tags:

views:

211

answers:

2
Q: 

Ignore jar signing in a web service?

Hello,

We have some legacy JAR files from a vendor that were previously distributed as an applet, but we'd now like to simplify as a web service.

While the code works when I run it natively within my Eclipse IDE, it fails when I attempt to call it from a web service client after exporting it as a WAR and deploying it on JBoss (5.0.1). The errors I'm getting are security related ("The jar file is not signed" and "WEB-INF/lib/****.jar is not signed by the specified signer.", depending on what modifications I make). Is there anyway for me to tell my application server to ignore JAR signing for this project?

A: 

Why not sign the jars instead?

toolkit  2009-10-13 21:00:51
When I sign the jars, it doesn't seem to make any difference. If I don't sign the WAR I get "ERROR [STDERR] Login failed: Self-Integrity Check FAILED: java.lang.SecurityException: The jar file is not signed" (regardless if the JARs are signed or not) and if I do sign the WAR I get "ERROR [STDERR] Login failed: Self-Integrity Check FAILED: java.lang.SecurityException: WEB-INF/lib/enthttp.jar is not signed by the specified signer." (regardless if the JARs are signed or not)
Neil McF  2009-10-14 14:33:51
A: 

My guess is that your jar has been signed (when it was distributed as an applet) and contains some garbage in META-INF. Remove *.SF, *.RSA, *.DSA from META-INF to "unsign" the jar if not needed.

Pascal Thivent  2009-10-13 21:13:16
I've tried removing the files from the META-INF, but when I do so I get a "Self-Integrity Check FAILED: java.lang.SecurityException: The jar file is not signed" error.
Neil McF  2009-10-14 14:31:48
What happens if you also delete the signing checksums from the manifest file (i.e. each "Name" and "SHA1-Digest" fields from META-INF/MANIFEST.MF)?
Pascal Thivent  2009-10-14 17:14:40
Actually, I don't understand why you would have to sign this jar. What it this jar doing exactly? Does it contain code doing some kind of voodoo classloader magic?
Pascal Thivent  2009-10-14 17:18:52

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?