Hey there, let's get this sorted out! That error pops up because when you shade your JAR with Maven, you're bundling signed third-party dependencies—and their original signature files (like .SF, .DSA, .RSA) don't work properly in the merged JAR. Java's security checker sees these invalid, mismatched signatures and throws the exception.

Here are two reliable fixes to resolve this:

1. Exclude Signature Files in the Shade Plugin (Most Common Fix) #

Update your maven-shade-plugin configuration in pom.xml to filter out all signature-related files. This tells Maven to skip packing those problematic files into your shaded JAR:

<build>
    <plugins>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-shade-plugin</artifactId>
            <version>3.2.4</version> <!-- Use the latest stable version available -->
            <executions>
                <execution>
                    <phase>package</phase>
                    <goals>
                        <goal>shade</goal>
                    </goals>
                    <configuration>
                        <filters>
                            <filter>
                                <artifact>*:*</artifact>
                                <excludes>
                                    <exclude>META-INF/*.SF</exclude>
                                    <exclude>META-INF/*.DSA</exclude>
                                    <exclude>META-INF/*.RSA</exclude>
                                </excludes>
                            </filter>
                        </filters>
                        <!-- Add this if you need an executable JAR (required for your Swing app) -->
                        <transformers>
                            <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
                                <mainClass>com.yourpackage.YourSwingMainClass</mainClass>
                            </transformer>
                        </transformers>
                    </configuration>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

• The filters section targets all artifacts (*:*) and excludes the signature files that cause the security error.
• The transformers block ensures your JAR is executable by setting your Swing app's main class (replace com.yourpackage.YourSwingMainClass with your actual main class path).

2. Handle Signature Files with Transformers (Rare Use Case) #

If you absolutely need to retain some signatures (unlikely for most Swing projects), you can use a transformer to merge manifest sections properly. This is more complex and usually unnecessary—stick with the first fix unless you have a specific reason not to.

Verify the Fix #

Run these commands to rebuild and test your JAR:

mvn clean package
java -jar target/your-shaded-jar-filename.jar

This should resolve the SecurityException and let your Swing application run as expected.

内容的提问来源于stack exchange，提问作者Krish