search

bgarrels / hamcrest

Automatically exported from code.google.com/p/hamcrest
0 stars 0 forks source link

library error - java.lang.SecurityException #128

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
There seems to be a serious error in the hamcrest libraries. See listing below. 
 Yes it is a stack tace, but embeddded withinn it are additonal information 
relating to how the error was exposed.

java.lang.SecurityException: class "org.hamcrest.TypeSafeMatcher"'s signer 
information does not match signer information of other classes in the same 
package
    at java.lang.ClassLoader.checkCerts(Unknown Source)
    at java.lang.ClassLoader.preDefineClass(Unknown Source)
    at java.lang.ClassLoader.defineClassCond(Unknown Source)
    at java.lang.ClassLoader.defineClass(Unknown Source)
    at java.security.SecureClassLoader.defineClass(Unknown Source)
    at java.net.URLClassLoader.defineClass(Unknown Source)
    at java.net.URLClassLoader.access$000(Unknown Source)
    at java.net.URLClassLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.defineClass1(Native Method)
    at java.lang.ClassLoader.defineClassCond(Unknown Source)
    at java.lang.ClassLoader.defineClass(Unknown Source)
    at java.security.SecureClassLoader.defineClass(Unknown Source)
    at java.net.URLClassLoader.defineClass(Unknown Source)
    at java.net.URLClassLoader.access$000(Unknown Source)
    at java.net.URLClassLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at test.ExercisePriceServiceLookup.testThatThereAreMappingsFromPriceTypeToServiceName(ExercisePriceServiceLookup.java:73) // This is where I invoke the method:
    .. left out for brevity
    assertThat(tokenToServiceNameMapping, hasEntry("L", "L1L2_PRICES")); // more detail at the bottom

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
    at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:76)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
    at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
    at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
    at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
    at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
    at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
    at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
    at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:49)
    at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)

    The imports are:
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.not;
import static org.hamcrest.collection.IsMapContaining.hasEntry;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.junit.matchers.JUnitMatchers.hasItems;

import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Scanner;
import java.util.Set;
import java.util.TreeMap;

import main.PriceServiceLookup;

import org.hamcrest.Matcher;
import org.junit.Assert;
import org.junit.Test;

public class ....{
... removed for brevity
    // collection under test. For the purpose of getting the test 
        // working, it is populated from 
    // the content of a .properties file
    final Map<String, String> tokenToServiceNameMapping = new TreeMap<String, String>();

The libraries order in the Eclipse build configuration are:

hamcrest-core-1.2.jar
hamcrest-library-1.2.jar
jmock-2.5.1.jar
JRE [JavaSE-1.6]
JUnit_4.8.1.jar (part of the eclipse distribution)
hamcrest.core_1.1.0 (bundled with JUnit 4.8.1) 

Any information relating to this exception, and its explanation or resolution 
is greatly received.

Regards,
Alan Lewis

Original issue reported on code.google.com by alanlew...@gmail.com on 19 Oct 2010 at 2:39

GoogleCodeExporter commented 9 years ago 
The jar seems to be signed and some classes are not correctly signed. Neither 
the jar downloaded from the website nor the maven version should be signed.

Do you use the maven version of the JAR? Then try to update to 1.2.1 or 
1.3.RC2. But this could also be a mix of the Version 1.1 bundled with JUnit and 
the 1.2...

Original comment by sendorian on 23 Dec 2010 at 7:56

GoogleCodeExporter commented 9 years ago 
I'm having the same problem and I'm using hamcrest-library-1.1.jar to try to 
match the version bundled with JUnit.

java.lang.SecurityException: class "org.hamcrest.Matchers"'s signer information 
does not match signer information of other classes in the same package

I've tried using junit-dep + hamcrest-core + hamcrest-library (not using the 
ones supplied by eclipse) but then there is a reference from junit that is not 
supplied by hamcrest. (I tried multiple versions of each jar)

Original comment by apmckinlay on 9 Jan 2011 at 2:54

GoogleCodeExporter commented 9 years ago 
The solution is simple - make sure that hamcrest.jar is before the JUnit 
library included by Eclipse in the classpath.

Original comment by jarek.przygodzki@gmail.com on 3 Feb 2011 at 8:12

GoogleCodeExporter commented 9 years ago 
jarek

They are!  see error description above.

