Java SecurityException: Subscriber information does not match

In my case, I had a duplicated version of the JAR BouncyCastle in my library path: S

I had a similar exception:

 java.lang.SecurityException: class "org.hamcrest.Matchers" signer information does not match signer information of other classes in the same package 

The root problem was that I turned on the Hamcrest library twice. After using the Maven pom file. And I also added the JUnit 4 library (which also contains the Hamcrest library) to the project build path. I just had to remove JUnit from the build path and everything was fine.

This can happen with cglib-instrumented proxies because CGLIB uses its own subscriber information instead of the subscriber information of the target application class.

• After the access sign: dist \ lib
• Find More .jar
• Using Winrar, you extract for the folder (extract to "folder name")
• Access: META-INF / MANIFEST.MF
• Delete each signature as follows:

Name: net / sf / jasperreports / engine / util / xml / JaxenXPathExecuterFactory.c girl SHA-256 digest: q3B5wW + hLX / + lP2 + L0 / 6wRVXRHq1mISBo1dkixT6Vxc =

• Save file
• Zip again
• Renaime ext to.jar back
• Already

If you run it in Eclipse, check the banks of any projects added to the build path; or do control-shift-T and scan multiple jars corresponding to the same namespace. Then remove the excess or obsolete banks from the project build path.

In my case, it was a package name conflict. There is one common package.foo.utils package in the current project and the signed link library. Just changed the current name of the package, prone to project errors, to something else.

A little too old thread, but since I got stuck on this for a while, here is the fix (I hope this helps someone)

My scenario:

Package Name: com.abc.def. There are 2 jar files that contain classes from this package, say jar1 and jar2, i.e. some classes are present in jar1 and others in jar2. These jar files are signed using the same keystore, but at different build times (i.e., separately). This seems to lead to a different signature for the files in jar1 and jar2.

I put all the files in jar1 and created (and signed) them all together. The problem goes away.

PS: package names and jar file names are examples

This also happens if you include the same file twice with different names or from different places, especially if they are two different versions of the same file.

I could fix it.

Root cause: This is a common problem when using Sun JAXB with signed banks. Essentially, the JAXB implementation tries to avoid reflection by creating a class for direct access to properties without using reflection. Unfortunately, it generates this new class in the same package as the class accessed, where this error comes from.

Resolution: Add the following system property to disable JAXB optimizations that are not compatible with signed banks: -Dcom.sun.xml.bind.v2.bytecode.ClassTailor.noOptimize = true

Link: https://access.redhat.com/site/solutions/42149

Based on @Mohit Phougat's answer, if you use Groovy with @Grab annotations, you can try to override such annotations.

If you added all the jar files from bouncycastle.org (in my case from crypto-159.zip), simply delete those JDK files that are not relevant to you. There are layoffs. You probably only need jdk15on cans.