12

We are having an issue with a war built from gradle failing to load in tomcat because of a Security Exception specific to a signed Jar. The stack trace is not showing what jar is causing the problem and to get this thing running I'm wondering if I can exclude the signatures in the build when the war is getting built but don't know how to do that with Gradle. In maven I believe it would be a <filter><exclude> tag but not sure if this type of thing is available in Gradle. Any input would be appreciated, the Exception being thrown is below. 

Caused by: java.lang.SecurityException: Invalid signature file digest for
Mr Lister
  • 45,515
  • 15
  • 108
  • 150
Duncan Krebs
  • 3,366
  • 2
  • 33
  • 53
  • 1
    When you refer to the 'jar', are you referring to 3rd party libraries, or your own jar that is build during the Gradle build? – pczeus Mar 25 '16 at 23:55
  • 1
    Also, how are you building the war? Are you doing it manually by copying jars, etc then creating the war, or are you using a plugin like the 'war' plugin? – pczeus Mar 26 '16 at 00:00

2 Answers2

13

To find out if a jar file is signed, you can unzip the jar file using any zip utility tool. If the jar is signed it will contain files like *.RSA, *.SF or *.DSA under META-INF folder.

To exclude these signature files in gradle build , I did the following in my build.gradle. If you are using any other plugin to create the jar than you should check that plugins documentation for more details. 

jar {
from { (configurations.runtime).collect { it.isDirectory() ? it : zipTree(it) } } {
    exclude 'META-INF/*.RSA', 'META-INF/*.SF', 'META-INF/*.DSA'
}
manifest {
    attributes("Main-Class": "com.nk.social.shareit.streams.AppMain")
}}

My entire build.gradle file is as listed below:-

apply plugin: 'scala'

dependencies {
    compile group: 'org.apache.kafka', name: 'kafka-streams', version: '0.11.0.1'
    compile 'org.scala-lang:scala-library:2.12.2'
    compile 'com.sksamuel.elastic4s:elastic4s-core_2.12:5.4.2'
    compile 'com.sksamuel.elastic4s:elastic4s-http_2.12:5.4.2'
    compile 'org.apache.lucene:lucene-core:6.5.1'
    compile 'joda-time:joda-time:2.9.9'
    testCompile group: 'org.scalatest', name: 'scalatest_2.12', version: '3.0.4'
}


jar {
    from { (configurations.runtime).collect { it.isDirectory() ? it : zipTree(it) } } {
        exclude 'META-INF/*.RSA', 'META-INF/*.SF', 'META-INF/*.DSA'
    }
    manifest {
        attributes("Main-Class": "com.nk.social.shareit.streams.AppMain")
    }
}

Hope this helps.

mrnakumar
  • 625
  • 6
  • 13
  • 1
    Is there a way to accomplish this in Android, I have been looking for a way out for the last 4 days. – Tonnie Mar 26 '21 at 05:05
  • with exclude rules, I got error [No auto configuration classes found in META-INF/spring.factories.](https://stackoverflow.com/questions/49346068/using-gradle-no-auto-configuration-classes-found-in-meta-inf-spring-factories) with Spring app. Fixed simply with adding plugin `id 'org.springframework.boot' version '2.4.5'`. No `jar {}` task needed. – prayagupa Feb 07 '22 at 18:43
0

With the jar, for example given in this thread I have a problem building a fat jar.

The main motivation is that the build process will skip also some dependecens.

A solution found is the following one, it contains only a small change

jar {
    manifest {
        attributes(
                'Class-Path': configurations.compile.collect { it.getName() }.join(' '),
                'Main-Class': 'io.vincenzopalazzo.lightning.App'
        )
    }

    from(configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) }) {
        exclude 'META-INF/*.RSA', 'META-INF/*.SF', 'META-INF/*.DSA'
    }
}
vincenzopalazzo
  • 1,487
  • 2
  • 7
  • 35