Reputation: 918
Maven jar signer plugin
i have a problem with jar signer plugin.
i'm in a legacy project that use an applet, all applet jar need to be signed.
first of all, i have add jar-signer plugin in each applet project.
but i need to add a common module into the applet, so i have add jarsigner plugin into this project.
i have a task maven-dependency-plugin in my web project which copy signed jar into src/main/webapp/applet
but when i compil the project i get this error:
java.lang.SecurityException: class X signer information does not match signer information of other classes in the same package.
I thinks its because in my common project(now signed) i have some Interface and in my webproject(not signed) i have the Implementation!
I don't want to sign the webproject.
so i decided to remove all jar-signer of all project and only add jar-signer plugin into web-project like this:
<plugin>
<artifactId>maven-jarsigner-plugin</artifactId>
<executions>
<execution>
<id>sign</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<archiveDirectory>${basedir}/src\main\webapp\applet</archiveDirectory>
<includes>
<include>**/*.jar</include>
</includes>
<excludes>
<exclude>**/*.war</exclude>
</excludes>
<keystore>${basedir}/src/main/resources/mykeystore.jks</keystore>
<alias>myalias</alias>
<storepass>mypassword</storepass>
<keypass>mypassword</keypass>
</configuration>
</plugin>
in this directory : ${basedir}/src\main\webapp\applet i have 8 jars and plugin sign 9jars as we can see:
[INFO] Webapp assembled in [5206 msecs]
[INFO] Building war: d:\MarcoPolo\SVN\CASTOR_trunk\CTR_WEB\web\target\ctrweb-02.01.00.war
[INFO] [jarsigner:sign {execution: sign}]
[INFO] 9 archive(s) processed
[INFO] [jar:jar {execution: create-classes}]
[INFO] Building jar: d:\MarcoPolo\SVN\CASTOR_trunk\CTR_WEB\web\target\ctrweb-02.01.00-classes.jar
[INFO] [install:install {execution: default-install}]
[INFO] Installing d:\MarcoPolo\SVN\CASTOR_trunk\CTR_WEB\web\target\ctrweb-02.01.00.war to D:\Users\p
[INFO] Installing d:\MarcoPolo\SVN\CASTOR_trunk\CTR_WEB\web\target\ctrweb-02.01.00-classes.jar to D:
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESSFUL
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1 minute 5 seconds
[INFO] Finished at: Thu Jul 17 11:38:19 CEST 2014
[INFO] Final Memory: 42M/142M
[INFO] ------------------------------------------------------------------------
if i open ctrweb-02.01.00.war i can see that all are signed! but i have <exclude>**/*.war</exclude>
i have try to do
mvn jarsigner:sign
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[INFO] Building Castor - Web war
[INFO] task-segment: [jarsigner:sign]
[INFO] ------------------------------------------------------------------------
[INFO] [jarsigner:sign {execution: default-cli}]
[INFO] 8 archive(s) processed
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESSFUL
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3 seconds
[INFO] Finished at: Thu Jul 17 11:48:52 CEST 2014
[INFO] Final Memory: 6M/15M
[INFO] ------------------------------------------------------------------------
and only 8 jars are signed.
i want to have only my jar that are in applet directory to be signed and not jar/war in other directory.
does it possible?
thanks
Upvotes: 2
Views: 4733
Answers (1)
Reputation: 1111
Answered in comments:
i try to create two jar from my project with classifier, one signed and the other one not. And during compilation its always took the non-signed jar and for the copy its use the signed-jar, i think it should work – Mançaux Pierre-Alexandre Jul 17 '14 at 12:24
yes its work! i generate 2 jar, one without classifier and another one with classifier (signed), my jarsigner plugin use tag archive to sign only the jar with classifier signed and during compilation, jar without classifier is used, and the jar with the classifier is copy to the applet webapp directory. so i resolve all my problem! – Mançaux Pierre-Alexandre Jul 17 '14 at 14:14
Upvotes: 1
Related Questions
- Sign a jar file created with maven-assembly plugin
- Maven jarsigner plugin configuration not working
- How to remove signature from dependency jar?
- Jar Signing Strategy in Maven Projects
- How do I force jarsign to sign jarfiles?
- Maven Jarsigning using keystore
- How to pass a custom jar file to maven jarsigner plugin for signing
- sign a Jar file
- Maven jarsigner plugin does not work during release
- Android - Sign application using jarsigner