This happens when classes belonging to the same package are loaded from different JAR files, and those JAR files have signatures signed with different certificates - or, perhaps more often, at least one is signed and one or more others are not (which includes classes loaded from directories since those AFAIK cannot be signed).

当属于同一个包的类从不同的 JAR 文件加载，并且这些 JAR 文件具有使用不同证书签名的签名时，就会发生这种情况 - 或者，可能更常见的是，至少一个已签名而一个或多个未签名（包括加载的类）来自目录，因为那些 AFAIK 无法签名）。

So either make sure all JARs (or at least those which contain classes from the same packages) are signed using the same certificate, or remove the signatures from the manifest of JAR files with overlapping packages.

因此，要么确保所有 JAR（或至少那些包含来自相同包的类）都使用相同的证书进行签名，或者从具有重叠包的 JAR 文件的清单中删除签名。

A simple way around it is just try changing the order of your imported jar files which can be done from (Eclipse). Right click on your package -> Build Path -> Configure build path -> References and Libraries -> Order and Export. Try changing the order of jars which contain signature files.

一个简单的方法是尝试更改导入的 jar 文件的顺序，这可以从（Eclipse）完成。右键单击您的包 -> 构建路径 -> 配置构建路径 -> 引用和库 -> 订购和导出。尝试更改包含签名文件的 jar 的顺序。

This can occur with the cglib-instrumented proxies because CGLIB uses his own signer information instead of the signer information of the application target class.

使用 cglib 检测的代理可能会发生这种情况，因为 CGLIB 使用他自己的签名者信息而不是应用程序目标类的签名者信息。

1. After sign, access: dist\lib
2. Find extra .jar
3. Using Winrar, You extract for a folder (extract to "folder name") option
4. Access: META-INF/MANIFEST.MF
5. Delete each signature like that:

1. 签名后，访问：dist\lib
2. 查找额外的 .jar
3. 使用 Winrar，您可以提取文件夹（提取到“文件夹名称”）选项
4. 访问： META-INF/MANIFEST.MF
5. 像这样删除每个签名：

Name: net/sf/jasperreports/engine/util/xml/JaxenXPathExecuterFactory.c lass SHA-256-Digest: q3B5wW+hLX/+lP2+L0/6wRVXRHq1mISBo1dkixT6Vxc=

名称：net/sf/jasperreports/engine/util/xml/JaxenXPathExecuterFactory.class SHA-256-Digest：q3B5wW+hLX/+lP2+L0/6wRVXRHq1mISBo1dkixT6Vxc=

1. Save the file
2. Zip again
3. Renaime ext to .jar back
4. Already

1. 保存文件
2. 再次压缩
3. 重命名 ext 到 .jar 回来
4. 已经

This also happens if you include one file with different names or from different locations twice, especially if these are two different versions of the same file.

如果您两次包含一个具有不同名称或来自不同位置的文件，也会发生这种情况，尤其是当它们是同一文件的两个不同版本时。

A. If you use maven, an useful way to debug clashing jars is:

A. 如果您使用 maven，调试冲突 jar 的一种有用方法是：

mvn dependency:tree

For example, for an exception:

例如，对于异常：

java.lang.SecurityException: class "javax.servlet.HttpConstraintElement"'s signer information does not match signer information of other classes in the same package

we do:

我们的确是：

mvn dependency:tree|grep servlet

Its output:

它的输出：

[INFO] +- javax.servlet:servlet-api:jar:2.5:compile
[INFO] +- javax.servlet:jstl:jar:1.2:compile
[INFO] |  +- org.eclipse.jetty.orbit:javax.servlet.jsp:jar:2.2.0.v201112011158:compile
[INFO] |  +- org.eclipse.jetty.orbit:javax.servlet.jsp.jstl:jar:1.2.0.v201105211821:compile
[INFO] |  +- org.eclipse.jetty.orbit:javax.servlet:jar:3.0.0.v201112011016:compile
[INFO] +- org.eclipse.jetty:jetty-servlet:jar:9.0.0.RC2:compile

shows clashing servlet-api 2.5 and javax.servlet 3.0.0.x.

显示了 servlet-api 2.5 和 javax.servlet 3.0.0.x 的冲突。

B. Other useful hints (how to debug the security exception and how to exclude maven deps) are at the question at Signer information does not match.

B. 其他有用的提示（如何调试安全异常以及如何排除 maven deps）位于Signer information does not match 的问题。

I could fix it.

我可以解决它。

Root Cause: This is a common issue when using the Sun JAXB implementation with signed jars. Essentially the JAXB implementation is trying to avoid reflection by generating a class to directly access the properties without using reflection. Unfortunately, it generates this new class in the same package as the class being accessed which is where this error comes from.

根本原因：这是使用带有签名 jar 的 Sun JAXB 实现时的常见问题。本质上，JAXB 实现试图通过生成一个类来直接访问属性而不使用反射来避免反射。不幸的是，它在与被访问的类相同的包中生成了这个新类，这就是这个错误的来源。

Resolution: Add the following system property to disable the JAXB optimizations that are not compatible with signed jars: -Dcom.sun.xml.bind.v2.bytecode.ClassTailor.noOptimize=true

解决方案：添加以下系统属性以禁用与签名 jar 不兼容的 JAXB 优化：-Dcom.sun.xml.bind.v2.bytecode.ClassTailor.noOptimize=true

Ref: https://access.redhat.com/site/solutions/42149

参考：https: //access.redhat.com/site/solutions/42149

In my case, I had duplicated JAR version of BouncyCastle in my library path :S

就我而言，我在我的库路径中复制了 BouncyCastle 的 JAR 版本：S

If you're running it in Eclipse, check the jars of any projects added to the build path; or do control-shift-T and scan for multiple jars matching the same namespace. Then remove redundant or outdated jars from the project's build path.

如果您在 Eclipse 中运行它，请检查添加到构建路径的任何项目的 jar；或者执行 control-shift-T 并扫描匹配相同命名空间的多个 jar。然后从项目的构建路径中删除多余或过时的 jar。

Based on @Mohit Phougat response, if you are running a Groovy with @Grab annotations, you could try to re-order such annotations.

根据@Mohit Phougat 的响应，如果您正在运行带有 @Grab 注释的 Groovy，您可以尝试重新排序此类注释。