PQ76313: Application installation changes the case of the manifest of nested jar
 Downloadable files
 
Abstract
Duplicate manifest file created for signed application jar files
 
Download Description
Application deployment tools will ignore the archive entry META-INF/manifest.mf, creating a new entry having the name META-INF/MANIFEST.MF. This will later cause a security exception to be thrown.

(According to the JDK 1.2 documentation, doc guide jar manifest.html, the case of the manifest should be ignored. That is, manifest.mf should be recognized as the manifest of archive. No duplicate MANIFEST.MF entry should be created.)

For example, jars that are signed using the Netscape signing tool 1.3 have a manifest named META-INF/manifest.mf. When deploying the signed application a second entry is created,
META-INF/MANIFEST.MF. Later, a security exception is thrown from the runtime, for example:

java.lang.SecurityException: invalid SHA1 signature file digest for com/in/widgets/q.class
at
sun.security.util.SignatureFileVerifier.verifySection(SignatureFileVerifier.java:321)
at
sun.security.util.SignatureFileVerifier.process(SignatureFileVerifier.java:172)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:239)
at java.util.jar.JarVerifier.update(JarVerifier.java:194)
at java.util.jar.JarFile.initializeVerifier(JarFile.java:251)
at java.util.jar.JarFile.getInputStream(JarFile.java:313)
at
sun.plugin.cache.CachedJarLoader.authenticate(CachedJarLoader.java:504)
at
sun.plugin.cache.CachedJarLoader.access$600(CachedJarLoader.java:53)
at
sun.plugin.cache.CachedJarLoader$5.run(CachedJarLoader.java:338)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin.cache.Cache.privileged(Cache.java:219)
at
sun.plugin.cache.CachedJarLoader.download(CachedJarLoader.java:320)
at
sun.plugin.cache.CachedJarLoader.load(CachedJarLoader.java:128)
at sun.plugin.cache.JarCache.get(JarCache.java:172)
at
sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(CachedJarURLConnection.java:93)
at
sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(CachedJarURLConnection.java:78)
at
sun.misc.URLClassPath$JarLoader.getJarFile(URLClassPath.java:580)
at sun.misc.URLClassPath$JarLoader.<init>(URLClassPath.java:541)
at sun.misc.URLClassPath$3.run(URLClassPath.java:319)
at java.security.AccessController.doPrivileged(Native Method)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:308)
at sun.misc.URLClassPath.getLoader(URLClassPath.java:285)
at sun.misc.URLClassPath.getResource(URLClassPath.java:155)
at java.net.URLClassLoader$1.run(URLClassLoader.java:190)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
at
sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:134)
at
sun.plugin.security.PluginClassLoader.findClass(PluginClassLoader.java:168)
at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
at
sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:114)
at java.lang.ClassLoader.loadClass(ClassLoader.java:255)
at
sun.applet.AppletClassLoader.loadCode(AppletClassLoader.java:501)
at sun.applet.AppletPanel.createApplet(AppletPanel.java:567)
at sun.plugin.AppletViewer.createApplet(AppletViewer.java:1778)
at sun.applet.AppletPanel.runLoader(AppletPanel.java:496)
at sun.applet.AppletPanel.run(AppletPanel.java:293)
at java.lang.Thread.run(Thread.java:536)
 
Prerequisites
Please download the UpdateInstaller below to install this fix.
 
URL LANGUAGE SIZE(Bytes)
UpdateInstaller US English 7000000
 
 
Installation Instructions
Please review the readme.txt for detailed installation instructions.
 
URL LANGUAGE SIZE(Bytes)
Readme US English 5986
 
Download package
What is DD?
Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
PQ76313 - 5.0.0 1/9/2004 US English 15314 FTP DD
PQ76313 - 5.0.1 1/9/2004 US English 15314 FTP DD
PQ76313 - 5.0.2 1/9/2004 US English 16891 FTP DD
PQ76313 - 5.0.2.2 1/9/2004 US English 16918 FTP DD
 
Technical support
1-800-IBM-SERV (U.S. Only)
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers WebSphere Application Server Enterprise General AIX, HP-UX, Linux, Multi-Platform, Solaris, Windows 5.0.0, 5.0.1, 5.0.2, 5.0.2.2 Edition Independent
Application Servers Runtimes for Java Technology Java SDK
Problems (APARS) fixed
PQ76313
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Administrative Console (all non-scripting)
Operating system(s): Windows
Software version: 5.0.2.2
Software edition:
Reference #: 4006190
IBM Group: Software Group
Modified date: Jan 9, 2004