Birt Runtime maven artifact issue

Question

I want to use Birt Api library im my project so I included rg.eclipse.birt.runtime 4.5 maven dependency into my project

<dependency>
        <groupId>org.eclipse.birt.runtime</groupId>
        <artifactId>org.eclipse.birt.runtime</artifactId>
        <version>4.5.0</version>
        <exclusions>
            <exclusion>
                <groupId>org.eclipse.birt.runtime</groupId>
                <artifactId>org.eclipse.osgi</artifactId>
            </exclusion>
        </exclusions>
    </dependency>
    <dependency>
        <groupId>org.eclipse.tycho</groupId>
        <artifactId>org.eclipse.osgi</artifactId>
        <version>3.10.100.v20150529-1857</version>
    </dependency>

When I want to execute my report I got below stack trace error caused by "org.eclipse.core.runtime.IExtensionRegistry"'s signer information does not match signer information of other classes in the same package. Previously I used the same library Birt Runtime 4.5 but manually downloaded and attached to my project and the report was generated successfully.

org.eclipse.birt.core.exception.BirtException: error.CannotStartupOSGIPlatform
    at org.eclipse.birt.core.framework.Platform.startup(Platform.java:81)
    at org.report.birt.service.BirtApi.getReport(BirtApi.java:33)
    at org.report.birt.endpoint.BirtEndPoint.handleRequest(BirtEndPoint.java:49)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.springframework.ws.server.endpoint.MethodEndpoint.invoke(MethodEndpoint.java:134)
    at org.springframework.ws.server.endpoint.adapter.DefaultMethodEndpointAdapter.invokeInternal(DefaultMethodEndpointAdapter.java:291)
    at org.springframework.ws.server.endpoint.adapter.AbstractMethodEndpointAdapter.invoke(AbstractMethodEndpointAdapter.java:55)
    at org.springframework.ws.server.MessageDispatcher.dispatch(MessageDispatcher.java:236)
    at org.springframework.ws.server.MessageDispatcher.receive(MessageDispatcher.java:176)
    at org.springframework.ws.transport.support.WebServiceMessageReceiverObjectSupport.handleConnection(WebServiceMessageReceiverObjectSupport.java:89)
    at org.springframework.ws.transport.http.WebServiceMessageReceiverHandlerAdapter.handle(WebServiceMessageReceiverHandlerAdapter.java:61)
    at org.springframework.ws.transport.http.MessageDispatcherServlet.doService(MessageDispatcherServlet.java:293)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:961)
    at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:863)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:837)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.SecurityException: class "org.eclipse.core.runtime.IExtensionRegistry"'s signer information does not match signer information of other classes in the same package
    at java.lang.ClassLoader.checkCerts(ClassLoader.java:952)
    at java.lang.ClassLoader.preDefineClass(ClassLoader.java:666)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:794)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
    at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
    at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
    at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:1190)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1681)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559)
    at java.lang.ClassLoader.defineClass1(Native Method)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:800)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
    at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
    at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
    at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:1190)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1681)
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559)
    at org.eclipse.birt.core.framework.jar.ServicePlatform.<init>(ServicePlatform.java:46)
    at org.eclipse.birt.core.framework.jar.ServiceLauncher.startup(ServiceLauncher.java:46)
    at org.eclipse.birt.core.framework.Platform.startup(Platform.java:75)
    ... 35 more

Answer 1

org.eclipse.birt.runtime-4.5.0 available on Maven Central Repository depends on JARs signed with both an old and a new version of Eclipse certificate, but these JARs contains classes from the same package (in this case org.eclipse.core.runtime). When loading classes from both JARs, the JVM throws such SecurityException because of this signature inconsistency.

For instance this can be put into evidence with org.eclipse.equinox.common-3.6.200.v20130402-1505.jar and org.eclipse.equinox.registry-3.6.0.v20150318-1503.jar, both dependencies of org.eclipse.birt.runtime-4.5.0 containing classes in org.eclipse.core.runtime package. Versions available on the Central Maven Repository are signed with different certificates, as shown by jarsigner -verify -verbose -certs xxx.jar:

//org.eclipse.equinox.common-3.6.200.v20130402-1505.jar
[entry was signed on 09/04/13 15:24]
X.509, CN="Eclipse.org Foundation, Inc.", OU=IT, O="Eclipse.org Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA

//org.eclipse.equinox.registry-3.6.0.v20150318-1503.jar
[entry was signed on 18/03/15 18:14]
X.509, CN="Eclipse Foundation, Inc.", OU=IT, O="Eclipse Foundation, Inc.", L=Ottawa, ST=Ontario, C=CA

Hence the SecurityException when trying to load classes from both JARs. You can:

• Use version 4.6.0-20160607 with Maven instead
• Manually download and attach version 4.5.0 from the official website which is packaged with JARs signed with a recent certificate version

Side note: Problem can be reproduced by creating a Maven project with the following dependency:

    <dependency>
        <groupId>org.eclipse.birt.runtime</groupId>
        <artifactId>org.eclipse.birt.runtime</artifactId>
        <version>4.5.0</version>
        <exclusions>
            <exclusion>
                <groupId>org.eclipse.birt.runtime</groupId>
                <artifactId>org.eclipse.osgi</artifactId>
            </exclusion>
        </exclusions>
    </dependency>

And running a code which will load classes contained in JARs signed with different certificates such as the one cited above, for example:

Class.forName("org.eclipse.core.runtime.Assert").getResource("Assert.class");
Class.forName("org.eclipse.core.runtime.IExtensionRegistry").getResource("IExtensionRegistry.class");

will result in a similar SecurityException when using version 4.5.0 but not with version 4.6.0-20160607.

Another note: There is a similar issue with version 4.2.0 M7.

Answer 2

I have got 2 solutions. Please check

First:

Use dependency version 4.5.0a instead of 4.5

<dependency>
<groupId>org.eclipse.birt.runtime</groupId>
<artifactId>org.eclipse.birt.runtime</artifactId>
<version>4.5.0a</version>
</dependency>

Resource Link: https://communities.opentext.com/forums/discussion/comment/217265/#Comment_217265

Second:

Full tutorial is given by step by step here:

http://wiki.eclipse.org/BirtPOJO_Viewer_WebSphere_Deployment