| Bug #68801 | java webstart mysql-connector-java lib calls -bin library | ||
|---|---|---|---|
| Submitted: | 28 Mar 2013 12:57 | Modified: | 15 Apr 2013 6:27 |
| Reporter: | Bart Vandercammen | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | Connector / J | Severity: | S3 (Non-critical) |
| Version: | 5.1.24 | OS: | Any |
| Assigned to: | Alexander Soklakov | CPU Architecture: | Any |
[28 Mar 2013 13:13]
Bart Vandercammen
The attached war file deploys and offers http://localhost:8080/webstarttest/webstart/launch.jnlp to start the application.
[28 Mar 2013 13:14]
Bart Vandercammen
the executed class
Attachment: ConnectMySQL.java (application/octet-stream, text), 851 bytes.
[29 Mar 2013 9:28]
Alexander Soklakov
Hi Bart, What is the nature of mysql-connector-java-5.1.24.jar you mentioned? Our official jar has name mysql-connector-java-5.1.24-bin.jar. My only suggestion is that you just renamed mysql-connector-java-5.1.24-bin.jar without changing META-INF/INDEX.LIST which contains "mysql-connector-java-5.1.24-bin.jar" name. See JAR File Specification http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html: " INDEX.LIST This file is generated by the new "-i" option of the jar tool, which contains location information for packages defined in an application or extension. It is part of the JarIndex implementation and used by class loaders to speed up their class loading process." So classloader could try to load different jar if META-INF is broken.
[29 Mar 2013 9:49]
Bart Vandercammen
I'm getting the library from maven, I don't change the name. It's called like that in the repository http://search.maven.org/#search%7Cga%7C1%7Ca%3A%22mysql-connector-java%22 Should I file it elsewhere ?
[29 Mar 2013 10:12]
Alexander Soklakov
Can you try this download http://dev.mysql.com/downloads/connector/j/ or maybe just rename driver you have to "mysql-connector-java-5.1.24-bin.jar" and use it instead mysql-connector-java-5.1.24.jar? Please, confirm if it solves your problem. I tried your link and see that META-INF is really containing "mysql-connector-java-5.1.24-bin.jar" name, so we must fix maven packaging. But I'd like to be sure that it is a cause of this exact problem.
[29 Mar 2013 12:38]
Bart Vandercammen
I renamed the library delivered from maven to mysql-connector-java-5.1.24-bin.jar and it works. Thanks. I guess a renamed maven lib will be available soon ? Bart
[29 Mar 2013 13:34]
Alexander Soklakov
Thanks Bart, We'll try to fix it for next release.
[10 Apr 2013 16:02]
Todd Farmer
Hi Bart, I don't see justification for this being flagged as a security defect, and I've removed that flag. I'm leaving the bug flagged as private, in case you feel contents of the bug report are confidential. If there is reason for flagging this as a security defect (other than to expedite a fix), please let us know and we can adjust accordingly. Thanks again for your bug report.
[11 Apr 2013 19:07]
Bugs System
Added changelog entry for 5.1.24: The 5.1.24 MySQL Connector/J driver available for download from the maven.org repository contains an incorrectly named JAR file. The JAR file available from the the maven.org repository is named "mysql-connector-java-5.1.24.jar". The correct JAR file name is "mysql-connector-java-5.1.24-bin.jar". The workaround is to rename the JAR file to the correct name (mysql-connector-java-5.1.24-bin.jar) or download the MySQL Connector/J driver from "http://dev.mysql.com/downloads/connector/j/".
[12 Apr 2013 12:42]
Bart Vandercammen
I flagged it as a security defect because of the hidden web traffic, but I can live with the removal of it. For the Maven solution : Will the artifactId be 'mysql-connector-java' and the version '5.1.24-bin' (with -bin) ? I'm not a maven expert but I think that the version is expected behind. I expect similar behavior with my webstart library versioning.
[12 Apr 2013 14:02]
Bugs System
Revised *5.1.25* change log entry to: The "mysql-connector-java-5.1.24.jar" prepared for maven.org contained the artifact, META-INF/INDEX.LIST, which incorrectly pointed to "mysql-connector-java-5.1.24-bin.jar". For Connector/J 5.1.25, "META-INF/INDEX.LIST" has been corrected and now points to "mysql-connector-java-5.1.25.jar". The work around for "mysql-connector-java-5.1.24.jar" prepared for maven.org is to rename the JAR file to ""mysql-connector-java-5.1.24-bin.jar" or to download the MySQL Connector/J 5.1.24 driver from "http://dev.mysql.com/downloads/connector/j/". Please advise if changelog entry requires further revision. Thank you.
[15 Apr 2013 6:17]
Bart Vandercammen
Setting comments public.
[15 Apr 2013 6:27]
Bart Vandercammen
Could somebody set this bug public ? I have to refer to it and I can't find how to do it. Thanks in advance, Bart
Description: I have a java webstart project using mysql-connector-java-5.1.24.jar . When installing I can see in the traffic to the server that webstart gets the mysql-connector-java-5.1.24.jar. But when the application uses the driver, when getting the connection to the DB, suddenly webstart is calling the server for another library, mysql-connector-java-5.1.24-bin.jar (-bin is added) which of course is not available and thus returns a 404 answer. When I change the version to 5.1.13, the same happens , mysql-connector-java-5.1.13-bin.jar is called, the version changes also. And it is called several times, depending on the java version. java6 +- 20 times, java7 +- 30 times. And apparently the extra library is not needed because my application works as expected. It's just very annoying that it generates so much errors and takes all that unnecessarily network traffic. I get this on jboss 4.0.5 and tomcat 7. How to repeat: Create a webstart project with just 1 dependency mysql-connector-java-5.1.24.jar. Create a lib with 1 main class (connectmysql.ConnectMySQL.java) that creates a connection: Class.forName("com.mysql.jdbc.Driver"); DriverManager.getConnection("jdbc:mysql://localhost:3306/myDB", "user", "password"); Don't mind the DB, it reproduces with and without. Jnlp looks like this: <?xml version="1.0" encoding="UTF-8"?> <jnlp spec="1.0+" codebase="http://localhost:8080/webstart/webstart/" href="launch.jnlp"> <information> <title>mytitle</title> <vendor>myvendor</vendor> <offline-allowed/> </information> <security><all-permissions/></security> <resources> <j2se version="1.6+" href="http://java.sun.com/products/autodl/j2se"/> <jar href="standalone.jar" main="true"/> <jar href="mysql-connector-java-5.1.24.jar"/> </resources> <application-desc main-class="connectmysql.ConnectMySQL"/> </jnlp> create the war, deploy , start server and browse to the jnlp to start the application. Observe the acces log/ httpmonitor. Webstart will get the standalone.jar and the mysql-connector-java-5.1.24.jar and when the connection is created webstart calls a number of times mysql-connector-java-5.1.24-bin.jar 20 or more times.It doesn't exist , so they all get a 404 error. An example from the jboss acces log, I get 30 lines like this, each returning an error: 127.0.0.1 - - [19/Mar/2013:10:45:42 +0100] "GET /webstart/mysql-connector-java-5.1.12-bin.jar HTTP/1.1" 404 952