Custom plugin has invalid signature

I'm using Neo4j 4.x, local install. I've written custom procedures in Java, using Maven to assemble the jar file as documented by Neo4j developers. Everything compiled successfully but Neo4j fails to start when the jar file is placed in the plugin directory. The error is "DBMS failed to start: DBMS process terminated, see logs.. Check the logs". In the logs, the relevant line is: "Powershell : Exception in thread "main" java.lang.SecurityException: Invalid signature file digest for Manifest main attributes." My question is, how do I identify and address the file whose signature is not acceptable?

I've changed the config file with these lines:

dbms.security.procedures.unrestricted=*
dbms.security.procedures.whitelist=*

In Maven my pow.xml contains these packages and dependencies required to run the procedures:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>org.neo4j.neo4j_genealogy</groupId>
    <artifactId>org.neo4j.neo4j_genealogy</artifactId>
    <version>0.1</version>
    <packaging>jar</packaging>
    <name>genealogy</name>
    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <maven.compiler.source>16</maven.compiler.source>
        <maven.compiler.target>16</maven.compiler.target>
        <neo4j.version>4.2.6</neo4j.version>
        <junit-jupiter.version>5.7.0</junit-jupiter.version>
        <maven-shade-plugin.version>3.2.4</maven-shade-plugin.version>
        <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
        <assertj.version>3.18.1</assertj.version>
        <!--<maven-surefire-plugin.version>3.1.0</maven-surefire-plugin.version>
        <maven-shade-plugin.version>3.2.4</maven-shade-plugin.version>
        <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
        <assertj.version>3.18.1</assertj.version>
        <maven-surefire-plugin.version>2.22.2</maven-surefire-plugin.version>-->
   </properties>

    <dependencies>
<!--necessary to start neo4j-->
        <dependency>
            <groupId>org.neo4j</groupId>
            <artifactId>neo4j</artifactId>
            <version>4.2.7</version>
        </dependency>
         <dependency>
            <groupId>org.neo4j.driver</groupId>
            <artifactId>neo4j-java-driver</artifactId>
            <version>4.2.5</version>
        </dependency>
 </dependencies>
<build>
    <plugins>
      <!--<plugin>
        <artifactId>maven-compiler-plugin</artifactId>
        <version>${maven-compiler-plugin.version}</version>
      </plugin>
      <plugin>
            <artifactId>maven-surefire-plugin</artifactId>
            <version>${maven-surefire-plugin.version}</version>
      </plugin>-->
      <plugin>
        <!-- This generates a jar-file with our procedure code,
             plus any dependencies marked as `compile` scope.
             This should then be deployed in the `plugins` directory
             of each Neo4j instance in your deployment.
             After a restart, the procedure is available for calling. -->
        <artifactId>maven-shade-plugin</artifactId>
        <version>1.7.1</version>
        <configuration>
          <createDependencyReducedPom>false</createDependencyReducedPom>
          <!--https://stackoverflow.com/questions/25842559/valid-jar-signature-for-javafx-projects-->
          <excludes>META-INF/*.SF,META-INF/*.DSA,META-INF/*.RSA</excludes>
        </configuration>
        <executions>
          <execution>
            <phase>package</phase>
            <goals>
              <goal>shade</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>

Change the neo4j driver and neo4j dependency to <scope>provided</scope>
then shade shouldn't package them into your jar

1 Like