Original comment by alanlew...@gmail.com on 3 Feb 2011 at 11:40

GoogleCodeExporter commented 9 years ago 
I believe if you look at the "Order and Export" tab in the java build path 
property (Configure Build Path), you will find that the JUnit jar is above the 
hamcrest.jar. You can move hamcrest above the JUnit jar here and the problem 
will go away.

Original comment by craig.j....@gmail.com on 11 Feb 2011 at 6:25

GoogleCodeExporter commented 9 years ago 
i had the same problem but was a conflict of library of jUnit

Original comment by maorvel...@gmail.com on 1 Mar 2011 at 9:43

GoogleCodeExporter commented 9 years ago 
Yes... that's the case with classpath. Just move the hamcrest.jar up in the 
list. This works.

Original comment by nemani.s...@gmail.com on 13 Apr 2011 at 11:41

GoogleCodeExporter commented 9 years ago 
I got this error as well when using a project in Eclipse that is built with 
maven.

The problem appears when the Maven Dependencies library as well as the JUnit 4 
library are included in the Build Path, removing the JUnit 4 library fixes the 
problem apparently (junit and hamcrest will be in the maven depencies anyway).

The org.hamcrest.core jar shipped with Eclipse is signed but the 
org.hamcrest.library from Maven isn't, hence the security violation.

Original comment by alexl...@gmail.com on 9 Mar 2012 at 11:05

GoogleCodeExporter commented 9 years ago 
tagged Java

Original comment by t.denley on 19 May 2012 at 8:11

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
How do I get rid of the Eclipse provided junit library in the classpath when 
running unit tests?

Looking at the Build Path in Eclipse, I only see my Maven dependencies, 
including hamcrest-library-1.1 and junit-4.10.

But when I run the unit test and look at System.getProperties, the following 
jars show up in that order:
\eclipse37\plugins\org.junit_4.8.2.v4_8_2_v20110321-1705\junit.jar
\eclipse37\plugins\org.hamcrest.core_1.1.0.v20090501071000.jar
\mvnrepo\.m2\repository\org\hamcrest\hamcrest-library\1.1\hamcrest-library-1.1.j
ar
\mvnrepo\.m2\repository\org\hamcrest\hamcrest-core\1.1\hamcrest-core-1.1.jar
\mvnrepo\.m2\repository\junit\junit\4.10\junit-4.10.jar

What helped for the moment is to remove the junit dependency from maven. 
Eclipse class path afterwards contains:
\eclipse37\plugins\org.junit_4.8.2.v4_8_2_v20110321-1705\junit.jar
\eclipse37\plugins\org.hamcrest.core_1.1.0.v20090501071000.jar
\mvnrepo\.m2\repository\org\hamcrest\hamcrest-library\1.1\hamcrest-library-1.1.j
ar
\mvnrepo\.m2\repository\org\hamcrest\hamcrest-core\1.1\hamcrest-core-1.1.jar

But... now I can no longer run the tests from maven.

Original comment by lbre...@gmail.com on 22 Jun 2012 at 10:59

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
Looks like this is all connected to the hamcrest OSGI bundles used by eclipse 
and hosted through the eclipse orbit project (see 
http://download.eclipse.org/tools/orbit/downloads/ ).  I've recently contacted 
the maintainer of these bundles to see about providing 1.3 versions, but I'm 
unsure whether this will address the security issues reported here.

I'm inclined to close this issue and encourage anyone who is still suffering to 
raise another issue with the eclipse project.

Original comment by t.denley on 28 Jul 2012 at 10:09

GoogleCodeExporter commented 9 years ago 
I had same problem with Eclipse+Maven+Hamcrest combination. 

The hamcrest-library-1.3.jar in maven dependencies had collision with Eclipse 
embedded Hamcrest. 

I found corresponding issue on Eclipse 
https://bugs.eclipse.org/bugs/show_bug.cgi?id=405276, but it is still not 
resolved in my Eclipse Version: Luna Release (4.4.0) Build id: 20140612-0600. 

So I found alternative simple solution:  rename the file 
$ECLIPSE_HOME\plugins\org.hamcrest.core_1.3.0.v201303031735.jar  to something 
like  *.bak    or  remove the file. 

Eclipse ignores the embedded Hamcrest :) and Maven dependencies will be used 
instead.

Original comment by kek.for...@gmail.com on 11 Sep 2014 at 6:45