Sté*_*cel 43 java jpa eclipselink jpa-2.2
运行由maven构建的具有以下依赖项的项目时:
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>javax.persistence</artifactId>
<version>2.2.0</version>
</dependency>
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>eclipselink</artifactId>
<version>2.7.0</version>
</dependency>
我在运行时收到以下错误:
java.lang.SecurityException: class "javax.persistence.Cacheable"'s signer information does not match signer information of other classes in the same package
javax.persistence-2.2.0工件已签名并包含javax.persistence.Cacheable.class注释,而eclipselink-2.7.0工件未签名且包含相同的java类注释.
怎么解决这个问题?
编辑
用版本2.1.1替换javax.persistence artifact 2.2.0版修复了问题(这个没有签名),但我不确定这是正常情况.
Geo*_*ins 37
谢谢Stéphane - 问题末尾的编辑帮助我"修复"了同样的问题.对于其他人来说也是如此 - 这是一个扩展的答案.这就是你需要"修复"pom中的东西(直到Eclipse正确修复):
<!-- See https://stackoverflow.com/q/45870753 -->
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>eclipselink</artifactId>
<version>2.7.0</version>
<exclusions>
<exclusion>
<groupId>org.eclipse.persistence</groupId>
<artifactId>javax.persistence</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>javax.persistence</artifactId>
<version>2.1.1</version>
</dependency>
这会拉入eclipselink但排除javax.persistence它试图引入的依赖关系并将其替换为javax.persistence没有签名问题的早期版本.
除此之外:在原始问题中显示的pom片段中明确地引入了javax.persistence版本2.2.0,尽管已经是一个传递依赖eclipselink.
摘要 - eclipselink工件依赖于javax.persistence并且都包含包中的类javax.persistence.然而,javax.persistence罐子是签名而eclipselink一个不是.因此,当从jar中的包javax.persistence中加载一个类时,Java运行时会抱怨eclipselink它缺少签名与已经从javax.persistencejar中的同一个包加载的类不匹配.
详细信息 - 如果我在java.util.concurrent.ConcurrentHashMap.putIfAbsent(K, V)条件中放置断点,"javax.persistence".equals(arg0)那么我看到它javax.persistence映射到以下CodeSource值:
(file:/Users/georgehawkins/.m2/repository/org/eclipse/persistence/javax.persistence/2.2.0/javax.persistence-2.2.0.jar [
[
Version: V3
Subject: CN="Eclipse Foundation, Inc.", OU=IT, O="Eclipse Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
...
即javax.persistence-2.2.0.jar由Eclipse Foundation签名并包含包中的类javax.persistence.当我的应用程序的某些部分(实际上是Spring逻辑中的某些东西)试图加载时,这个jar被拉入javax.persistence.EntityManagerFactory.
如果我然后在行java.lang.ClassLoader.checkCerts(String, CodeSource)上放置一个断点,throw new SecurityException那么当传入时它会看到它击中这一行CodeSource:
(file:/Users/georgehawkins/.m2/repository/org/eclipse/persistence/eclipselink/2.7.0/eclipselink-2.7.0.jar <no signer certificates>)
即eclipselink-2.7.0.jar包含在javax.persistence包中的类但它是无符号的,因此发生冲突导致SecurityException被抛出.当某些东西(也是Spring逻辑中的深层)试图加载时会发生这种情况javax.persistence.PersistenceUtil.
如果我看一下输出,mvn dependency:tree我看到这种不匹配似乎已经归结为eclipselink它 - 它本身就在拉动org.eclipse.persistence:javax.persistence:jar:2.2.0.也就是说,它与其他一些依赖不是冲突:
[INFO] | \- org.eclipse.persistence:eclipselink:jar:2.7.0:compile
[INFO] | +- org.eclipse.persistence:javax.persistence:jar:2.2.0:compile
[INFO] | +- org.eclipse.persistence:commonj.sdo:jar:2.1.1:compile
[INFO] | +- javax.validation:validation-api:jar:1.1.0.Final:compile
[INFO] | \- org.glassfish:javax.json:jar:1.0.4:compile
我现在已经在bugs.eclipse.org上记录了这个 - 请参阅错误525457.
Obi*_*alu 20
要解决此问题,请在maven pom文件中为EclipseLink 2.7.x添加正确的JPA 2.2兼容依赖项,如下所示:
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>org.eclipse.persistence.jpa</artifactId>
<version>2.7.1</version>
</dependency>
| 归档时间: |
|
| 查看次数: |
10530 次 |
| 最近记录: |