In our code we use signed jars from within the WEB-INF/lib folder. This jar contains the interface and the implementations.
The issue is tracked down to following method:
org.jboss.weld.bean.proxy.ClientProxyProvider.createClientProxy(Bean<T>, Set<Type>)
In this method there is a call of typeInfo.getSuperClass() which returns Object.class in case of an Interface.
So there is no certificate found which is used in java.lang.ClassLoader.compareCerts(Certificate[], Certificate[]) to check the signing information.
// the length must be the same at this point if (certs.length != pcerts.length) return false;
At the end a SecurityException is thrown.
|