SecurityException  class  Chinese English Dictionary  s signer information does not match signer information of other classes in the same package     at java lang ClassLoader checkCerts ClassLoader java 776

User · Answer

This also happens if you include one file with different names or from different locations twice  especially if these are two different versions of the same file

User · Answer

A bit too old thread but since I was stuck for quite some time on this  here s the fix  hope it helps someone   My scenario   The package name is   com abc def  There are 2 jar files which contain classes from this package say jar1 and jar2 i e  some classes are present in jar1 and others in jar2  These jar files are signed using the same keystore but at different times in the build  i e  separately   That seems to result into different signature for the files in jar1 and jar2   I put all the files in jar1 and built  and signed  them all together  The problem goes away    PS  The package names and jar file names are only examples

User · Answer

I could fix it   Root Cause  This is a common issue when using the Sun JAXB implementation with signed jars  Essentially the JAXB implementation is trying to avoid reflection by generating a class to directly access the properties without using reflection  Unfortunately  it generates this new class in the same package as the class being accessed which is where this error comes from   Resolution  Add the following system property to disable the JAXB optimizations that are not compatible with signed jars  -Dcom sun xml bind v2 bytecode ClassTailor noOptimize true  Ref  https   access redhat com site solutions 42149

User · Answer

If you added all the jars from bouncycastle org  in my case from crypto-159 zip   just remove the ones for the JDKs that do not apply to you  There are redundancies  You probably only need the  jdk15on  jars

User · Answer

I was running JUNIT 5 and was also referencing Hamcrest external jar  But Hamcrest is also part of JUNIT 5 library  So  I have to change the order of external Hamecrest jar file up the JUNIT 5 library in build path

User · Answer

This question has lasted for a long time but I want to pitch in something  I have been working on a Spring project challenge and I discovered that in Eclipse IDE  If you are using Maven or Gradle for Spring Boot Rest APIs  you have to remove the Junit 4 or 5 in the build path and include Junit in your pom xml or Gradle build file  I guess that applies to yml configuration file too

User · Answer

this happened to me when  using JUnit   rest assured   hamcrest   in this case  dont add junit to build path  if you have the maven project  this resolved me  below is the pom xml    lt dependencies gt        lt dependency gt           lt groupId gt io rest-assured lt  groupId gt           lt artifactId gt rest-assured lt  artifactId gt           lt version gt 3 0 0 lt  version gt       lt  dependency gt        lt dependency gt           lt groupId gt org hamcrest lt  groupId gt           lt artifactId gt hamcrest-all lt  artifactId gt           lt version gt 1 3 lt  version gt       lt  dependency gt         lt  -- https   mvnrepository com artifact junit junit -- gt       lt dependency gt           lt groupId gt junit lt  groupId gt           lt artifactId gt junit lt  artifactId gt           lt version gt 4 12 lt  version gt        lt  dependency gt     lt  dependencies gt

User · Answer

A simple way around it is just try changing the order of your imported jar files which can be done from  Eclipse   Right click on your package -  Build Path -  Configure build path -  References and Libraries -  Order and Export  Try changing the order of jars which contain signature files

User · Answer

In my case  I had duplicated JAR version of BouncyCastle in my library path  S

User · Answer

In my case it was a package name conflict  Current project and signed referenced library had one package in common package foo utils  Just changed the current project error-prone package name to something else

User · Answer

After sign  access  dist lib Find extra  jar Using Winrar  You extract for a folder  extract to  folder name   option Access  META-INF MANIFEST MF Delete each signature like that    Name  net sf jasperreports engine util xml JaxenXPathExecuterFactory c  lass SHA-256-Digest  q3B5wW hLX  lP2 L0 6wRVXRHq1mISBo1dkixT6Vxc    Save the file Zip again Renaime ext to  jar back Already

User · Answer

Based on  Mohit Phougat response  if you are running a Groovy with  Grab annotations  you could try to re-order such annotations

User · Answer

I had a similar exception    java lang SecurityException  class  org hamcrest Matchers  s signer information does not match signer information of other classes in the same package   The root problem was that I included the Hamcrest library twice  Once using Maven pom file  And I also added the JUnit 4 library  which also contains a Hamcrest library  to the project s build path  I simply had to remove JUnit from the build path and everything was fine

User · Answer

I am having this problem with Eclipse and JUnit 5  My solution is inspired by the previous answer by user2066936 It is to reconfig the ordering of the import libraries    Right click the project  Open  Java Build Path   Click Order and Export  Then push JUNIT to upper priority

User · Answer

If you re running it in Eclipse  check the jars of any projects added to the build path  or do control-shift-T and scan for multiple jars matching the same namespace  Then remove redundant or outdated jars from the project s build path

User · Answer

A  If you use maven  an useful way to debug clashing jars is   mvn dependency tree   For example  for an exception   java lang SecurityException  class  javax servlet HttpConstraintElement  s signer information does not match signer information of other classes in the same package   we do   mvn dependency tree grep servlet   Its output    INFO   - javax servlet servlet-api jar 2 5 compile  INFO   - javax servlet jstl jar 1 2 compile  INFO      - org eclipse jetty orbit javax servlet jsp jar 2 2 0 v201112011158 compile  INFO      - org eclipse jetty orbit javax servlet jsp jstl jar 1 2 0 v201105211821 compile  INFO      - org eclipse jetty orbit javax servlet jar 3 0 0 v201112011016 compile  INFO   - org eclipse jetty jetty-servlet jar 9 0 0 RC2 compile   shows clashing servlet-api 2 5 and javax servlet 3 0 0 x   B  Other useful hints  how to debug the security exception and how to exclude maven deps  are at the question at Signer information does not match

User · Answer

This happens when classes belonging to the same package are loaded from different JAR files  and those JAR files have signatures signed with different certificates - or  perhaps more often  at least one is signed and one or more others are not  which includes classes loaded from directories since those AFAIK cannot be signed    So either make sure all JARs  or at least those which contain classes from the same packages  are signed using the same certificate  or remove the signatures from the manifest of JAR files with overlapping packages

User · Answer

This can occur with the cglib-instrumented proxies because CGLIB uses his own signer information instead of the signer information of the application target class

[java] Java SecurityException: signer information does not match

Examples related to java

Examples related to certificate

Examples related to securityexception