Valid JAR signature for JavaFX projects

Question

I\'ve been working through various recipes to produce a runnable JAR file for a JavaFX project using a Maven POM. Each of these Stackoverflow questions des

Answer 1

After a lot of research I found a solution that works for my project using JavaFX, Maven and NetBeans.

I'm working on a simple REST client that uses jersey and moxy to decode JSON. After adding the dependency jersey-media-moxy application reports the error of invalid signature.

I found that this depends on the presence of the signature file ECLIPSE_.RSA and ECLIPSE_.SF inside the META-INF for some libraries. In my case were the org.eclipse.persistence.moxy-2.5.0.jar, org.eclipse.persistence.antlr-2.5.0.jar, org.eclipse.persistence.asm-2.5.0.jar and org.eclipse.persistence.core-2.5.0.jar

The pom.xml in Netbeans that you indicated running two separate step. The first invoke maven-dependency-plugin that expands all the external jar. The second use exec-maven-plugin that call javafxpackager to create the final jar file e finally run it.

By performing the two steps in sequence signature in org.eclipse libraries are placed in the META-INF of the final jar file and this generates the error on the signature.

My solution is add an intermediate step between the execution of the maven-dependency-plugin and exec-maven-plugin. In this step I'm going to delete all signature file inside the directory

${project.build.directory}/classes

To do this I used a plugin maven-antrun-plugin

<plugin>
    <artifactId>maven-antrun-plugin</artifactId>
    <version>1.8</version>
    <executions>
         <execution>
              <phase>package</phase>
              <goals>
                   <goal>run</goal>
              </goals>
              <configuration>
                   <target>
                       <delete>
                           <fileset dir="${project.build.directory}/classes" includes="**/META-INF/*.DSA"/>
                           <fileset dir="${project.build.directory}/classes" includes="**/META-INF/*.RSA"/>
                           <fileset dir="${project.build.directory}/classes" includes="**/META-INF/*.SF"/>
                    </delete>
                </target>
            </configuration>
        </execution>
    </executions>
</plugin>

Answer 2

I had a very similar problem; when I included a signed JAR (bouncycastle) in the project. Its signature was repackaged verbatim, resulting in an obvious SecurityException:

java.lang.SecurityException: Invalid signature file digest for Manifest main attributes

Filtering of all sorts failed; the solution that works for me looks like this in the pom.xml:

<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-dependency-plugin</artifactId>
  <version>2.8</version>
  <executions>
    <execution>
      <id>unpack-dependencies</id>
      <phase>package</phase>
      <goals>
        <goal>unpack-dependencies</goal>
      </goals>
      <configuration>
        <excludes>META-INF/*.SF,META-INF/*.DSA,META-INF/*.RSA</excludes>
        ...
      </configuration>
    </execution>
  </executions>
</plugin>

I omitted some lines after the new one with the "excludes" pattern. This single line was the solution for me - I include the other lines so you can see the placement. (I had trouble with many other postings which omitted the context of a tag, so I try to save others this trouble).

Hope that helps others with the same problem.