"java.lang.SecurityException: class x.y.z.SomeClass's signer information does not match signer information of other classes in the same package" error from JBoss EAP 5.x

Solution Verified - Updated -

Issue

  • When starting up the EAP we see the following exception
        WARN  [ClassLoaderManager] Unexpected error during load of:x.y.z.SomeClassjava.lang.SecurityException: class "x.y.z.SomeClass"'s signer information does not match signer information of other classes in the same package
         at java.lang.ClassLoader.checkCerts(ClassLoader.java:776)
         at java.lang.ClassLoader.preDefineClass(ClassLoader.java:488)
         at java.lang.ClassLoader.defineClass(ClassLoader.java:615)

Example Error

java.lang.SecurityException: class "javax.servlet.FilterRegistration"'s signer information does not match signer information of other classes in the same package
at java.lang.ClassLoader.checkCerts(ClassLoader.java:952)
    at java.lang.ClassLoader.preDefineClass(ClassLoader.java:666)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:794)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
    at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
    at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
    at org.eclipse.jetty.servlet.ServletContextHandler.<init>(ServletContextHandler.java:136)
    at org.eclipse.jetty.servlet.ServletContextHandler.<init>(ServletContextHandler.java:116)
    at org.apache.camel.component.jetty.JettyHttpComponent.createServletForConnector(JettyHttpComponent.java:921)
  • We observe this error intermittently, the jar file is signed correctly, there is no duplicated .jar / .class file, and it only happens sometimes (randomly) after the restart of EAP.
  • This error is also observed while running using camel-jetty endpoint as a HTTP Cosumer the java.lang.SecurityException: class "javax.servlet.FilterRegistration"'s signer information does not match signer information of other classes in the same package occurs.
  • When starting JBoss with the monitoring software Riverbed problems arise with signed jar files. Is it possible to JBoss EAP 5.1.0 version without getting signed jar files or we may delete the certificates manually without our support to lose?

Environment

  • JBoss Enterprise Application Platform (EAP)
    • 5.x
  • JBoss SOA Platform (SOA-P)
    • 5.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content