Java 更新后 Web Start 不工作 Java 8u141 - java.lang.SecurityException:缺少 org/apache/commons/httpclient 的摘要

Java Web Start not working after updating Java 8u141 - java.lang.SecurityException: digest missing for org/apache/commons/httpclient

更新 Java 8u141 后,我的 java Web 启动应用程序,运行 by jnlp 停止工作。不要下载应用程序。并在下面抛出这些异常。有人可以帮助我吗?

com.sun.deploy.net.JARSigningException: Could not verify resource signature: http://www.example.com/myjar.jar
at com.sun.deploy.security.JarVerifier.authenticateJarEntry(Unknown Source)
at com.sun.deploy.security.EnhancedJarVerifier.validate(Unknown Source)
at com.sun.deploy.cache.CacheEntry.processJar(Unknown Source)
at com.sun.deploy.cache.CacheEntry.access00(Unknown Source)
at com.sun.deploy.cache.CacheEntry.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.cache.CacheEntry.writeFileToDisk(Unknown Source)
at com.sun.deploy.cache.CacheEntry.writeFileToDisk(Unknown Source)
at com.sun.deploy.cache.Cache.downloadResourceToTempFile(Unknown Source)
at com.sun.deploy.cache.Cache.downloadResourceToCache(Unknown Source)
at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.javaws.LaunchDownload$DownloadTask.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

其他:

java.lang.SecurityException: digest missing for org/apache/commons/httpclient
at sun.security.util.ManifestEntryVerifier.verify(Unknown Source)
at java.util.jar.JarVerifier.processEntry(Unknown Source)
at java.util.jar.JarVerifier.update(Unknown Source)
at java.util.jar.JarVerifier$VerifierStream.<init>(Unknown Source)
at java.util.jar.JarFile.getInputStream(Unknown Source)
at com.sun.deploy.security.JarVerifier.authenticateJarEntry(Unknown Source)
at com.sun.deploy.security.EnhancedJarVerifier.validate(Unknown Source)
at com.sun.deploy.cache.CacheEntry.processJar(Unknown Source)
at com.sun.deploy.cache.CacheEntry.access00(Unknown Source)
at com.sun.deploy.cache.CacheEntry.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.cache.CacheEntry.writeFileToDisk(Unknown Source)
at com.sun.deploy.cache.CacheEntry.writeFileToDisk(Unknown Source)
at com.sun.deploy.cache.Cache.downloadResourceToTempFile(Unknown Source)
at com.sun.deploy.cache.Cache.downloadResourceToCache(Unknown Source)
at com.sun.deploy.net.DownloadEngine.actionDownload(Unknown Source)
at com.sun.deploy.net.DownloadEngine.downloadResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.javaws.LaunchDownload$DownloadTask.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

我昨天设法解决了同样的问题。这对我有用:

  1. 使用 7-Zip 打开抛出 JARSigningException 的原始未签名 jar。最好先复制 jar 以防出现任何问题。
  2. 打开 META-INF 文件夹并将 MANIFEST.MF 复制到您的 PC 的某处。
  3. 在文本编辑器中打开 MANIFEST.MF 副本。寻找类似 "Name: org/apache/commons/httpclient" 的行。可能有几行这样的内容,具体取决于罐子。此行下方可能还有其他行,如 "Implementation-Vendor:..."、"Specification-Title:..." 等。无论如何,请删除所有 "Name:..." 行以及每个块中的所有后续行。
  4. 保存文件,并用编辑后的版本替换 jar 中现有的 MANIFEST.MF。 7-Zip 允许原位替换 jar 中的文件。
  5. 重新签署 jar 并部署。

似乎当 jars 被签名时,清单中的 "Name:" 行可能会在签名的 类 中间结束,这似乎只是 Java 8u141 但之前明显没问题

我在使用 commons-httpclient-3.1.jar 库时遇到了同样的问题。实际上,我认为这是 web start 中的一个错误,因为它以前有效并且适用于 8u152 抢先体验。我描述的解决方案 !

The issue is observed in signed JAR files whose manifest contains package version information[1] and does not have a trailing "/" in the name of the package (e.g.: Name: org/apache/xml/resolver). While we work towards resolving this issue, in the interim, users can work-around the issue as follows:

NOTE: We recommend use of this workaround only if the distributor of the JAR files can "re-sign" the JAR files.

  1. Extract the contents of the signed JAR file (e.g.: jar xf jar-file ).
  2. Modify META-INF/MANIFEST.MF file and add a trailing “/” to the name of the package ( e.g.: Name: org/apache/xml/resolver/).
  3. Remove the current signature files ( e.g.: rm -f META-INF/.SF META-INF/.RSA META-INF/*.DSA ).
  4. Recreate the JAR file ( e,g.: jar cfm jar-file META-INF/MANIFEST.MF input-file(s) ).

NOTE: You must use the jar utility. Other jar creation tools might re-introduce the issue.

  1. Re-sign the JAR file.

[1] https://docs.oracle.com/javase/8/docs/technotes/guides/versioning/spec/versioning2.html#wp91706

来源: http://www.oracle.com/technetwork/java/javase/8u141-relnotes-3720385.html#KnownIssues

此错误已作为错误 JDK-8184993 的一部分得到解决,修复程序将在 JDK 8u144 的非周期版本中提供,该版本计划于稍后发布7 月 26 日。

问题已在 8u144 中修复,请升级到 8u144 以避免此问题http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html