getSigners() info is lost for signed jars when using the new loader implementation with requiresUnpack #38833
Comments
spring-projects-issues
added
the
status: waiting-for-triage
philwebb
changed the title
philwebb
added
type: regression
|
Thanks for the analysis @lburja. Hopefully fixed for the next release. |
ndwnu
pushed a commit
to ndwnu/nls-routing-map-matcher
that referenced
this issue
Apr 10, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [org.apache.maven.plugins:maven-surefire-plugin](https://maven.apache.org/surefire/) | build | patch | `3.2.2` -> `3.2.5` | | [org.apache.maven.plugins:maven-failsafe-plugin](https://maven.apache.org/surefire/) | build | patch | `3.2.2` -> `3.2.5` | | [org.springframework.boot:spring-boot-starter-parent](https://spring.io/projects/spring-boot) ([source](https://github.com/spring-projects/spring-boot)) | parent | patch | `3.2.0` -> `3.2.1` | --- ### Release Notes <details> <summary>spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-parent)</summary> ### [`v3.2.1`](https://github.com/spring-projects/spring-boot/releases/tag/v3.2.1) [Compare Source](spring-projects/spring-boot@v3.2.0...v3.2.1) #### 🐞 Bug Fixes - HibernateJpaAutoConfiguration should be applied before DataSourceTransactionManagerAutoConfiguration [#​38880](spring-projects/spring-boot#38880) - META-INF entries are duplicated under BOOT-INF/classes causing "Conflicting persistence unit definitions" error [#​38862](spring-projects/spring-boot#38862) - logging.include-application-name has no effect when using log4j2 [#​38847](spring-projects/spring-boot#38847) - Pulsar authentication param properties cause IllegalStateException with Pulsar Client 3.1.0 [#​38839](spring-projects/spring-boot#38839) - Child context created with SpringApplicationBuilder runs parents runners [#​38837](spring-projects/spring-boot#38837) - getSigners() info is lost for signed jars when using the new loader implementation with requiresUnpack [#​38833](spring-projects/spring-boot#38833) - TestContainers parallel initialization doesn't work properly [#​38831](spring-projects/spring-boot#38831) - Zip file closed exceptions can be thrown due to StaticResourceJars closing jars from cached connections [#​38770](spring-projects/spring-boot#38770) - Multi-byte filenames in zip files can cause an endless loop in ZipString.hash [#​38751](spring-projects/spring-boot#38751) - Gradle task "bootJar" fails with "Failed to get permissions" when using Gradle 8.6-milestone-1 [#​38741](spring-projects/spring-boot#38741) - Custom binding converters are ignored when working with collection types [#​38734](spring-projects/spring-boot#38734) - WebFlux and resource server auto-configuration may fail due to null authentication manager [#​38713](spring-projects/spring-boot#38713) - It is unclear that Docker Compose services have not been started as one or more is already run...
ndwlocatieservices
added a commit
to ndwnu/nls-routing-map-matcher
that referenced
this issue
Apr 16, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [org.apache.maven.plugins:maven-surefire-plugin](https://maven.apache.org/surefire/) | build | patch | `3.2.2` -> `3.2.5` | | [org.apache.maven.plugins:maven-failsafe-plugin](https://maven.apache.org/surefire/) | build | patch | `3.2.2` -> `3.2.5` | | [org.springframework.boot:spring-boot-starter-parent](https://spring.io/projects/spring-boot) ([source](https://github.com/spring-projects/spring-boot)) | parent | patch | `3.2.0` -> `3.2.1` | --- ### Release Notes <details> <summary>spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-parent)</summary> ### [`v3.2.1`](https://github.com/spring-projects/spring-boot/releases/tag/v3.2.1) [Compare Source](spring-projects/spring-boot@v3.2.0...v3.2.1) #### 🐞 Bug Fixes - HibernateJpaAutoConfiguration should be applied before DataSourceTransactionManagerAutoConfiguration [#​38880](spring-projects/spring-boot#38880) - META-INF entries are duplicated under BOOT-INF/classes causing "Conflicting persistence unit definitions" error [#​38862](spring-projects/spring-boot#38862) - logging.include-application-name has no effect when using log4j2 [#​38847](spring-projects/spring-boot#38847) - Pulsar authentication param properties cause IllegalStateException with Pulsar Client 3.1.0 [#​38839](spring-projects/spring-boot#38839) - Child context created with SpringApplicationBuilder runs parents runners [#​38837](spring-projects/spring-boot#38837) - getSigners() info is lost for signed jars when using the new loader implementation with requiresUnpack [#​38833](spring-projects/spring-boot#38833) - TestContainers parallel initialization doesn't work properly [#​38831](spring-projects/spring-boot#38831) - Zip file closed exceptions can be thrown due to StaticResourceJars closing jars from cached connections [#​38770](spring-projects/spring-boot#38770) - Multi-byte filenames in zip files can cause an endless loop in ZipString.hash [#​38751](spring-projects/spring-boot#38751) - Gradle task "bootJar" fails with "Failed to get permissions" when using Gradle 8.6-milestone-1 [#​38741](spring-projects/spring-boot#38741) - Custom binding converters are ignored when working with collection types [#​38734](spring-projects/spring-boot#38734) - WebFlux and resource server auto-configuration may fail due to null authentication manager [#​38713](spring-projects/spring-boot#38713) - It is unclear that Docker Compose services have not been started as one or more is already run...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
After upgrading to Spring Boot 3.2, my application stops working, until I add the
<loaderImplementation>CLASSIC</loaderImplementation>configuration to therepackageMaven goal.The particularity of my application, is that one of the jars is a security library which is signed (the library recuperates the signature via
Class::getSigners()to verify it when initializing). In previous versions of Spring Boot,requiresUnpackused to do the trick:Now, the application only works by reverting to the CLASSIC loader implementation.
By debugging the application, I see the following differences between the two cases:
In the CLASSIC loader, the library is loaded via
LaunchedURLClassLoaderusing the schemefile:/...and the signers are correctly returned:
In the new loader, the library is loaded via
LaunchedClassLoaderusing the schemejar:file:/...and the signers are lost:
It would be desirable that the
getSigners()info of signed jars is preserved by the loader, when using therepackageMaven goal.The text was updated successfully, but these errors were encountered: