So I have this springboot application which I'm migrating from a WAS to a springboot setup. And I have a couple of JSPs which has to be configured. To accomodate these I added the following dependencies:
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<version>9.0.22</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<scope>provided</scope>
</dependency>
The application already came with the following dependency which is being used throughout the application:
<dependency>
<groupId>com.ibm</groupId>
<artifactId>com.ibm-jaxrpc-client</artifactId>
<version>6.0</version>
</dependency>
The issue I'm facing is that both these dependencies (jaxrpc-client and tomcat-embed-jasper) have javax.servlet.ServletContext classes in them which is causing the following error:
The method's class, javax.servlet.ServletContext, is available from the following locations:
jar:file:/C:/Users/.m2/repository/com/ibm/com.ibm-jaxrpc-client/6.0/com.ibm-jaxrpc-client-6.0.jar!/javax/servlet/ServletContext.class
jar:file:/C:/Users/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.30/tomcat-embed-core-9.0.30.jar!/javax/servlet/ServletContext.class
It was loaded from the following location:
file:/C:/Users/.m2/repository/com/ibm/com.ibm-jaxrpc-client/6.0/com.ibm-jaxrpc-client-6.0.jar
Action:
Correct the classpath of your application so that it contains a single, compatible version of javax.servlet.ServletContext
I can't afford to remove any of these dependencies. jaxrpc-client is being referenced in the code already in too many places and I need tomcat-embed-jasper to render my jsp pages. I can't exclude the ServletContext class since its not a dependency(If I'm not wrong about the concept of exclusion). Please help with with a way forward with this issue.
I'm not familiar with IBM's jaxrpc client, but I assume, you have this exception in runtime, when trying to load the application.
In this case consider the following approaches:
Use another jax-rpc client library
Consider Loading the code that uses this library with the different class-loader (you'll have to create one classloader for this) to avoid the clash
Kind of paraphrasing the second option. You can "play" (override the order of loading of specific classes) with spring boot classloader as described in this article
I know, this is too general answer, but hopefully its still helpful.
The first solution is by far the easiest way I can think of.
The second solution is doable, however it pretty much depends on how exactly the code that uses the jax rpc client is loaded and used.
I have been doing my project and all the sudden eclipse started to give this error saying
The type com.google.protobuf.GeneratedMessageV3$Builder cannot be resolved.
It is indirectly referenced from required .class files where we declare the package. I have tried adding com.google.protobuf-2.4.0.jar to build path but it did not work. Please help and here's the screenshot.
com.mysql.cj.x.protobuf.MysqlxSql.StmtExecute is not on the classpath so remove this import
If you are expecting Protobuf generated files to be available, then ensure that you have added the Protobuf library to your project.
Gradle example:
implementation group: 'com.google.protobuf', name: 'protobuf-java', version: googleProtobufVersion
Maven example:
<dependency>
<groupId>com.google.protobuf</groupId>
<artifactId>protobuf-java</artifactId>
<version>${googleProtobufVersion}</version>
</dependency>
Not sure if this helps at such a later date. But i also faced something similar.
I found that I imported this by mistake
import com.mysql.cj.x.protobuf.MysqlxDatatypes.Array;
After removing this line, it works fine.
In your case you need to remove the import
com.mysql.cj.x.protobuf.MysqlxSql.StmtExecute
Replace it with the relevant import.
This is due to the missing dependency of gRPC protobuf. Add this dependency to your pom.xml and this should solve your problem.
<dependency>
<groupId>io.grpc</groupId>
<artifactId>grpc-protobuf</artifactId>
<version>1.16.1</version>
</dependency>
Lastly, do maven -> project update
When running a project built by maven with the following dependencies:
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>javax.persistence</artifactId>
<version>2.2.0</version>
</dependency>
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>eclipselink</artifactId>
<version>2.7.0</version>
</dependency>
I get the following error at runtime:
java.lang.SecurityException: class "javax.persistence.Cacheable"'s signer information does not match signer information of other classes in the same package
The javax.persistence-2.2.0 artifact is signed and contains the javax.persistence.Cacheable.class annotation, while the eclipselink-2.7.0 artifact is not signed and also contains the same java class annotation.
How can this be fixed?
Edit
Replacing the javax.persistence artifact version 2.2.0 by the version 2.1.1 fixes the problem (this one is not signed), but I'm not sure it's a normal situation.
Thanks Stéphane - the edit at the end of your question helped me "fix" the same problem. For anyone else who hits this as well - here is an expanded answer. This is what you need to "fix" things in your pom (until Eclipse fix things properly):
<!-- See https://stackoverflow.com/q/45870753 -->
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>eclipselink</artifactId>
<version>2.7.0</version>
<exclusions>
<exclusion>
<groupId>org.eclipse.persistence</groupId>
<artifactId>javax.persistence</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>javax.persistence</artifactId>
<version>2.1.1</version>
</dependency>
This pulls in eclipselink but excludes the javax.persistence dependency that it tries to pull in and replaces it with an earlier version of javax.persistence that doesn't have the signing issue.
Aside: javax.persistence version 2.2.0 is explicitly pulled in, in the pom fragment shown in the original question, despite already being a transitive dependency of eclipselink.
Explanation
Summary - the eclipselink artifact depends on javax.persistence and both contain classes that are in the package javax.persistence. However the javax.persistence jar is signed while the eclipselink one is not. So the Java runtime will complain, when loading a class from the package javax.persistence in the eclipselink jar, that it's lack of signing doesn't match with classes already loaded from the same package in the javax.persistence jar.
Details - if I put a breakpoint in java.util.concurrent.ConcurrentHashMap.putIfAbsent(K, V) with condition "javax.persistence".equals(arg0) then I see that javax.persistence is mapped to the following CodeSource value:
(file:/Users/georgehawkins/.m2/repository/org/eclipse/persistence/javax.persistence/2.2.0/javax.persistence-2.2.0.jar [
[
Version: V3
Subject: CN="Eclipse Foundation, Inc.", OU=IT, O="Eclipse Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
...
I.e. javax.persistence-2.2.0.jar is signed by the Eclipse Foundation and contains classes in the package javax.persistence. This jar is pulled in when some part of my application (actually something deep in Spring logic) tries to load javax.persistence.EntityManagerFactory.
If I then put a breakpoint in java.lang.ClassLoader.checkCerts(String, CodeSource) on the throw new SecurityException line I then see that it hits this line when the passed in CodeSource is:
(file:/Users/georgehawkins/.m2/repository/org/eclipse/persistence/eclipselink/2.7.0/eclipselink-2.7.0.jar <no signer certificates>)
I.e. eclipselink-2.7.0.jar also contain classes that are in the javax.persistence package but it is unsigned so a clash occurs that results in a SecurityException being thrown. This happens when something (also deep in Spring logic) tries to load javax.persistence.PersistenceUtil.
If I look at the output of mvn dependency:tree I see that this mismatch seems to be down to eclipselink itself - it is pulling in org.eclipse.persistence:javax.persistence:jar:2.2.0 itself. I.e. it isn't some clash with some other dependency:
[INFO] | \- org.eclipse.persistence:eclipselink:jar:2.7.0:compile
[INFO] | +- org.eclipse.persistence:javax.persistence:jar:2.2.0:compile
[INFO] | +- org.eclipse.persistence:commonj.sdo:jar:2.1.1:compile
[INFO] | +- javax.validation:validation-api:jar:1.1.0.Final:compile
[INFO] | \- org.glassfish:javax.json:jar:1.0.4:compile
I've logged this now at bugs.eclipse.org - see bug 525457.
To fix this issue, put in the correct JPA 2.2 compliant dependency for EclipseLink 2.7.x, in your maven pom file, as:
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>org.eclipse.persistence.jpa</artifactId>
<version>2.7.1</version>
</dependency>
eclipselink.jar as such is designed as all-in-one bundle, not osgi enabled jar containing all partsof eclipselink project (ie sdo, oracle db specific stuff, dbws, nosql..) with ability to run with jpa api 2.0 on the classpath - at least in 2.x versions. In many cases this is not needed and proper components can be used instead, such as org.eclipse.persistence.jpa, org.eclipse.persistence.oracle etc. For the full list see ie: http://search.maven.org/#search%7Cga%7C1%7Corg.eclipse.persistence
This strange situation still seems to exist, in my case not using Maven, just trying to get a simple JPA example to run (and it is really frustrating if you need hours just to achieve that).
With 2.7.4 from January, this error occurs if you put the eclipselink.jar and jakarta.persistence_2.2.2.jar from the zip on the classpath.
In the end solution was to change order on the classpath: first the jakarta-persistence and only after that the eclipselink-jar.
So all javax.persistence classes are taken from jakarta-jar and not partly of the eclipselink-jar (if included there).
So I really wonder various things.
The eclipselink package should be all-in-one? But it is not. Some javax.persistence classes are contained. Others not - basic classes to be used in JPA code like EntityManager. Of course, together with the jakarta-jar included in the zip it is complete - but you may not use the two jars together with the "wrong" order on the classpath!? I really consider this a bug - or at least there should be a HUGE hint about this in the package then.
What is the org.eclipse.persistence.jpa-2.7.4.jar from Maven that is suggested here? It does not have the problems of the eclipselink.jar yes, not this error message. But then it also just seems not to include the Eclipselink JPA implementation, at least running with it I got error that persistence-unit referenced in code does not exist (same persistence.xml working with eclipselink.jar).
Strange situation.
My project was working on JDK-8, but stopped to work when I upgraded it to openJDK-11.
I solved it excluding the jpa-persistence module, and adding again on the version 2.2:
dependencies.create('org.eclipse.persistence:eclipselink:2.7.4') {
exclude module: "javax.persistence"
},
'javax.persistence:javax.persistence-api:2.2', //add it again, manually
'org.eclipse.persistence:org.eclipse.persistence.asm:2.7.4',
'org.eclipse.persistence:org.eclipse.persistence.antlr:2.7.4',
'org.eclipse.persistence:org.eclipse.persistence.moxy:2.7.4',
'org.eclipse.persistence:org.eclipse.persistence.core:2.7.4'
I fixed this by switching the order in which the jars appear in the classpath. In my case, I'm using Tomcat and had to modify catalina.properties to put javax before eclipselink.
Obinna's answer is correct; I guess that there was an issue with eclipselink 2.7.x –as George indicated. I had a similar issue when upgrading eclipselink, but it was just wrong artefacts. The initially described issue seems to be a result of externally referencing javax.persistence level - it is definitely not necessary.
Proper maven configuration can be found in eclipselink wiki:
https://wiki.eclipse.org/EclipseLink/Maven
I also run into this problem, with my case being a bit different, in that I am not using Maven. However, I place an answer here, as it might give people an idea about how to deal with this in their own situation. After all, the title is about this mismatch, in general, one sub-case being when using Maven.
I am using eclipselink in a NetBeans project. Initially, I was placing both the the eclipselink jar file (eclipselink-2.7.0.jar) and the needed org.eclipse.persistence jar files as external libraries to my project. Comments by Sergey and entreprenr above are what actually lead me to solve my problem. What I had to do was create a new library (Tools->Libraries->New Library...) which does not contain the eclipselink jar file (i.e. eclipselink-2.7.0.jar is not added in the library), only the specific org.eclipse.persistence jar files that are necessary for the project, e.g. org.eclipse.persistence.antlr-2.7.0.jar, org.eclipse.persistence.asm-2.7.0.jar, org.eclipse.persistence.core-2.7.0.jar, org.eclipse.persistence.jpa.modelgen.processor-2.7.0.jar, org.eclipse.persistence.jpa-2.7.0.jar, etc. I then added this library to my project and the exception vanished.
Of course, I also had to replace all org.eclipse.persistence jar files on my server with their 2.7.0 version and also replace the javax.persistence.jar with its 2.2.0 version (I use payara, so these are located under <payara_home>\glassfish\modules).
I'm using gradle in my project build and to solve the OP's problem, which I had as well, I finally used the following working setup.
dependencies {
testImplementation(group: 'org.eclipse.persistence', name: 'eclipselink', version: '2.7.4') {
exclude group: 'javax.validation', module: 'validation-api'
exclude group: 'org.eclipse.persistence', module: 'javax.persistence'
exclude group: 'org.eclipse.persistence', module: 'commonj.sdo'
exclude group: 'org.eclipse.persistence', module: 'jakarta.persistence'
}
testImplementation(group: 'org.eclipse.persistence', name: 'org.eclipse.persistence.jpa', version: '2.7.4') {
exclude group: 'org.eclipse.persistence', module: 'jakarta.persistence'
}
}
Instead of "testImplementation" you can of course use any dependency type you want or need.
After reading Sergey's comment I've improved this by just using:
dependencies {
testImplementation group: 'org.eclipse.persistence', name: 'org.eclipse.persistence.jpa', version: '2.7.4'
}
I think the last one is the best solution.
