Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes
You need to add the following to pom.xml:
<configuration>
<filters>
<filter>
<artifact>*:*</artifact>
<excludes>
<exclude>META-INF/*.SF</exclude>
<exclude>META-INF/*.DSA</exclude>
<exclude>META-INF/*.RSA</exclude>
</excludes>
</filter>
</filters>
</configuration>
Explanation:
The above configuration filters all files in META-INF ending with .SF, .DSA, and .RSA for all artifacts (*:*) when creating uber-jar file.
The reason java.lang.SecurityException is raised is because some dependency jar files are signed jar files. A jar file is signed by using jarsigner, which creates 2 additional files and places them in META-INF:
- a signature file, with a .SF extension, and
- a signature block file, with a .DSA, .RSA, or .EC extension.
See jarsigner for detailed explanation of JAR Signing and Verification Tool.
Hi
ReplyDeleteThanks so much for this pointer.
However could you say why this needs to be added? It would be very helpful in understanding what exactly is going on in the background when this filter is added.
Thanks
KK
Really thanks for your tip. We are changing some builds from fat-jar to maven-shade and got some builds stopped working. Really thanks.
ReplyDeleteThanks! you save me a lot of time.
ReplyDelete+1. thanks.
ReplyDeleteThanks..
ReplyDeleteVery useful and educative
ReplyDeleteThank you
Thx a lot
ReplyDeleteHi. I'm trying to use this configuration on my project and isn't working. I've pasted this code in every configuration element on my pom.xml file. Can you help me?
ReplyDeleteThanks in advance.
Here the content of my pom.xml file:
http://pastebin.com/XTtBJ8DN
saved my day. Thank you.
ReplyDeleteThanks a lot, saved me! :)
ReplyDeleteThanks! This should be under the configuration phase in the maven-shade-plugin build section.
ReplyDeleteThank you so much!
ReplyDeleteI realise this is an old post... But thought I would ask if you had any other ideas?
ReplyDeleteIn that I have the code you mention here in my POM file and still get the security error when running my application.
(Well not my application - but an example application for a Spark tutorial)
And unhelpfully I am not a Java developer or a user of Maven, either.
I am learning Scala and use SBT for builds.
I don't know if it makes any difference at all - but I am using JDK8 and a Mac to build my app.
I am running standardalone program getting below error. Please advise. Thanks
ReplyDeletejava.lang.SecurityException: Invalid signature file digest for Manifest main attributes
Nothing is there in MANIFEST file
Hey there, I am not sure if it will help you, specifically : But for me I got rid of the security error by ensuring that "Store Temporary Files" was unchecked.
ReplyDeleteThanks for this blog post. When running in a controlled environment, this is a valid workaround.
ReplyDeleteThank you so much. Saved my day.
ReplyDelete