[SPIGOT-221] Remove the global package seal from the Spigot jar Created: 16/Dec/14  Updated: 28/May/15  Resolved: 28/May/15

Status: Resolved
Project: Spigot
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Minor
Reporter: Arne Assignee: md_5
Resolution: Fixed Votes: 1
Labels: Craftbukkit, spigot


 Description   

When trying to use Hibernate ORM in a plugin I ran into a java.lang.SecurityException. I have found out that this is caused by a global package seal in the Spigot.jar, specifically the line "sealed: true" in MANIFEST.MF.

The global seal should not be necessary as there are seals for all bukkit packages.

I have found an old ticket at bukkit.atlassian.net that describes the same problem, but (from what I have seen) it has simply been ignored.

https://bukkit.atlassian.net/browse/BUKKIT-4554

 Comments   
Comment by Gareth Coles [ 26/Feb/15 ]

As an aside, the JPA 1.x dependency provided by Ebean causes problems when trying to use JavaX annotations with stuff like Hibernate, which provides a JPA 2.x implementation.

I've been talking to the Ebean people about this. You can see the discussion here: https://github.com/ebean-orm/avaje-ebeanorm/issues/251

EDIT: md-5 responded to that ticket. Remapping ahoy?

Comment by Gareth Coles [ 23/Feb/15 ]

Having the same problem here, haven't discovered a way to exclude javax from the JAR using Gradle's ShadowJar plugin.

buildscript {
    repositories { jcenter() }
    dependencies {
        classpath 'com.github.jengelman.gradle.plugins:shadow:1.2.0'
    }
}

plugins {
    id 'java'
    id 'findbugs'
    id 'com.github.johnrengelman.shadow' version '1.2.0'
}

tasks.withType(FindBugs) {
    reports {
        xml.enabled = false
        html.enabled = true
    }
 }

sourceCompatibility = 1.7
version = '1.0'

repositories {
    mavenCentral()

    maven {
        url "http://repo.bukkit.org/content/groups/public/"
        name "Bukkit"
    }

    maven {
        url "http://nexus.theyeticave.net/content/repositories/pub_releases"
        name "Vault"
    }

    maven {
        url "https://hub.spigotmc.org/nexus/content/groups/public/"
        name "Spigot"
    }

    maven {
        url "http://maven.sk89q.com/artifactory/repo/"
        name "sk89q"
    }
}

dependencies {
    testCompile group: 'junit', name: 'junit', version: '4.11'
    compile "org.bukkit:bukkit:1.7.9-R0.2"
    compile "net.milkbowl.vault:VaultAPI:1.5"
    compile "com.sk89q.worldedit:worldedit-bukkit:6.0.1"
    compile "mysql:mysql-connector-java:5.1.34"
    compile "com.google.code.findbugs:findbugs:3.0.0"
    compile "org.hibernate:hibernate-core:4.3.8.Final"
    compile "org.hibernate:hibernate-proxool:4.3.8.Final"
    compile "org.hsqldb:hsqldb:2.3.2"
}

jar {
    from sourceSets.main.java
}

shadowJar {
    from sourceSets.main.java

    dependencies {
        exclude(dependency("net.milkbowl.vault:VaultAPI:1.5"))
        exclude(dependency("org.bukkit:bukkit:1.7.9-R0.2"))
        exclude(dependency("com.sk89q.worldedit:worldedit-bukkit:6.0.1"))
        exclude(dependency("javax.*:.*:.*"))
    }
}
Comment by Arne [ 16/Dec/14 ]

I have never used Maven shade and I am not completely sure about what you mean by "delete javax from your plugin"
but I got it to work by adding this to my pom.xml. I have no idea if I did this correctly!

			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-shade-plugin</artifactId>
				<version>2.3</version>
				<executions>
					<execution>
						<phase>package</phase>
						<goals>
							<goal>shade</goal>
						</goals>
						<configuration>
							<artifactSet>
								<includes>
									<include>javax.persistence:persistence</include>
								</includes>
							</artifactSet>
							<relocations>
								<relocation>
									<pattern>javax.persistence</pattern>
									<shadedPattern>some.other.package</shadedPattern>
								</relocation>
							</relocations>
							<minimizeJar>true</minimizeJar>
						</configuration>
					</execution>
				</executions>
			</plugin>

This seems to produce a jar that I can use with spigot/craftbukkit, at least I got past the java.lang.SecurityException.

Comment by md_5 [ 16/Dec/14 ]

Interesting. It does make sense to be removed, however what happens if you use maven shade or whatever to delete javax from your plugin jar - it shouldn't be needed since Bukkit already has it.

Comment by SpigotMC [ 16/Dec/14 ]

Your build is not the latest and therefor may be the reason you are having this issue. Spigot is 4 version(s) behind. CraftBukkit is 12 version(s) behind. This message was automatically generated and is not guaranteed to be a solution to your issue.

Generated at Mon Apr 07 22:29:16 UTC 2025 using Jira 10.3.3#10030003-sha1:d220e3fefc8dfc6d47f522d3b9a20c1455e12b7b.