eclipseLink 2.7.0: Static weaving error for "javax.persistence.AttributeConverter"'s signer information does not match

Question

On running gradle task for static weaving in eclipseLink 2.7.0 getting below error.

21:50:14.206 [ERROR] [system.err] Exception Description: Predeployment of PersistenceUnit [default] failed.
21:50:14.206 [ERROR] [system.err] Internal Exception: java.lang.SecurityException: class "javax.persistence.AttributeConverter"'s signer information does not match signer info rmation of other classes in the same package
21:50:14.206 [ERROR] [system.err] at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.createPredeployFailedPersistenceException(EntityManagerSetupImpl.java:20 80)
21:50:14.206 [ERROR] [system.err] at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.predeploy(EntityManagerSetupImpl.java:2071)
21:50:14.206 [ERROR] [system.err] Exception Description: Predeployment of PersistenceUnit [default] failed.
21:50:14.206 [ERROR] [system.err] Internal Exception: java.lang.SecurityException: class "javax.persistence.AttributeConverter"'s signer information does not match signer info rmation of other classes in the same package

I am aware that these conflicts comes when class is referred by different jars.
Checked on the same lines.AttributeConverter is present in javax.persistence 2.2.0 as well as eclipselink 2.7.0 causing the conflict. javax.persistence 2.2.0 is required dependency for eclipselink 2.7.0.
I am gussesing have to exclude one of the jar so that AttributeConverter can be referred from 1 jar.But not sure how.

Any thoughts on resolving this issue ?

Answer 1

In my case, excluding the bundled JPA API dependency and including the standalone one has helped:

    <dependency>
        <groupId>org.eclipse.persistence</groupId>
        <artifactId>org.eclipse.persistence.jpa</artifactId>
        <version>2.7.0</version>
        <exclusions>
            <exclusion>
                <!-- The JPA API imported separately due to problems with JAR signature. -->
                <groupId>org.eclipse.persistence</groupId>
                <artifactId>javax.persistence</artifactId>
            </exclusion>
        </exclusions>
    </dependency>
    <dependency>
        <groupId>javax.persistence</groupId>
        <artifactId>javax.persistence-api</artifactId>
        <version>2.2</version>
    </dependency>

Answer 2

Issue seems to be with signing of the jars. eclipselink 2.7.0 uses javax persistence 2.2.0 which is signed by eclipse foundation where as eclipselink 2.7.0 is not. AttributeConverter in my case was refered and there was a signature mismatch. Issue 525457 was already filed with eclipse.org
Using javax.persistence 2.1 resolved the issue.

Answer 3

As far as I can tell, javax.persistence is a transitive dependency in eclipselink 2.7.0.

Which means there is no need to add it as a separate dependency.

Something that helped me a lot is the dependencyInsight from gradle. It displays the different sources a dependency is pulled from.

dependencyInsight --dependency javax.persistence

If you see in the dependencyInsight, that an transitive dependency gets pulled you don't want to (e.g. javax.persistence from another source) you can try to disable the transitive dependencies for that specific dependency or just exclude it.

I had a similar issue a while ago. My quick fix was unchecking the javax.persistence in the build path of my root project. Generally speaking, if you only have one project, you can try switching the order in which the dependencies are used. You can find that setting in your Java Build Path in the Tab "Order and Export" of your project. (I'm just assuming you are using Eclipse as an IDE)

Try to move javax.persistence downwards in the list or uncheck it.

Personally, I only have two gradle dependencies for the jpa.

org.eclipse.persistence:org.eclipse.persistence.jpa
org.eclipse.persistence:eclipselink

I disabled the transitive dependencies on the eclipselink dependency.