Invalid Signature file digest - Maven solution

Are you getting this exception ?

Error: A JNI error has occurred, please check your installation and try againException in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes 
at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:284) 
at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:238) at java.util.jar.JarVerifier.processEntry(JarVerifier.java:273) 
at java.util.jar.JarVerifier.update(JarVerifier.java:228) 
at java.util.jar.JarFile.initializeVerifier(JarFile.java:383)

If you a mere mortal like I am and have got this SecurityException after adding a maven repository read on. The most basic cause of such a exception is some dependency define in pom.xml is pulling in jars which are singed. After building your application unzip the final jar that gets created for your application.
In my case its GitFx-1.0-SNAPSHOT.jar. Unzip GitFx-1.0-SNAPSHOT.jar or do a jar -xvf GitFx-1.0-SNAPSHOT.jar. Inspect the META_INF folder. You will find .RSA,.SF or .DSApresent under META_INF. This is signed information. The best way to explain why one gets the exception at runtime is “Some of your dependencies are likely signed jarfiles. When you combine them all into one big jarfile, the corresponding signatures are no longer valid so the runtime halts.” – StackOverflow Answer[1]
Solution to fix this with maven-dependency-plugin. Small snippet of code in my pom.xml.

<plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-dependency-plugin</artifactId>
                <version>2.6</version>
                <executions>
                    <execution>
                        <id>unpack-dependencies</id>
                        <phase>package</phase>
                        <goals>
                            <goal>unpack-dependencies</goal>
                        </goals>
                        <configuration>
                            <excludeScope>system</excludeScope>
                            <excludes>META-INF/*.SF</excludes>
                            <excludes>META-INF/*.DSA</excludes>
                            <excludes>META-INF/*.RSA</excludes>
                            <excludeGroupIds>junit,org.mockito,org.hamcrest</excludeGroupIds>
                            <outputDirectory>${project.build.directory}/classes</outputDirectory>
                        </configuration>
                    </execution>
                </executions>
            </plugin>

上面的配置又会报错,中级配置如下
No configuration setting found for key ‘akka.remote.log-received-messages’

           <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-shade-plugin</artifactId>
                <executions>
                    <execution>
                        <phase>package</phase>
                        <goals>
                            <goal>shade</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <filters>
                        <filter>
                            <artifact>*:*</artifact>
                            <excludes>
                                <exclude>META-INF/*.SF</exclude>
                                <exclude>META-INF/*.DSA</exclude>
                                <exclude>META-INF/*.RSA</exclude>
                            </excludes>
                        </filter>
                    </filters>
                    <transformers>
                        <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
                        <mainClass>org.apache.spark.asyspark.core.Main</mainClass>
                        </transformer>
                        <transformer
                                implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
                            <resource>reference.conf</resource>
                        </transformer>
                    </transformers>


                </configuration>
            </plugin>

Line # 15,16 and 17 is where we prevent the signed information from going into our final consolidated jar file.Some more information about the plugins configuration can be found here[2]
Hope this helps :)
References:
Stack OverFlow
Apache Maven – Unpacking Specific Artifacts

    原文作者:Codlife一王家二公子
    原文地址: https://www.jianshu.com/p/a589d627fadf
    本文转自网络文章,转载此文章仅为分享知识,如有侵权,请联系博主进行删除。
点赞