Invalid Signature file digest - Maven solution

Are you getting this exception ?

Error: A JNI error has occurred, please check your installation and try againException in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes 
at sun.security.util.SignatureFileVerifier.processImpl(SignatureFileVerifier.java:284) 
at sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:238) at java.util.jar.JarVerifier.processEntry(JarVerifier.java:273) 
at java.util.jar.JarVerifier.update(JarVerifier.java:228) 
at java.util.jar.JarFile.initializeVerifier(JarFile.java:383)

If you a mere mortal like I am and have got this SecurityException after adding a maven repository read on. The most basic cause of such a exception is some dependency define in pom.xml is pulling in jars which are singed. After building your application unzip the final jar that gets created for your application.
In my case its GitFx-1.0-SNAPSHOT.jar. Unzip GitFx-1.0-SNAPSHOT.jar or do a jar -xvf GitFx-1.0-SNAPSHOT.jar. Inspect the META_INF folder. You will find .RSA,.SF or .DSApresent under META_INF. This is signed information. The best way to explain why one gets the exception at runtime is “Some of your dependencies are likely signed jarfiles. When you combine them all into one big jarfile, the corresponding signatures are no longer valid so the runtime halts.” - StackOverflow Answer[1]
Solution to fix this with maven-dependency-plugin. Small snippet of code in my pom.xml.


                org.apache.maven.plugins
                maven-dependency-plugin
                2.6
                
                    
                        unpack-dependencies
                        package
                        
                            unpack-dependencies
                        
                        
                            system
                            META-INF/*.SF
                            META-INF/*.DSA
                            META-INF/*.RSA
                            junit,org.mockito,org.hamcrest
                            ${project.build.directory}/classes
                        
                    
                
            

上面的配置又会报错,中级配置如下
No configuration setting found for key 'akka.remote.log-received-messages'

           
                org.apache.maven.plugins
                maven-shade-plugin
                
                    
                        package
                        
                            shade
                        
                    
                
                
                    
                        
                            *:*
                            
                                META-INF/*.SF
                                META-INF/*.DSA
                                META-INF/*.RSA
                            
                        
                    
                    
                        
                        org.apache.spark.asyspark.core.Main
                        
                        
                            reference.conf
                        
                    


                
            

Line # 15,16 and 17 is where we prevent the signed information from going into our final consolidated jar file.Some more information about the plugins configuration can be found here[2]
Hope this helps :)
References:
Stack OverFlow
Apache Maven - Unpacking Specific Artifacts

你可能感兴趣的:(Invalid Signature file digest - Maven solution)