Because I could not find an answer for this problem when only using a Tomcat and this thread is often linked with this problem, I am going to post my solution here:
Since the signature is in the MANIFEST.MF you can change the signatures in the .jar files using 7zip or WinRAR to open them or simply delete them from the META-INF files of both .jar's and then import the changed files to your IDE.
A useful thread for the Signature-Mismatch-Problem is this thread: Java SecurityException: signer information does not match
I'm working in a GWTP + GAE project based on the CarStore example delviered by ArcBees. Maven dependencies are taken from that project too. My current version of GWTP is 1.5-SNAPSHOT.
The project compiles perfectly well. But when I run it, I'm stucked in this error:
[ERROR] Error injecting com.gwtplatform.dispatch.rest.delegates.client.ResourceDelegate<com.rmideas.sportbinder.shared.api.SessionResource>:
Unable to create or inherit binding: No #Inject or default constructor found for com.gwtplatform.dispatch.rest.delegates.client.ResourceDelegate<com.rmideas.sportbinder.shared.api.SessionResource>
The error refers to the ResourceDelegate declared in LoginPresenter. But i can´t find anything wrong in my code.
I analyzed the stacktrace and found this cause:
[INFO] Caused by: java.lang.NoSuchMethodError: com.gwtplatform.dispatch.rest.rebind.events.RegisterGinBindingEvent.postSingleton(Lcom/google/common/eventbus/EventBus;Lcom/gwtplatform/dispatch/rest/rebind/utils/ClassDefinition;Lcom/gwtplatform/dispatch/rest/rebind/utils/ClassDefinition;)
[INFO] at com.gwtplatform.dispatch.rest.delegates.rebind.DelegateGenerator.maybeRegisterGinBinding(DelegateGenerator.java:162)
This refers to a call between two Class objects. DelegateGenerator is the caller and is obtained from this dependency:
<dependency>
<groupId>com.gwtplatform.extensions</groupId>
<artifactId>dispatch-rest-delegates</artifactId>
<version>${gwtp.version}</version>
<scope>provided</scope>
</dependency>
And RegisterGinBindingEvent is the receiver. It belongs to here:
<dependency>
<groupId>com.gwtplatform</groupId>
<artifactId>gwtp-dispatch-rest</artifactId>
<version>${gwtp.version}</version>
<scope>provided</scope>
</dependency>
Now, this happens in line 162 of DelegateGenerator:
RegisterGinBindingEvent.postSingleton(eventBus, definition, getClassDefinition());
This shouldn't be a problem, but the key the eventBus sends as the first parameter is of a different type in both classes.
DelegateGenerator has this import statement:
import com.google.common.eventbus.EventBus;
And RegisterGinBindingEvent has this EventBus class:
import com.gwtplatform.dispatch.rest.rebind.utils.EventBus;
I guess that this is causing the problem. Both dependencies are using the same version (1.5-SNAPSHOT). If I downgrade the version to 1.4, this won´t happen. But it still has issues running ResourceDelegate with this code.
Does anyone know what am I be doing wrong? Or if this is a bug?
Thanks for using the snapshots.
For some reason the CI didn't deploy a snapshot for the last commits. This should now be fixed. Can you try another build? Add -U to your maven command line to make sure you grab the latest snapshot.
I am trying to follow some tutorials to learn how to secure a very simply spring-boot REST app with oauth2. I am trying to implement the Java config file as done on https://blog.safaribooksonline.com/2013/10/08/secure-rest-services-with-spring-security/.
That starts with
#Configuration
#EnableWebSecurity
class SecurityConfiguration extends OAuth2ServerConfigurerAdapter {
private final String applicationName = ServiceConfiguration.CRM_NAME;
However, when I add that to my project, my IDE tells me it cannot resolve OAuth2ServerConfigurerAdapter or ServiceConfiguration, and I cannot find a import (or a maven dependency with a import) that resolves.
In my pom.xml, I have
<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>2.0.3.RELEASE</version>
</dependency>
I have also tried to add this import to the class:
import org.springframework.security.oauth2.*;
Even with that and making sure to reimport the dependencies, I am still being told that that cannot be resolved.
Any ideas as to what I am missing? Is there a maven dependency I need? Do I need to have this spring config class in a certain place in my project and/or have something specific in a xml config file or something...?
Thanks for any help. Let me know if there is more detail I need to provide
I suspect that when the code you're referring to was written, the Java configuration for OAuth2 was a work in progress and has since changed.
This article might be a better starting point. The OAuth2 samples are also now using Java Config, so are a good resource to based your code on.