Bug Report: SecurityException with signed jars after upgrading from Payara 5 to Payara 6.2024.5

[garychan21]

Brief Summary

We recently migrated our application from the javax to jakarta namespace along with upgrading the server from Payara 5 to Payara 6.2024.5. We are using the payara-embedded-all-6.2024.5.jar as the main dependency. We use jarsigner to sign our jar files which are deployed to the glassfish domain specific lib folder. I.e. <glassfish_home>/domains/<our_domain>/lib. When trying to deploy an .ear file which contains a remote EJB 2.x interface, we get this EJB Container initialization error:

Caused by: java.lang.SecurityException: class "com.mmsi.util.config.ejb._ConfigurationPropagatorHome_DynamicStub"'s signer information does not match signer information of other classes in the same package

Expected Outcome

The migrated application with the remote EJB 2.x interfaces will be deployable in Payara 6.2024.x as they were in Payara 5.

Current Outcome

The .ear deployment containing the remote EJB 2.x interface results in a EJB Container initialization error:

[2024-05-28T15:39:47.422-0700] [Payara 6.2024.4] [SEVERE] [] [javax.enterprise.system.core] [tid: _ThreadID=49 _ThreadName=admin-thread-pool::admin-listener(1)] [timeMillis: 1716935987422] [levelValue: 1000] [[
  Exception while loading the app : EJB Container initialization error
java.lang.RuntimeException: Unable to create reference 
    at org.glassfish.enterprise.iiop.impl.POARemoteReferenceFactory.createRef(POARemoteReferenceFactory.java:425)
    at org.glassfish.enterprise.iiop.impl.POARemoteReferenceFactory.createHomeReference(POARemoteReferenceFactory.java:378)
    at com.sun.ejb.containers.BaseContainer.initializeHome(BaseContainer.java:1353)
    at com.sun.ejb.containers.StatelessSessionContainer.initializeHome(StatelessSessionContainer.java:184)
    at com.sun.ejb.containers.StatelessContainerFactory.createContainer(StatelessContainerFactory.java:63)
    at org.glassfish.ejb.startup.EjbApplication.loadContainers(EjbApplication.java:225)
    at org.glassfish.ejb.startup.EjbDeployer.load(EjbDeployer.java:286)
    at org.glassfish.ejb.startup.EjbDeployer.load(EjbDeployer.java:104)
    at org.glassfish.internal.data.ModuleInfo.load(ModuleInfo.java:218)
    at org.glassfish.internal.data.ApplicationInfo.load(ApplicationInfo.java:334)
    at com.sun.enterprise.v3.server.ApplicationLifecycle.prepare(ApplicationLifecycle.java:580)
    at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:570)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl$2$1.run(CommandRunnerImpl.java:556)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl$2$1.run(CommandRunnerImpl.java:552)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at java.base/javax.security.auth.Subject.doAs(Subject.java:361)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl$2.execute(CommandRunnerImpl.java:551)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl$3.run(CommandRunnerImpl.java:582)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl$3.run(CommandRunnerImpl.java:574)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at java.base/javax.security.auth.Subject.doAs(Subject.java:361)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:573)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:1497)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1879)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1755)
    at org.glassfish.admin.rest.resources.admin.CommandResource.executeCommand(CommandResource.java:409)
    at org.glassfish.admin.rest.resources.admin.CommandResource.execCommandSimpInMultOut(CommandResource.java:236)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:146)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:189)
    at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
    at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:93)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:478)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:400)
    at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81)
    at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:261)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
    at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
    at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
    at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:240)
    at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:697)
    at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:367)
    at org.glassfish.admin.rest.adapter.JerseyContainerCommandService$3.service(JerseyContainerCommandService.java:179)
    at org.glassfish.admin.rest.adapter.RestAdapter.service(RestAdapter.java:189)
    at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:520)
    at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:217)
    at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:174)
    at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:153)
    at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:196)
    at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:88)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:246)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:178)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:118)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:96)
    at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:51)
    at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:510)
    at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:82)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:83)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:101)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:535)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:515)
    at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.lang.RuntimeException: Could not invoke defineClass method 
    at org.glassfish.pfl.basic.reflection.BridgeBase.defineClass(BridgeBase.java:264)
    at org.glassfish.pfl.basic.reflection.BridgeBase.defineClass(BridgeBase.java:279)
    at org.glassfish.pfl.dynamic.codegen.impl.CodeGeneratorUtil.makeClass(CodeGeneratorUtil.java:57)
    at org.glassfish.pfl.dynamic.codegen.spi.Wrapper._generate(Wrapper.java:1069)
    at org.glassfish.pfl.dynamic.codegen.spi.Wrapper._generate(Wrapper.java:1040)
    at com.sun.corba.ee.impl.presentation.rmi.codegen.CodegenProxyCreator.create(CodegenProxyCreator.java:226)
    at com.sun.corba.ee.impl.presentation.rmi.codegen.StubFactoryCodegenImpl.createStubClass(StubFactoryCodegenImpl.java:80)
    at com.sun.corba.ee.impl.presentation.rmi.codegen.StubFactoryCodegenImpl.createStubClass(StubFactoryCodegenImpl.java:74)
    at com.sun.corba.ee.impl.presentation.rmi.codegen.StubFactoryCodegenImpl.lambda$getStubClass$0(StubFactoryCodegenImpl.java:57)
    at java.base/java.util.HashMap.computeIfAbsent(HashMap.java:1134)
    at com.sun.corba.ee.impl.presentation.rmi.codegen.StubFactoryCodegenImpl.getStubClass(StubFactoryCodegenImpl.java:57)
    at com.sun.corba.ee.impl.presentation.rmi.codegen.StubFactoryCodegenImpl.makeStub(StubFactoryCodegenImpl.java:84)
    at org.glassfish.enterprise.iiop.impl.POARemoteReferenceFactory.createRef(POARemoteReferenceFactory.java:415)
    ... 68 more
Caused by: java.lang.reflect.InvocationTargetException
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.glassfish.pfl.basic.reflection.BridgeBase.defineClass(BridgeBase.java:261)
    ... 80 more
Caused by: java.lang.SecurityException: class "com.mmsi.util.config.ejb._ConfigurationPropagatorHome_DynamicStub"'s signer information does not match signer information of other classes in the same package
    at java.base/java.lang.ClassLoader.checkCerts(ClassLoader.java:1156)
    at java.base/java.lang.ClassLoader.preDefineClass(ClassLoader.java:911)
    at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1020)
    ... 85 more
]]

Reproducer

Example of our EJB classes:

import java.rmi.RemoteException;
import jakarta.ejb.CreateException;
import jakarta.ejb.EJBHome;

public interface SiteIntegrationFacadeHome extends EJBHome {

    String LOCATION = "ejb/SiteIntegrationFacade";

    SiteIntegrationFacade create() throws CreateException, RemoteException;
}

import jakarta.ejb.CreateException;
import jakarta.ejb.SessionBean;
import jakarta.ejb.SessionContext;
import javax.sql.DataSource;

public class SiteIntegrationFacadeBean implements ISiteIntegrationClientContract, SessionBean {

    public final void setSessionContext(SessionContext sessionContext) {
    }

    public void ejbCreate() throws CreateException {
    }

    public final void ejbRemove() {
        invalidateMessageManager();
    }

    public final void ejbActivate() {
    }

    public final void ejbPassivate() {
        invalidateMessageManager();
    }

    /** Service Contract methods */
   ...
}

import java.rmi.RemoteException;
import jakarta.ejb.EJBObject;

public interface SiteIntegrationFacade extends EjbDataSource, EJBObject {

/** Service Contract methods */
   ...
}

Operating System

Window Server 2019 Standard

JDK Version

Zulu JDK 11.0.22

Payara Distribution

Payara Server Full Profile

[Elifzeynepedman]

Hi @garychan21,

Could you please provide a simple-to-follow scenario on how to reproduce this on the latest version? A reproducer should ideally follow the SSCCE rules: http://www.sscce.org/.. It will greatly help us to find the cause and fix it.

Thank you, Elif

[github-actions[bot]]

Greetings, It's been more than 5 days since we requested more information or an update from you on the details of this issue. Could you provide an update soon, please? We're afraid that if we do not receive an update, we'll have to close this issue due to inactivity.

[github-actions[bot]]

Greetings, It's been more than 5 days since this issue was identified as abandoned. We have closed this issue due to inactivity, please feel free to re-open it if you have more information to share.